Default gateway for RAS

[Guest]

I have a 192.168.1.0 LAN with 192.168.1.1 as default gateway. It is a single
subnet. I added a VPN server with 2 nics. The intranet nic is 192.169.1.10
and the Internet nic is 200.200.200.200. This server is a WSUS server as
well. It needs to access to Internet to download the Windows update.

I followed the RAS wizards to setup VPN configuration. According to the MS
instruction. I ignored the default gateway setting on the intranet nic. I put
the ADSL model IP as default gateway on the Internet nic.

In this case I can logon to this VPN server from home. However I couldn't
access Internet from this server. I can't ping and browse the Internet even
if the dns names were resolved. If I add 192.168.1.1 as default gateway on
the intranet nic and remove the default gateway setting from the Internet
nic, I can browse internet from this server, but I couldn't logon this VPN
server from home.

I tried on both W2k and w2k3 server, same problem.

How can I make both access working? What did I do wrong?

Thanks for your help

 

[Robert L [MVP - Networking]]

Go back to the Microsoft setting and you should not assign default gateway to the Internal NIC.

Posting the routing table with the internet NIC as default gateway may help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
I have a 192.168.1.0 LAN with 192.168.1.1 as default gateway. It is a single
subnet. I added a VPN server with 2 nics. The intranet nic is 192.169.1.10
and the Internet nic is 200.200.200.200. This server is a WSUS server as
well. It needs to access to Internet to download the Windows update.

I followed the RAS wizards to setup VPN configuration. According to the MS
instruction. I ignored the default gateway setting on the intranet nic. I put
the ADSL model IP as default gateway on the Internet nic.

In this case I can logon to this VPN server from home. However I couldn't
access Internet from this server. I can't ping and browse the Internet even
if the dns names were resolved. If I add 192.168.1.1 as default gateway on
the intranet nic and remove the default gateway setting from the Internet
nic, I can browse internet from this server, but I couldn't logon this VPN
server from home.

I tried on both W2k and w2k3 server, same problem.

How can I make both access working? What did I do wrong?

Thanks for your help

 

[Robert L [MVP - Networking]]

Do route print >c:\routing.txt command. Copy the routing.txt here.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Hi, Robert

Thanks for the reply.

That is what I meant. I leave the default gateway on intranet nic blank. The
only default gateway is the internet/external nic which is the address of the
modem.

In this case, VPN has no problem. But the point is, I couldn't access
Internet on this VPN server. I think the net access requests are sent to the
LAN nic and it couldn't find its default gateway because it wasn't defined.

How can I tell the internet access go to the external nic which has default
gateway defined? I didn't set any static routing. Is it the reason? How to
add a static route? Can I have an instruction with details?

LAN nic: 192.168.1.10; Internet nic: 200.200.200.202. Reserve IP range for
VPN: 192.168.1.8 - 15.

Below is my current routing table. Hope it helps.

Thanks,

Yuggie

IPv4 Route Table
=====================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x10003 ...00 04 76 d5 e6 3e ...... 3Com 3C996B Gigabit Server NIC
0x10004 ...00 40 c7 77 4c 55 ...... Realtek RTL8139 Family PCI Fast Ethernet
NIC

=====================================================
=====================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 200.200.200.201 200.200.200.202 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.10 192.168.1.10 1
192.168.1.10 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.1.8 255.255.255.255 127.0.0.1 127.0.0.1 50
192.168.1.255 255.255.255.255 192.168.1.10 192.168.1.10 1
200.200.200.200 255.255.255.248 200.200.200.202 200.200.200.202 1
200.200.200.202 255.255.255.255 127.0.0.1 127.0.0.1 1
202.200.200.255 255.255.255.255 200.200.200.202 200.200.200.202 1
224.0.0.0 240.0.0.0 192.168.1.10 192.168.1.10 1
224.0.0.0 240.0.0.0 200.200.200.202 200.200.200.202 1
255.255.255.255 255.255.255.255 192.168.1.10 192.168.1.10 1
255.255.255.255 255.255.255.255 200.200.200.202 200.200.200.202 1
Default Gateway: 200.200.200.201
=====================================================
Persistent Routes:
None

 

[Kurt]

According to the routing table, you have your own computer listed as the
default gateway:

Network Destination Netmask Gateway Interface
200.200.200.200 255.255.255.248 200.200.200.202 200.200.200.202

The gateway should be 200.200.200.201, right?

If this is not a typo on your part, it may be a route generated by RRAS.
If, indeed your TCP/IP settings page specifies 200.200.200.201 as the
default gateway, try manually deleting the route and re-adding it as:

route delete 0.0.0.0
route add 0.0.0.0 mask 0.0.0.0 200.200.200.201

and see if you can access the Internet.

Post results back here..

....kurt

 

[Robert L [MVP - Networking]]

Sorry, I didn't read the routing table. Try Kurt suggestion first.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Do route print >c:\routing.txt command. Copy the routing.txt here.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Hi, Robert

Thanks for the reply.

That is what I meant. I leave the default gateway on intranet nic blank. The
only default gateway is the internet/external nic which is the address of the
modem.

In this case, VPN has no problem. But the point is, I couldn't access
Internet on this VPN server. I think the net access requests are sent to the
LAN nic and it couldn't find its default gateway because it wasn't defined.

How can I tell the internet access go to the external nic which has default
gateway defined? I didn't set any static routing. Is it the reason? How to
add a static route? Can I have an instruction with details?

LAN nic: 192.168.1.10; Internet nic: 200.200.200.202. Reserve IP range for
VPN: 192.168.1.8 - 15.

Below is my current routing table. Hope it helps.

Thanks,

Yuggie

IPv4 Route Table
=====================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x10003 ...00 04 76 d5 e6 3e ...... 3Com 3C996B Gigabit Server NIC
0x10004 ...00 40 c7 77 4c 55 ...... Realtek RTL8139 Family PCI Fast Ethernet
NIC

=====================================================
=====================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 200.200.200.201 200.200.200.202 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.10 192.168.1.10 1
192.168.1.10 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.1.8 255.255.255.255 127.0.0.1 127.0.0.1 50
192.168.1.255 255.255.255.255 192.168.1.10 192.168.1.10 1
200.200.200.200 255.255.255.248 200.200.200.202 200.200.200.202 1
200.200.200.202 255.255.255.255 127.0.0.1 127.0.0.1 1
202.200.200.255 255.255.255.255 200.200.200.202 200.200.200.202 1
224.0.0.0 240.0.0.0 192.168.1.10 192.168.1.10 1
224.0.0.0 240.0.0.0 200.200.200.202 200.200.200.202 1
255.255.255.255 255.255.255.255 192.168.1.10 192.168.1.10 1
255.255.255.255 255.255.255.255 200.200.200.202 200.200.200.202 1
Default Gateway: 200.200.200.201
=====================================================
Persistent Routes:
None

 

[Guest]

Hi, Kurt and Robert

You are right. 200.200.200.201 is the IP of the modem/gateway.

The default gateway was set on the External nic's properties so we can see
the correct gateway on the first line of the table. (the 0.0.0.0 line).
However, there is another line in the middle telling the default gateway is
202 - the external nic address. That was added by the RRAS wizard.

I followed your instruction and deleted the input of 0.0.0.0 and add the
correct settings. But it didn't change anything. I then route deleted the
line 200.200.200.202. I restart the RAS service but I couldn't remove this
line. I route add the correct setting then it show two settings in the table:

Network Destination Netmask Gateway Interface
200.200.200.200 255.255.255.248 200.200.200.202 200.200.200.202
200.200.200.200 255.255.255.248 200.200.200.201 200.200.200.202

How can I correct the route table? It seems the "0.0.0.0" line can be
removed but the 200.200.200.202 couldn't be removed

Thanks,

Yuggie
+++++++++++

 

[Kurt]

Active Routes:
Sorry, I must have been having a bout of dyslexia! Your default gateway
is ok. So the problem must be somewhere else. what happens
when you try to ping an Internet address by it's IP instead of it's name.

C:\>ping 72.14.207.99


What is the result of a tracert?

C:\>tracert 72.14.207.99

 

[Guest]

Hi, Kurt

I couldn't ping and tracert.

Pinging 72.14.207.99 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 72.14.207.99:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

tracert has no response. I set this up by following the RAS wizard in
Win2003 server. It seems it lose itself. I can browse to an intranet page but
not the page on the LAN gateway (192.168.1.1). Any idea?

Thanks,

Yuggie

+++++++++++

 

[Kurt]

Hi, Kurt

I couldn't ping and tracert.

Pinging 72.14.207.99 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 72.14.207.99:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

tracert has no response. I set this up by following the RAS wizard in
Win2003 server. It seems it lose itself. I can browse to an intranet page but
not the page on the LAN gateway (192.168.1.1). Any idea?

Thanks,

Yuggie

+++++++++++

OK, Could you shoot an "ipconfig /all" and a "route print" both with and
without the RRAS enabled. I am assuming that without RRAS enabled you
can get to the Internet through the 200.200.200.201 gateway.

....kurt

 

[Guest]

Hi, Kurt

Below is the results of ipconfig and route print when RRAS was turned on and
off. I indicate the diferrence on the right.

When I turned it off, IE works immediately.

Thanks,

Yujie

+++++++++++++++++++++++++++++++++++++++



With RRAS Active


C:\>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : vpnsrv
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes <<<<<<<<Difference
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : domain.com
com

PPP adapter RAS Server (Dial In) Interface: <<<<<<<<Difference

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
<<<<<<<<Difference
Physical Address. . . . . . . . . : 00-53-45-00-00-00
<<<<<<<<Difference
DHCP Enabled. . . . . . . . . . . : No
<<<<<<<<Difference
IP Address. . . . . . . . . . . . : 192.168.1.8
<<<<<<<<Difference
Subnet Mask . . . . . . . . . . . : 255.255.255.255
<<<<<<<<Difference
Default Gateway . . . . . . . . . :

Ethernet adapter LAN:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com 3C996B Gigabit Server NIC
Physical Address. . . . . . . . . : 00-04-76-D5-E6-3E
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.2
203.87.88.1
203.87.88.2
Primary WINS Server . . . . . . . : 192.168.1.2

Ethernet adapter External:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast
Ethernet
NIC
Physical Address. . . . . . . . . : 00-40-C7-77-4C-55
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 200.200.200.202
Subnet Mask . . . . . . . . . . . : 255.255.255.248
Default Gateway . . . . . . . . . : 200.200.200.201
DNS Servers . . . . . . . . . . . : 203.87.88.1
NetBIOS over Tcpip. . . . . . . . : Disabled


C:\>route print

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x10003 ...00 04 76 d5 e6 3e ...... 3Com 3C996B Gigabit Server NIC
0x10004 ...00 40 c7 77 4c 55 ...... Realtek RTL8139 Family PCI Fast Ethernet
NIC

===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 200.200.200.201 200.200.200.202 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.10 192.168.1.10 1
192.168.1.10 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.1.8 255.255.255.255 127.0.0.1 127.0.0.1
50 <<<<<<<<Difference
192.168.1.255 255.255.255.255 192.168.1.10 192.168.1.10 1
200.200.200.200 255.255.255.248 200.200.200.202 200.200.200.202 1
200.200.200.202 255.255.255.255 127.0.0.1 127.0.0.1 1
202.161.117.255 255.255.255.255 200.200.200.202 200.200.200.202 1
224.0.0.0 240.0.0.0 192.168.1.10 192.168.1.10 1
224.0.0.0 240.0.0.0 200.200.200.202 200.200.200.202 1
255.255.255.255 255.255.255.255 192.168.1.10 192.168.1.10 1
255.255.255.255 255.255.255.255 200.200.200.202 200.200.200.202 1
Default Gateway: 200.200.200.201
===========================================================================
Persistent Routes:
None

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Without RRAS


C:\>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : vpnsrv
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : domain.com
com

Ethernet adapter LAN:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com 3C996B Gigabit Server NIC
Physical Address. . . . . . . . . : 00-04-76-D5-E6-3E
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.2
203.87.88.1
203.87.88.2
Primary WINS Server . . . . . . . : 192.168.1.2

Ethernet adapter External:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast
Ethernet
NIC
Physical Address. . . . . . . . . : 00-40-C7-77-4C-55
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 200.200.200.202
Subnet Mask . . . . . . . . . . . : 255.255.255.248
Default Gateway . . . . . . . . . : 200.200.200.201
DNS Servers . . . . . . . . . . . : 203.87.88.1
NetBIOS over Tcpip. . . . . . . . : Disabled

C:\>route print

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 04 76 d5 e6 3e ...... 3Com 3C996B Gigabit Server NIC
0x10004 ...00 40 c7 77 4c 55 ...... Realtek RTL8139 Family PCI Fast Ethernet
NIC

===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 200.200.200.201 200.200.200.202 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.10 192.168.1.10 1
192.168.1.10 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.1.255 255.255.255.255 192.168.1.10 192.168.1.10 1
200.200.200.200 255.255.255.248 200.200.200.202 200.200.200.202 1
200.200.200.202 255.255.255.255 127.0.0.1 127.0.0.1 1
202.161.117.255 255.255.255.255 200.200.200.202 200.200.200.202 1
224.0.0.0 240.0.0.0 192.168.1.10 192.168.1.10 1
224.0.0.0 240.0.0.0 200.200.200.202 200.200.200.202 1
255.255.255.255 255.255.255.255 192.168.1.10 192.168.1.10 1
255.255.255.255 255.255.255.255 200.200.200.202 200.200.200.202 1
Default Gateway: 200.200.200.201
===========================================================================
Persistent Routes:
None

+++++++++++++++++++++++++++++++++++++++

 

[Kurt]

Hi, since 200.200.200.200/29 is not a legitimate private network, I am
assuming that your addresses on that network are actual outside Internet
addresses. That being the case, if your Internet NIC has an outside IP
address, then the default gateway you need to be using is your ISP's gateway,
not your modem's outside IP address.

Yes. I am assuming that 200.200.200.201 is the gateway provided by your ISP.

....kurt