Hi Henning,

sorry for the delay....

As you decided I've changed the setup as follows:

PPTP2                    LAN2
x.x.3.0/24 <-- IPSEC --> x.x.2.0/24
on both sides for the moment..

Now two tunnels exists only for the above definition.
But the errors are the same.
I can't get a response from the client when the source
is the lan2. Vice versa it will work.
What I don't understand is, why can I get any response from
the pptp2 server (x.x.3.254) address, but not the clients!

regards
Claude

Henning Wangerin wrote:

 > On Sat, 2006-01-21 at 14:34, Hecker, Claude wrote:
 >
 >> Diagram!
 >>
 >
 >   x.x.3.0/24                            x.x.0.0/24
 >
 >> Pptp1                     pptp2
 >>  |                       |
 >> M0n01   <--- IPSEC TUNNEL ---> M0n02
 >>  |                       |
 >> Lan1                     lan2
 >
 >
 >   x.x.1.0/24                              x.x.2.0/24
 >
 >
 >> Tunneld are all together 192.168.0.0/22
 >
 >
 >
 > What are setup as remote/local subnet on the tunnel(s)
 >
 >
 >> Means all networks from 192.168.0.0 to 192.168.3.255
 >> Only one tunnel exsists!
 >
 >
 >
 > You have a routing problem, as .3.0 and .1.0 colide with .0.0 and .2.0
 >
 >
 >> I think that's not the problem!
 >
 >
 >
 > I do.
 >
 >
 >> You can get access from pptp1 to lan2 but not vice versa,
 >> because there are errors on interface ng1!
 >
 >
 >
 > Sounds strange to me.
 >
 >
 >> But you can get acces from lan1 to pptp1.
 >
 >
 >
 > That's local to a single box. Might give another routing descision.
 >
 >
 >> The described errors are the same on the other side between pptp2 
and lan1.
 >
 >
 >
 > I'm working on deploying a couple of monowalls, where I allocate a /22
 > or even a /21 network to each location, so I can setup the tunnels in
 > the mesh as requeired, and _newer_ allocating any routable adresses
 > outside their main subnets.
 >