rras VPN browsing issues

[Guest]

Hi,
I have a windows 2000 server. This server performs 3 functions, DNS,
Mail and file storage. The network is set up as a workgroup.
I have a few people that would like to access the server remotely. The
server has 2 nic cards one is disabled. When i setup the VPN one of two
things happen if i set it up on the active network card.... it disallows
access to the server from all internal computers. If I set up VPN access on
the disabled network card I can connect but I cannot browse the network or
ping by name or ip address. The only thing that I have noticed is that the
internal network has a subnet mask of 255.255.255.0 and the vpn subnet mask
is 255.255.255.255. I think that this is my problem. I tried to add another
static route but i got the error that the subnet mask cannot be more specific
then the ip address
( 192.168.10.2) I am unsure how to proceed. Any help would be greatly
appreciated

 

[Robert L [MS-MVP]]

It is not recommended to use two NICs in a DNS server. The subnet 255.255.255.255 is not issue here. Have you enabled IP routing? this case study may help,

can't browse over vpn because nic disabled
Case Study - Can't browse over VPN because the inside NIC is disabled. Situation:
One of our clients setup Windows Server 2003 with two network interface ....
www.howtonetworking.com/casestudy/vpnbrowsing1.htm

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
Hi,
I have a windows 2000 server. This server performs 3 functions, DNS,
Mail and file storage. The network is set up as a workgroup.
I have a few people that would like to access the server remotely. The
server has 2 nic cards one is disabled. When i setup the VPN one of two
things happen if i set it up on the active network card.... it disallows
access to the server from all internal computers. If I set up VPN access on
the disabled network card I can connect but I cannot browse the network or
ping by name or ip address. The only thing that I have noticed is that the
internal network has a subnet mask of 255.255.255.0 and the vpn subnet mask
is 255.255.255.255. I think that this is my problem. I tried to add another
static route but i got the error that the subnet mask cannot be more specific
then the ip address
( 192.168.10.2) I am unsure how to proceed. Any help would be greatly
appreciated

 

[Bill Grant]

If setting up VPN disables LAN connectivity you are probably using the
wrong selection in the setup wizard. The "VPN server" option sets filters to
block all traffic except VPN.

How can you connect to a NIC which is disabled? Do you mean it works if
you enable that NIC? A bit more info on the details of the server would
help. What are its IP addresses and gateway settings? How does it connect to
the Internet?

 

[Guest]

I Recreated the VPN in manual mode here is the current routing table
Using the route print command


===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface
0.0.0.0 0.0.0.0 192.168.10.253
192.168.10.21
(isp)xxx.xxx.xxx.xxx 255.255.255.255 192.168.10.253
192.168.10.21
127.0.0.0 255.0.0.0 127.0.0.1
127.0.0.1
192.168.10.0 255.255.255.0 192.168.10.21
192.168.10.21
192.168.10.21 255.255.255.255 127.0.0.1
127.0.0.1
192.168.10.47 255.255.255.255 127.0.0.1
127.0.0.1
192.168.10.47 255.255.255.255 192.168.10.47
192.168.10.47
192.168.10.255 255.255.255.255 192.168.10.21
192.168.10.21
224.0.0.0 224.0.0.0 192.168.10.21
192.168.10.21
255.255.255.255 255.255.255.255 192.168.10.21
192.168.10.21
Default Gateway: 192.168.10.253


Here is my current VPN route using route print. I did reconfigure the
network and was able to get it to ping the computers on the network. But I am
still unable to ping any of the computers by name or see them in network
neighborhood. I am able to send and receive email using the ip address of
the mail server. I had been doing this testing using my account with a static
ip address set up in user settings. I found if I connected as a different
account I got this when I pinged

D:\Documents and Settings\mickey>ping 192.168.10.21

Pinging 192.168.10.21 with 32 bytes of data:

Request timed out.
Reply from 10.223.28.1: Destination net unreachable.
Reply from 10.223.28.1: Destination net unreachable.
Reply from 10.223.28.1: Destination net unreachable.

This baffled me as I don’t have any idea where that ip range is coming from?

Thanks for the help

 

[Bill Grant]

That really has nothing to do with your server problem. How is that
client configured? Does it have a static IP or is it set to to get its IP
automatically? If it is set to automatic it must be able to see a DHCP
server somewhere.

How do your LAN machines normally get an IP? Do you have DHCP running on
your router?

 

[Guest]

The client machine is set for dhcp the ip range is 192.168.0.xxx the office
network is all static. even RRAS. There are only a 3 people that would
connected though the vpn so i gave RRAS a range of 5 IP's. We have a
wireless linksys router that we use for our internet access. This has DHCP
range of 3 ips For wireless clients that come to the office. If i use a
program like lansurveyor i can see the entire network using ping.

 

[Guest]

hi Bill,

can u guide me in setting up site to site vpn/demand dial. i tried
connection failed.

Thanks

 

[Bill Grant]

Not a lot to go on! Start with simple tests. Can you make a normal
client-server type connection to this RRAS server? If not, what error
message do you get?