Routing needed?

Unanswered Question
Jul 14th, 2008
User Badges:


Using SDM, I have managed to create a vpn server. Connecting users are assigned IP addresses from the range

All my other computers are located in VLAN4 and have IP addresses in the range of

I would like the VPN users to access all data in the network.

Now for my question: I tried pinging a server in the .0.0 network, and it actually replied. I then tried to establish a connection with the windows share located on that server which failed (with no useful error message).

Now I am wondering: Am I missing something? Will I need to enable routing for these two networks?

Thanks in advance :)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dhananjoy chowdhury Mon, 07/14/2008 - 09:18
User Badges:
  • Silver, 250 points or more


Do you have the proper access-lists for allowing the traffic ?

thomaslinder Mon, 07/14/2008 - 11:00
User Badges:


I just checked the access lists but couldn't find an error.

What really startles me is, that I can perfectly ping the server but when I try to access the share Windows cannot do it.

Correct me if I'm wrong, but shouldn't a ping (ICMP packet) be blocked as well if it was an access list issue?

Giuseppe Larosa Mon, 07/14/2008 - 13:10
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Thomas,

Windows networking is often broadcast based.

You should need an ip helper-address command on the interface where the PC stays so that the router is instructed to send the request to the server (I think it should be your vlan4)

Hope to help


Giuseppe Larosa Mon, 07/14/2008 - 13:12
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello thomas,

just a little correction the command should be added on the interface with ip 192.168.3.x

hope to help


thomaslinder Mon, 07/14/2008 - 20:30
User Badges:

Hi Giuseppe, thank you for your reply.

I cannot perform your solution as I have no interface for the vpn users. There exists only a pool of IP adresses which are assigned to users dialing in. So basically there is only the outside interface with our public IP address and the internal Vlan where most of our users are.

Did I forget something when configuring the device? Would I need to add ip helper-address to the outside interface (sounds odd to me)?




This Discussion