Connecting two remote LANs through a VPN connection RRS feed

  • General discussion

  • 1)    I am trying to interconnect two LANs as you see below.

    2)    The scenario is to interconnecting two LANs with a single domain “domain.local in order to have two domain controllers backing up each other. We already have a Domain Controller “SRVDC1.domain.local” in our local network “LAN1” and another Server which is going to be as both our secondary domain controller and VPN ServerSRVDC3.domain.local” in our remote network “LAN2” where is the Netelligent Network. I am trying to make these two servers (our two LANs) visible to each other by a MikroTik Cloud Router Switch solution.

    3)    I am using a MikroTik Router as a PPTP Client to VPN to our Remote Server SRVDC3 (

    4)    All the computers in LAN1, including Server SRVDC1, have a gateway set on “” which is a Asus WiFi Router as a core switch which is connected to our Fiber Optic Translator. <o:p></o:p>

    5)    To prevent and minimize any down-time risk during the configuration, I have isolated one computer “table2pc5.domain.local” as sample of the whole network; by changing its gateway set to (the Ether3-Slave-Lacal-interface on the MikroTikRouter). I am going to replace the “Asus WiFi Router” shown in the map, by the MikroTik Router later, after making sure that everything would work properly, so, everything is going to be naturalized after.

    6)    My solution simply can be explained as below:

    a.    Providing another interface in addition to “Netelligent Network” adapter.

    b.    To assign a LAN-based IP (in network range to the added adapter (Microsoft Virtual Adapter)

    c.    Configuring SRVDC3 in Netelligent network “LAN2” as a Remote Access Server (VPN Server).

    d.    To provide a MikroTik Router/Firewall on the Edge of the LAN1 as VPN Client.

    e.    Configure MikroTik Router VPN PPTP connection to SRVDC3 via the Internet.

    f.      To have two LANs connected through a permanent VPN connection.

    7)    IP Addresses for the three EDGE-Devices (SRVDC1 ßàMikroTik Router ßàSRVDC3) are as below:

    a.    SRVDC1:

                           Interface:           Local Area Connection

                       IP Address: 

                          Gateway:           (Asus WiFi Router)

          DHCP Server Pool:  – (exclusions 10.1-10.50 , 10.50-10.99 , 10.200-10.254)

    b.    MikroTikRouter:

                           Interface:           Local IP                                   IP Address:

                           Interface:           Ether1-gateway-master          IP Address:

                           Interface:           Ether2-master-local                IP Address:

                           Interface:           ether3-slave-local                   IP Address:

          DHCP Server Pool:  –

    c.    SRVDC3:

                           Interface:           Netelligent Network                 IP Address: Gateway:

                           Interface:           Microsoft Network Adapter      IP Address: Gateway:

                           Interface:           PPP Adapter RAS                   IP Address:                       gateway:

    8)    The node “table7pc2.domain.local” is not able to see<o:p></o:p>

    Now, I would ask you to help me to realise this solution by helping me to find the Bad-Routing problem, and letting me know how to fix it.

    What NAT / Rout Paths or any configuration do I need to make this two LANs visible and recognizable to each other?

    I would introduce you critical nodes which play important roles in this configuration. I have tried to colour-mark them in order to have a better recognition once you take a look at the “Ping Result” table. The “Ping Result” table would give you an idea which nodes are able to see which others and where does problem hide itself?

    • Edited by Saffa Seraj Friday, November 22, 2013 10:08 PM
    Friday, November 22, 2013 10:04 PM

All replies

  • Hi

    Can you use simple firewall or router that support a Site-to-Site Tunnel ? In that case both site network are getting routed and know by both gear.

    So, when the tunnel is up, both LAN will be visible, and you can apply rule after.

    The diagram is too small for me to see it, but it seem to me the problem is the microtek router, as you got 2 private LAN adress into it, so it will double-NAT somewhere.

    Regards, Philippe

    Saturday, November 30, 2013 3:56 AM
  • I got my own answer :D

    1) I have to right-click on my "Routing and Remote Access" Server.

    2) on IPv4 tab, I should define a static IP Pool. I had it done before; but since that I had chosen a wide range as, every time the router was taking a different IP address; so I should define a very small pool with two 2 nodes as and In this way, I'll have the local address (router) as and the remote address (my remote server) as

    3) After establishment of the PPTP connection successfully, I should add an static route to the "Netelligent Network" adapter. I had it done but in the RRAS routes, so that's why it didn't work. so:

    C:\SRVDC3>_ route -p add mask [Enter]

    Now, I would be able to ping all of the computers whose their gateways are set on 192.168.10 (router)

    and If I wand to see all of the computers  at the first LAN, I have to put my router at the edge of the network, instead of the ASUS WiFi Router, then change it's IP address to or alternatively set all of the computers gateways on


    Friday, December 27, 2013 9:25 PM
  • Hey Philippe,

    Thank you so much Philippe; just in case, you would be able to see the diagram better if you right click on it and save it. ;-)

    take care.

    Friday, December 27, 2013 9:28 PM