VPN Server works fine but not routing data


Julio Ríos

I have a W2k SP4 Server. This server has got three network adapaters.

I like to configure this server to Routing and RAS and VPN Server.

When I configure the server as VPN Server (using Wizard), the machine can
not access to Internet, the Internet Explorer does not work, but VPN server
works fine( I connect a vpn client ). I do not understand why the VPN server
logging users and the server gives IP address to vpn clients and it is works
fine and the server does not Internet access.

This server want to do routing to connect PC of internal lans to use
I have checked in the RRAS configuration the field to routing (Chequed
routing in Propierties of server and IP label checked routing IP ), but the
server does not route data from clients PC, but I can use VPN server and
this function works fine.

In other case I unistall the VPN Server and I configured only routing server
(using Wizard too), but I do not understand why the server does not route

If I unistall RRAS service this server has Internet access. I can use the
Internet explorer to see web pages etc.

This is the network configuration:

First NIC: IP Address: MASK: Gateway:
Second NIC: IP Address: MASK:
Third NIC: IP Address: MASK:
When I configures VPN Srver:
Fourt IP (RAS): IP Address: MASK:

One client PC: IP Address: MASK: Gateway:

Do you have any idea why VPN Server works and does not work routing data,
and the server does not have Internet access?

Best regards.

Julio Ríos.

Robert L [MS-MVP]

quoted form
Internal clients can't access the Internet after a remote client connects to
Symptoms: After a remote client establishes a connection on a RRAS which is
installed on a domain controller with DNS, one or more of the following
symptoms may occur:
1) Internal clients may no longer be able to browse the Web through Internet
Security and Acceleration (ISA) Server, regardless of whether or not Web
Proxy or the Firewall Client is being used for Web browsing.
2) A "The page cannot be displayed" error message is generated when you use
a Web browser.
3) A "cannot find server or DNS" error occurs.
4) From an internal client, if you use PING to ping the name of the server,
PING returns any other address other than the IP address that is bound to
the server's internal adapter.
5) You cannot browse through the list of computers in Network Neighborhood
or My Network Places.
6) You cannot connect to the following Web page:
7) You may receive the following event message: Event ID: 4319, Source:
Netbt, Description: A duplicate name has been detected on the tcp network.
The IP address of the machine that sent the message is in the data. Use
NBTSTAT with a switch of N in a command window to see which name is in a
conflict state.
8) When a client clicks Update Now from the Firewall Client applet in
Control Panel, the client may receive the following error message:

The server is not responding when client requests an update.
Possible causes:
-The server is not an ISA Server.
-The server is down.
9) Windows 2000 LAN clients cannot map a network drive to the server. The
client may receive the following error message: No Logon Servers Available
to Service your Logon Request.

Resolutions: This issue can occur if the client computer receives a response
from DNS that includes the wrong Internet Protocol (IP) address. This
address is only returned in a query after a remote client has connected by
using Dial-Up Networking. This IP address is registered with DNS if network
basic input/output system (NetBIOS) is bound to the RRAS server's dial-in
interfaces or if DNS is configured to listen on all interfaces. To resolve
this problem, obtain the latest service pack for Windows 2000

For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Robert Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
This posting is provided "AS IS" with no warranties.

Bill Grant

You should not use the "VPN Server" option in the setup wizard in your
case. This option sets packet filters to stop all non-VPN traffic, and
should be used only if your machine is a dedicated VPN server.

Either start again and use the "Remote Access Server" option, or
manually remove the packet filters from youe public NIC.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question