[VPN] Cannot ping across the subnet...

Exo Wa exo_wa at yahoo.com
Wed Nov 10 23:35:00 EST 2004


Hi,

I have one NT domain on one subnet sitting behind a
Netscreen 25 Firewall. Recently, our DHCP server
appears to be running out of the ip distribution; so i
decided to  create a new scope on a different network
by using the common gateway and dns. Clients in this
new subnet can get to the Internet as well as logging
into the same domain with no problem.

My scenario:
Ethernet 3=Untrust

Ethernet 1=Trust
Current IP range:192.168.1.0   Gateway: 10.1.1.1
NEW IP range: 192.168.2.0      Gateway: 10.1.1.1

Note: because clients on both 192.168.1.0 and
192.168.2.0 use the same gateway and dns, they both
can get to the Internet just find. The .2 CAN even
ping the .1, however, the .1 clients cannot ping the
.2

To try to resolve this issue, I am assuming i have to
route it but i am not quite sure how and where to do
it. Should i do it on the NT domain server or in the
Netscreen 25 Firewall. 

I tried to add virtual route in the Netscreen, but i
couldn't get it to work. Do i have to create policy
for this as well?

Can someone shed some light on this?

Thank you so much in advance.

-Exo


		
__________________________________ 
Do you Yahoo!? 
Check out the new Yahoo! Front Page. 
www.yahoo.com 
 




More information about the VPN mailing list