Hello!
I want to implement an RRAS VPN server with off-subnet addresses assigned to the VPN clients.
My problem is that I can ping the VPN clients from the LAN, but I can't ping LAN resources from the VPN Clients.
Here is my setup and how I configured it:
LAN: 192.168.1.0/24
DGW: 192.168.1.254
VPN Client network: 10.41.80.0/21
RRAS server: Single NIC: 192.168.1.6
I configured the RRAS server with VPN and Router roles.
I have created a Static address pool on the RRAS server for the VPN clients 10.41.80.1 - 10.41.87.254
I have disabled all ports, only IKEv2 is used by RAS/Routing; the rest is "Used by none".
On my LAN router (192.168.1.254) I have added one static route: routed the destination network 10.41.80.0/21 to the RRAS server IP 192.168.1.6.
On my LAN router I've allowed the icmp communication between the two network in both directions.
At this point the communication initiated from my LAN to the VPN clients staerted to work, but not the other way.
I can't figure out what am I missing.
Thank you for your input!
