Problem after VPN connection: two ip addresses appear for the same machine.

[Ken]

I'm trying to setup a VPN in my office server and encountered some
problems. We have one windows 2000 server which also serves as a
domain controller with a fixed ip address (192.168.1.8). This server
can access the internet without problem through the firewall. We have
about 10 workstations each has a fixed ip address. The DNS server for
each of the workstation has the domain controller (192.168.1.8) as the
preferred dns server, then the ip address of the dns server for
internet service as the alternate dns server (209.53.4.120). I was
trying to configure Routing and remote access in our W2K server (with
the wizard) to use VPN. In the internet connection screen in the
wizard, I selected 'no internet connection'. In the IP address
assignment screen, I selected 'automatically' and no radius server.

At home, I configured the Win XP pro to connect to the office server.
However, every time after I had made a successful connection to the
office from home via VPN; if I looked at the DNS screen, I saw that in
the forward lookup screen, my domain controller actually got two ip
addresses, i.e. the 192.168.1.8 (original fixed ip) and one extra ip
address (e.g.192.168.1.125) assigned to it. I was then not able to
connect to the internet in the server computer (also the domain
controller). Also, all other workstations had problem printing to a
network printer and no longer able to ping the server.


I'm pretty inexperienced in network administration and your help is
greatly appreciated.

 

[Robert L [MS-MVP]]

It is not recommended to enable RRAS on a DC, otherwise, you may have a connectivity issue. One option is reconfigure the DC to block PPTP register on the DNS and WINS. this link may help,
Name resulotion on VPN
Connection issues on DC, ISA, DNS and WINS server as VPN server How to assign
DNS and WINS on VPN client manually Name resolution Issue in a VPN client ...
www.chicagotech.net/nameresolutionpnvpn.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com

I'm trying to setup a VPN in my office server and encountered some
problems. We have one windows 2000 server which also serves as a
domain controller with a fixed ip address (192.168.1.8). This server
can access the internet without problem through the firewall. We have
about 10 workstations each has a fixed ip address. The DNS server for
each of the workstation has the domain controller (192.168.1.8) as the
preferred dns server, then the ip address of the dns server for
internet service as the alternate dns server (209.53.4.120). I was
trying to configure Routing and remote access in our W2K server (with
the wizard) to use VPN. In the internet connection screen in the
wizard, I selected 'no internet connection'. In the IP address
assignment screen, I selected 'automatically' and no radius server.

At home, I configured the Win XP pro to connect to the office server.
However, every time after I had made a successful connection to the
office from home via VPN; if I looked at the DNS screen, I saw that in
the forward lookup screen, my domain controller actually got two ip
addresses, i.e. the 192.168.1.8 (original fixed ip) and one extra ip
address (e.g.192.168.1.125) assigned to it. I was then not able to
connect to the internet in the server computer (also the domain
controller). Also, all other workstations had problem printing to a
network printer and no longer able to ping the server.


I'm pretty inexperienced in network administration and your help is
greatly appreciated.

 

[Bill Grant]

1. You should not have the clients configured with a public DNS address as
secondary. They should use your local DNS server only. This local DNS server
should be set up to forward to a public DNS service to resolve public names.

2. The additional IP on your server is because you have made it a remote
access server. This extra IP is the server end of your VPN connections. This
is one of the main resons why using a DC/DNS server for remote access is not
recommended. KB 292822 discusses this problem.