Server 2008 RAS Only allowing clients to see local subnet


R

Richard

Help!! Appologies if this is a bit wordy new here!

Problem / Challenge!!

Clients connecting to a 2008 RAS server are only able to connect to
resources on the same subnet as the RAS server. Other resources, including
the internet, are unavailable. As a side issue, the vpn clients can only
connect when both network cards in the server have their gateway addresse's
set to the pass through router - almost as if the vpn taffic is coming in on
NIC 1 then going back to the client via NIC 2. I susspect this is a config
issue in RAS, but rather stuck at the moment.

Ok here is the senario.

Subnet at main site is 10.10.1.x
Subnet at second site is 10.10.32.x

Two routers,

Router A has an internal address of 10.10.1.15 and handles all our site to
site links - i.e it terminates the VPN's including the one from 10.10.32.x

Router B has an internal address of 10.10.1.13 and is there to forward
inbound VPN's from mobile workers to our RAS server. It has the appropriate
ports open and forwarded to NIC B on the server below.

RAS server, clean build of Server 2008 Std, 2x NIC's, RAS role installed.
Member server of our domain.
NICS A is set as follows, ip 10.10.1.39, subnet 255.255.0.0, gateway
10.10.1.12
NIC B ip, 10.10.1.41, 255,255,255,0, 10.10.1.12

Issue:-

Clients can connect to the RAS server, receive a valid IP for the main site
and access resources at this site, however if they try to access a resource
at 10.10.32.x then they cannot. I'm pretty sure this is because the first
NIC's gateway is pointing at 10.10.1.13 instead of 10.10.1.15.

I have added static routes to RAS but the problem persists, if I add a
static route to the server itself, it can see 10.10.32.x but the clients
still cannot.

This is our second RAS server, the previous server 2003 based machine worked
with no problems until it's hdd failed. The router setting have not been
changed since then - the new server has the same IP setting as the previous
one.
However in the old server the gateway address on NIC A was set to
10.10.1.15, if I set NIC A in the new server with the "correct" gateway
address of 10.10.1.15 clients can no longer vpn in - they get no errors other
than "cannot connect".

However with NIC A set to a gateway of 10.10.1.15, the RAS server is able to
ping all our other subnets.

All other machines, at any site/subnet are able to comunicate with each
other without issues.

I have tried adding another NIC to the RAS box, but with this enabled, with
10.10.1.15 as it's gateway, stops the VPN clients from being able to connect.
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top