Vista / W2K8 -- Outgoing VPN blocks RDP/LAN connection ?

X

x13

Hello all.

Strangest problem...

Recently installed a new Windows 2008 server. When any user opens a(n
ms) VPN connection to an external site, the routing gets messed up.
The user's RDP session gets cut-off, but the VPN session stays up. No
one can RDP to the server as long the VPN connection is up. Vista
users have the same problem also but not XP...

If that happens, the I have to go on the server console using a
network KVM, and kill the VPN connection manually. Then normal network
traffic resumes. Terminal Server problem?...

I captured both servers' routing tables before and after a VPN
connection.

Platform apart, the only noticeable differences between the old and
new servers are:

T100 (new server) : 1 NIC, 172.25.0.90 /16
T102 (old server) : 2 bridged NICs, 172.25.0.88 /16

Both servers use:
Gateway: 172.25.4.1
DNS & WINS: 172.25.0.100, 172.25.0.104 (both AD domain controllers)

New server = T100 (Windows 2008 Standard x64)
Old server = T102 (Windows 2003 Standard R2 SP2)
DMZ = 192.168.2.0 /24 & 192.168.3.0 /24

ROUTING TABLES

PS: Before and after routing works

RDP BEFORE EXTERNAL VPN CONNECTION (T102):

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...54 1e eb 83 3b 0c ...... Check Point Virtual Network Adapter
For SSL Network Extender
0x10004 ...02 11 43 fd 84 f9 ...... MAC Bridge Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface
Metric
0.0.0.0 0.0.0.0 172.25.4.1 172.25.0.88
10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
172.25.0.0 255.255.0.0 172.25.0.88 172.25.0.88
10
172.25.0.88 255.255.255.255 127.0.0.1 127.0.0.1 10
172.25.255.255 255.255.255.255 172.25.0.88 172.25.0.88
10
192.168.2.0 255.255.255.0 172.25.4.1 172.25.0.88
1
192.168.3.0 255.255.255.0 172.25.4.1 172.25.0.88
1
192.168.10.0 255.255.255.0 172.25.4.1 172.25.0.88
1
224.0.0.0 240.0.0.0 172.25.0.88 172.25.0.88
10
255.255.255.255 255.255.255.255 172.25.0.88 172.25.0.88
1
255.255.255.255 255.255.255.255 172.25.0.88 2 1
Default Gateway:
172.25.4.1 ** correct def
route to GW
===========================================================================
Persistent Routes:
None

RDP AFTER EXTERNAL VPN CONNECTION (T102):

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...54 1e eb 83 3b 0c ...... Check Point Virtual Network Adapter
For SSL Network Extender
0x10004 ...02 11 43 fd 84 f9 ...... MAC Bridge Miniport
0x20005 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface
Metric
0.0.0.0 0.0.0.0 172.25.4.1 172.25.0.88
11
0.0.0.0 0.0.0.0 172.26.25.35 172.26.25.25
1 ** ext VPN target
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
172.25.0.0 255.255.0.0 172.25.0.88 172.25.0.88
10
172.25.0.88 255.255.255.255 127.0.0.1 127.0.0.1 10
172.25.255.255 255.255.255.255 172.25.0.88 172.25.0.88
10
172.26.25.25 255.255.255.255 127.0.0.1 127.0.0.1 50
** ext VPN target
172.26.255.255 255.255.255.255 172.26.25.25 172.26.25.25
50 ** ext VPN target
192.168.2.0 255.255.255.0 172.25.4.1 172.25.0.88
1
192.168.3.0 255.255.255.0 172.25.4.1 172.25.0.88
1
192.168.10.0 255.255.255.0 172.25.4.1172.25.0.88 1
(target VPN IP) 255.255.255.255 172.25.4.1 172.25.0.88
10
224.0.0.0 240.0.0.0 172.25.0.88 172.25.0.88
10
224.0.0.0 240.0.0.0 172.26.25.25 172.26.25.25
1 ** ext VPN target
255.255.255.255 255.255.255.255 172.25.0.88 172.25.0.88
1
255.255.255.255 255.255.255.255 172.26.25.25 172.26.25.25
1 ** ext VPN target
255.255.255.255 255.255.255.255 172.26.25.25 2 1 ** ext
VPN target

Default Gateway: 172.26.25.35
===========================================================================
Persistent Routes:
None

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

PS: After routing DOESN'T work

RDP BEVORE EXTERNAL VPN CONNECTION (T100):

===========================================================================
Interface List
10 ...00 22 19 57 e7 06 ...... Broadcom BCM5708C NetXtreme II GigE
(NDIS VBD Client)
1 ........................... Software Loopback Interface 1
14 ...00 00 00 00 00 00 00 e0 isatap.{CEC4501E-
C5D3-4759-9D25-2F86AE9AEC59}
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface
Metric
0.0.0.0 0.0.0.0 172.25.4.1 172.25.0.90
266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
172.25.0.0 255.255.0.0 On-link 172.25.0.90 266
172.25.0.90 255.255.255.255 On-link 172.25.0.90 266
172.25.255.255 255.255.255.255 On-link 172.25.0.90 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 172.25.0.90 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 172.25.0.90 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 172.25.4.1
Default ** correct gw IP
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

PS: I don't know why IPv6 is reported: it's disabled

RDP AFTER EXTERNAL VPN CONNECTION (T100):

===========================================================================
Interface List
18 ........................... (ext VPN target)
10 ...00 22 19 57 e7 06 ...... Broadcom BCM5708C NetXtreme II GigE
(NDIS VBD Client)
1 ........................... Software Loopback Interface 1
14 ...00 00 00 00 00 00 00 e0 isatap.{CEC4501E-
C5D3-4759-9D25-2F86AE9AEC59}
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
19 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface
Metric
0.0.0.0 0.0.0.0 172.25.4.1 172.25.0.90
4491
0.0.0.0 0.0.0.0 On-link 172.26.25.16
11 ** ext VPN target
127.0.0.0 255.0.0.0 On-link 127.0.0.1
4531
127.0.0.1 255.255.255.255 On-link 127.0.0.1
4531
127.255.255.255 255.255.255.255 On-link 127.0.0.1
4531
172.25.0.0 255.255.0.0 On-link 172.25.0.90
4491
172.25.0.90 255.255.255.255 On-link 172.25.0.90
4491
172.25.255.255 255.255.255.255 On-link 172.25.0.90
4491
172.26.25.16 255.255.255.255 On-link 172.26.25.16
266 ** ext VPN target
(target VPN IP) 255.255.255.255 172.25.4.1 172.25.0.90
4236
224.0.0.0 240.0.0.0 On-link 127.0.0.1
4531
224.0.0.0 240.0.0.0 On-link 172.25.0.90
4492
224.0.0.0 240.0.0.0 On-link 172.26.25.16
11 ** ext VPN target
255.255.255.255 255.255.255.255 On-link 127.0.0.1
4531
255.255.255.255 255.255.255.255 On-link 172.25.0.90
4491
255.255.255.255 255.255.255.255 On-link 172.26.25.16
266 ** ext VPN target
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 172.25.4.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

PS: I don't know why IPv6 is reported: it's disabled

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

This problem affects Windows Server 2008 and Vista (32 and 64-bits)

I installed SP2 on T100 but problem still exists...
Could it be a problem related to NAP policy defaults? (although we
have no NAP servers installed)

If anyone know of a KB or workaround that fixes this, I would be VERY
grateful!
Email is a spam decoy, please reply in thread.

Thanks!
==
M.T.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Problem about NATTING in WinCE 0
Two gateways in my home LAN 3
2 networks for diferent uses (wired and wirless) 3
add route help 2
routing, gateway 9
Windows Routing! 1
Vista Premium - can't ping or see local machines 5
Help - don't understand Vista route commend 1

Top