Windows 2000, VPN and routing issues

F

Fernando Ronci

Hi,

I've been unable to track the source of a *very* weird routing problem
I've had for months. I will highly appreciate if someone can help me
with this.

My LAN, comprised of several Windows 2000 SP4 professional
workstations, connects to a remonte VPN server via a permanent link to
the internet where 192.168.1.3 is the default gateway. Before the VPN
connection is established, a "route print" output looks like this:
Interface List
0x1 ........................... MS TCP Loopback interface
0x1000003 ...00 02 a5 d8 c0 4f ...... Intel(R) PRO/100 VM Network
Connection
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.3 192.168.1.23 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.23 192.168.1.23 1
192.168.1.23 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.1.255 255.255.255.255 192.168.1.23 192.168.1.23 1
224.0.0.0 224.0.0.0 192.168.1.23 192.168.1.23 1
255.255.255.255 255.255.255.255 192.168.1.23 192.168.1.23 1
Default Gateway: 192.168.1.3
===========================================================================
Persistent Routes:
none

In this case, 192.168.1.23 is the IP address of my own workstation.
Then, after the VPN connection comes up, several unnecessary and
spurious routes appear. They're shown in the following "route print"
output issued just after the VPN has been established. The problem is
that those routes are problematic and interfere with routing. They
come up with a metric of 2, 3 and 4 which, after a few minutes
(approximately 5), their metric is increased up to 16 until they time
out, thus disappearing from the routing table. After this, "route
print" shows the same routing table displayed above resulting in
routing normalization.
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x1000003 ...00 02 a5 d8 c0 4f ...... Intel(R) PRO/100 VM Network
Connection
0xa000004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.3 192.168.1.23 1
10.0.0.0 255.0.0.0 10.31.5.10 10.31.5.10 1
10.0.0.0 255.0.0.0 200.55.54.225 192.168.1.23 3
10.31.5.10 255.255.255.255 127.0.0.1 127.0.0.1 1
10.255.255.255 255.255.255.255 10.31.5.10 10.31.5.10 1
62.58.77.90 255.255.255.255 192.168.1.3 192.168.1.23 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
172.30.0.0 255.255.0.0 200.55.54.225 192.168.1.23 4
192.168.1.0 255.255.255.0 192.168.1.23 192.168.1.23 1
192.168.1.23 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.1.255 255.255.255.255 192.168.1.23 192.168.1.23 1
192.168.13.0 255.255.255.0 200.55.54.225 192.168.1.23 4
192.170.0.0 255.255.255.0 200.55.54.225 192.168.1.23 2
200.41.39.0 255.255.255.0 200.55.54.225 192.168.1.23 4
200.49.10.0 255.255.255.0 200.55.54.225 192.168.1.23 4
200.55.10.0 255.255.255.0 200.55.54.225 192.168.1.23 4
200.55.11.0 255.255.255.0 200.55.54.225 192.168.1.23 4
224.0.0.0 224.0.0.0 10.31.5.10 10.31.5.10 1
224.0.0.0 224.0.0.0 192.168.1.23 192.168.1.23 1
255.255.255.255 255.255.255.255 192.168.1.23 192.168.1.23 1
Default Gateway: 192.168.1.3
===========================================================================
Persistent Routes:
none


The strangest thing is that all those routes with a metric of 2 or
greater appear *only* on Windows 2000 workstations establishing a VPN
connection to a remote server, whereas windows 98 workstations which
establish VPN connections to the same server don't experience this
anomaly, that is, route entries with a metric of 2 or greater are
*never* seen in "route print" output issued on Windows 98 clients, nor
even while the VPN connection is up.
As it can be seen, there are differences between how Windows 2000 and
Windows 98 learn routes. In my case, the way Windows 2000 learns
routes after a VPN connection is established is causing huge trouble.
BTW, neither the administrators of the VPN server nor my ISP recognize
the spurious route source as theirs.

Under the above scenario, can anyone please tell me why/how Windows
2000 is learning those routes and Windows 98 isn't ?
Is there a way to prevent Windows 2000 from learning them ?
I *particularly* claimed my ISP, who administers gateway 200.55.54.225
as the problematic routes seem to be coming from there, or at least
published by 200.55.54.225 , but he disclaimed any sort of
responsibility.

Can anyone give me a hand with this please ?
Thank you,

Fernando Ronci
E-mail: (e-mail address removed)
 
A

Adam Gilstrap

depending on what type of vpn you are connecting into policies can get
pushed down from the vpn server. Many vpn's these days have the options to
disable internal network access when you are connected in through the vpn.
this results in route print information changing when you connect.
 
F

Fernando Ronci

Thank you Bill for your support.
Our problem is now solved.

Fernando Ronci
E-mail: (e-mail address removed)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

stupid NIC driver - can I change the matrix value? 2
Going bald! (Win2K->NT Server VPN routing) 1
Site-to-Site VPN 0
Routing 1
Desperate Housewife needs help with Windows 2000 Server vpn setup 5
VPN not Routing 5
CMAK VPNs not working as expected. 3
Vista / W2K8 -- Outgoing VPN blocks RDP/LAN connection ? 0

Top