RRAS Problem

G

Guest

Scenerio:
I have a co worker that is now working from home. We set up her computer on
the domain and configured it locally. I want to be able to have access to
her computer (Remote desktop, connect to \\computername\C$, etc.) so that we
can't maintain it with updates, etc. We are using Windows 2k3 server
configured with RRAS (PPTP) and IAS for policies. RRAS is configured to use
DHCP.

Problem:
Client computer can VPN and connect to all servers and any other nodes on
network, but local lan computers cannot connect to client (ping, RDP, etc.).
Therefore, I can't manage her computer from work. If I look at her ipconfig,
it show subnet mask of 255.255.255.255 instead of 255.255.252.0 which all our
LAN DHCP computers receive. Is this why I can't connect to her computer?

Thanks in advance for any help!
 
R

Robert L [MVP - Networking]

The subnet 255.255.255.255 for VPN client is by design. The problem could be the Windows firewall blocking the traffic.

tcp/ip settings for vpnWhy does my VPN server or client PPP adapter have 169.x.x.x IP Why my XP VPN client's subnet mask is 255.255.255.255 Why my XP VPN client's IP is the same ...
www.chicagotech.net/vpntcpipsettings.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Scenerio:
I have a co worker that is now working from home. We set up her computer on
the domain and configured it locally. I want to be able to have access to
her computer (Remote desktop, connect to \\computername\C$, etc.) so that we
can't maintain it with updates, etc. We are using Windows 2k3 server
configured with RRAS (PPTP) and IAS for policies. RRAS is configured to use
DHCP.

Problem:
Client computer can VPN and connect to all servers and any other nodes on
network, but local lan computers cannot connect to client (ping, RDP, etc.).
Therefore, I can't manage her computer from work. If I look at her ipconfig,
it show subnet mask of 255.255.255.255 instead of 255.255.252.0 which all our
LAN DHCP computers receive. Is this why I can't connect to her computer?

Thanks in advance for any help!
 
R

Robert L [MVP - Networking]

You can run Gpresult.exe to check which policy apply to the computer.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Thanks for the reply. I have group policy controlling the windows firewall,
and since her computer is a domain member, it should be receiving the policy
right? Any other ideas you can think of?
 
K

Kurt

Phil said:
Scenerio:
I have a co worker that is now working from home. We set up her computer on
the domain and configured it locally. I want to be able to have access to
her computer (Remote desktop, connect to \\computername\C$, etc.) so that we
can't maintain it with updates, etc. We are using Windows 2k3 server
configured with RRAS (PPTP) and IAS for policies. RRAS is configured to use
DHCP.

Problem:
Client computer can VPN and connect to all servers and any other nodes on
network, but local lan computers cannot connect to client (ping, RDP, etc.).
Therefore, I can't manage her computer from work. If I look at her ipconfig,
it show subnet mask of 255.255.255.255 instead of 255.255.252.0 which all our
LAN DHCP computers receive. Is this why I can't connect to her computer?

Thanks in advance for any help!
Click to expand...

The default PPTP VPN is a "client-to-network" configuration. It connects
the PPTP client to the network by allowing the PPTP server to proxy
information for it. The server accepts packets from the client and then
puts them out onto the local network using it's own MAC address. When a
package arrives using the client's IP address but the server's MAC
address, the server knows to forward those packets to the client. But
it's a one-way deal, much like NAT. You CAN make it work, but it
involves a PPTP VPN in both directions and is a pain to maintain. Buy
her a router and a matching one for yourself. Take a look at the Secure
Computing SG300 (about $200 street price) and set up an IPSec VPN.
You'll need a public IP address on both ends and at least one end must
be static. Then a little creative routing will have you talking between
LANS bi-directionally.

....kurt
 
G

Guest

hi
you can add this route in your computer that is used to manage client's
computer
route add <IP address1> mask <255.255.255.255> <ip address2> -p
where
ip address1 is > ip address that assign to vpn clint by vpn server
ip address2 is > ip address of vpn server's virtual interface (ip address
of the INTERNAL interface under IP ROUTING - GENERAL in rras snap-in)

good luck

mahmoud
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

L2TP IPSec error 789 & 792 0
Change IP Pool in RRAS 13
RRAS, DNS, NAT, and Web Browsing 3
VPN connects, Unable to ping anything but the VPN server 7
RRAS as VPN Server Configuration Questions... 8
RRAS / DHCP and DNS issue 2
XP VPN DNS problem 5
Number of NICS for RRAS 5

Top