Vista / W2K8 -- Outgoing VPN blocks RDP/LAN connection ?

Discussion in 'Windows Networking' started by x13, May 8, 2009.

  1. x13

    x13 Guest

    Hello all.

    Strangest problem...

    Recently installed a new Windows 2008 server. When any user opens a(n
    ms) VPN connection to an external site, the routing gets messed up.
    The user's RDP session gets cut-off, but the VPN session stays up. No
    one can RDP to the server as long the VPN connection is up. Vista
    users have the same problem also but not XP...

    If that happens, the I have to go on the server console using a
    network KVM, and kill the VPN connection manually. Then normal network
    traffic resumes. Terminal Server problem?...

    I captured both servers' routing tables before and after a VPN
    connection.

    Platform apart, the only noticeable differences between the old and
    new servers are:

    T100 (new server) : 1 NIC, 172.25.0.90 /16
    T102 (old server) : 2 bridged NICs, 172.25.0.88 /16

    Both servers use:
    Gateway: 172.25.4.1
    DNS & WINS: 172.25.0.100, 172.25.0.104 (both AD domain controllers)

    New server = T100 (Windows 2008 Standard x64)
    Old server = T102 (Windows 2003 Standard R2 SP2)
    DMZ = 192.168.2.0 /24 & 192.168.3.0 /24

    ROUTING TABLES

    PS: Before and after routing works

    RDP BEFORE EXTERNAL VPN CONNECTION (T102):

    IPv4 Route Table
    ===========================================================================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x2 ...54 1e eb 83 3b 0c ...... Check Point Virtual Network Adapter
    For SSL Network Extender
    0x10004 ...02 11 43 fd 84 f9 ...... MAC Bridge Miniport
    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface
    Metric
    0.0.0.0 0.0.0.0 172.25.4.1 172.25.0.88
    10
    127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
    172.25.0.0 255.255.0.0 172.25.0.88 172.25.0.88
    10
    172.25.0.88 255.255.255.255 127.0.0.1 127.0.0.1 10
    172.25.255.255 255.255.255.255 172.25.0.88 172.25.0.88
    10
    192.168.2.0 255.255.255.0 172.25.4.1 172.25.0.88
    1
    192.168.3.0 255.255.255.0 172.25.4.1 172.25.0.88
    1
    192.168.10.0 255.255.255.0 172.25.4.1 172.25.0.88
    1
    224.0.0.0 240.0.0.0 172.25.0.88 172.25.0.88
    10
    255.255.255.255 255.255.255.255 172.25.0.88 172.25.0.88
    1
    255.255.255.255 255.255.255.255 172.25.0.88 2 1
    Default Gateway:
    172.25.4.1 ** correct def
    route to GW
    ===========================================================================
    Persistent Routes:
    None

    RDP AFTER EXTERNAL VPN CONNECTION (T102):

    IPv4 Route Table
    ===========================================================================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x2 ...54 1e eb 83 3b 0c ...... Check Point Virtual Network Adapter
    For SSL Network Extender
    0x10004 ...02 11 43 fd 84 f9 ...... MAC Bridge Miniport
    0x20005 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface
    Metric
    0.0.0.0 0.0.0.0 172.25.4.1 172.25.0.88
    11
    0.0.0.0 0.0.0.0 172.26.25.35 172.26.25.25
    1 ** ext VPN target
    127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
    172.25.0.0 255.255.0.0 172.25.0.88 172.25.0.88
    10
    172.25.0.88 255.255.255.255 127.0.0.1 127.0.0.1 10
    172.25.255.255 255.255.255.255 172.25.0.88 172.25.0.88
    10
    172.26.25.25 255.255.255.255 127.0.0.1 127.0.0.1 50
    ** ext VPN target
    172.26.255.255 255.255.255.255 172.26.25.25 172.26.25.25
    50 ** ext VPN target
    192.168.2.0 255.255.255.0 172.25.4.1 172.25.0.88
    1
    192.168.3.0 255.255.255.0 172.25.4.1 172.25.0.88
    1
    192.168.10.0 255.255.255.0 172.25.4.1172.25.0.88 1
    (target VPN IP) 255.255.255.255 172.25.4.1 172.25.0.88
    10
    224.0.0.0 240.0.0.0 172.25.0.88 172.25.0.88
    10
    224.0.0.0 240.0.0.0 172.26.25.25 172.26.25.25
    1 ** ext VPN target
    255.255.255.255 255.255.255.255 172.25.0.88 172.25.0.88
    1
    255.255.255.255 255.255.255.255 172.26.25.25 172.26.25.25
    1 ** ext VPN target
    255.255.255.255 255.255.255.255 172.26.25.25 2 1 ** ext
    VPN target

    Default Gateway: 172.26.25.35
    ===========================================================================
    Persistent Routes:
    None

    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

    PS: After routing DOESN'T work

    RDP BEVORE EXTERNAL VPN CONNECTION (T100):

    ===========================================================================
    Interface List
    10 ...00 22 19 57 e7 06 ...... Broadcom BCM5708C NetXtreme II GigE
    (NDIS VBD Client)
    1 ........................... Software Loopback Interface 1
    14 ...00 00 00 00 00 00 00 e0 isatap.{CEC4501E-
    C5D3-4759-9D25-2F86AE9AEC59}
    12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface
    Metric
    0.0.0.0 0.0.0.0 172.25.4.1 172.25.0.90
    266
    127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
    127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
    127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    172.25.0.0 255.255.0.0 On-link 172.25.0.90 266
    172.25.0.90 255.255.255.255 On-link 172.25.0.90 266
    172.25.255.255 255.255.255.255 On-link 172.25.0.90 266
    224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
    224.0.0.0 240.0.0.0 On-link 172.25.0.90 266
    255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    255.255.255.255 255.255.255.255 On-link 172.25.0.90 266
    ===========================================================================
    Persistent Routes:
    Network Address Netmask Gateway Address Metric
    0.0.0.0 0.0.0.0 172.25.4.1
    Default ** correct gw IP
    ===========================================================================

    IPv6 Route Table
    ===========================================================================
    Active Routes:
    If Metric Network Destination Gateway
    1 306 ::1/128 On-link
    1 306 ff00::/8 On-link
    ===========================================================================
    Persistent Routes:
    None

    PS: I don't know why IPv6 is reported: it's disabled

    RDP AFTER EXTERNAL VPN CONNECTION (T100):

    ===========================================================================
    Interface List
    18 ........................... (ext VPN target)
    10 ...00 22 19 57 e7 06 ...... Broadcom BCM5708C NetXtreme II GigE
    (NDIS VBD Client)
    1 ........................... Software Loopback Interface 1
    14 ...00 00 00 00 00 00 00 e0 isatap.{CEC4501E-
    C5D3-4759-9D25-2F86AE9AEC59}
    12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
    19 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface
    Metric
    0.0.0.0 0.0.0.0 172.25.4.1 172.25.0.90
    4491
    0.0.0.0 0.0.0.0 On-link 172.26.25.16
    11 ** ext VPN target
    127.0.0.0 255.0.0.0 On-link 127.0.0.1
    4531
    127.0.0.1 255.255.255.255 On-link 127.0.0.1
    4531
    127.255.255.255 255.255.255.255 On-link 127.0.0.1
    4531
    172.25.0.0 255.255.0.0 On-link 172.25.0.90
    4491
    172.25.0.90 255.255.255.255 On-link 172.25.0.90
    4491
    172.25.255.255 255.255.255.255 On-link 172.25.0.90
    4491
    172.26.25.16 255.255.255.255 On-link 172.26.25.16
    266 ** ext VPN target
    (target VPN IP) 255.255.255.255 172.25.4.1 172.25.0.90
    4236
    224.0.0.0 240.0.0.0 On-link 127.0.0.1
    4531
    224.0.0.0 240.0.0.0 On-link 172.25.0.90
    4492
    224.0.0.0 240.0.0.0 On-link 172.26.25.16
    11 ** ext VPN target
    255.255.255.255 255.255.255.255 On-link 127.0.0.1
    4531
    255.255.255.255 255.255.255.255 On-link 172.25.0.90
    4491
    255.255.255.255 255.255.255.255 On-link 172.26.25.16
    266 ** ext VPN target
    ===========================================================================
    Persistent Routes:
    Network Address Netmask Gateway Address Metric
    0.0.0.0 0.0.0.0 172.25.4.1 Default
    ===========================================================================

    IPv6 Route Table
    ===========================================================================
    Active Routes:
    If Metric Network Destination Gateway
    1 306 ::1/128 On-link
    1 306 ff00::/8 On-link
    ===========================================================================
    Persistent Routes:
    None

    PS: I don't know why IPv6 is reported: it's disabled

    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

    This problem affects Windows Server 2008 and Vista (32 and 64-bits)

    I installed SP2 on T100 but problem still exists...
    Could it be a problem related to NAP policy defaults? (although we
    have no NAP servers installed)

    If anyone know of a KB or workaround that fixes this, I would be VERY
    grateful!
    Email is a spam decoy, please reply in thread.

    Thanks!
    ==
    M.T.
     
    x13, May 8, 2009
    #1
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. CJT

    Re: Slow LAN connection

    CJT, Jul 4, 2003, in forum: Windows Networking
    Replies:
    2
    Views:
    5,873
    Bob Hatcher
    Jul 11, 2003
  2. Stef

    Help: connectin wireless lan to wired lan

    Stef, Jan 15, 2005, in forum: Windows Networking
    Replies:
    1
    Views:
    246
  3. Replies:
    1
    Views:
    162
  4. QD Steve

    lan to wan with a vpn

    QD Steve, Sep 13, 2005, in forum: Windows Networking
    Replies:
    4
    Views:
    513
    QD Steve
    Sep 15, 2005
  5. Bosshog
    Replies:
    3
    Views:
    1,070
    Bosshog
    Sep 28, 2005
Loading...

Share This Page