Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

VPN routing & RAS

0 views

Skip to first unread message

Socrates Katsoudas

unread,

Apr 23, 2003, 12:33:37 PM4/23/03

I have stumbled exactly on the same problem as many
contributors here. My configuration is as follows:

Outside world - VPN server - Intranet

The VPN server has two NICs, one in each leg with no
packet filters enabled. The server runs Win2K server SP3
with all the latest hotfixes as of today.

When a client (Win2K for example) dials the outside IP of
the VPN server, it gets connected and gets an IP & gateway
address from the static pool inside the VPN server and the
relevant DNS/WINS settings from the Intranet NIC, as
defined in RAS. Everything is well until now. However, the
VPN clients can only see the VPN server and nothing beyond
it. My requirement is for the clients to see only the
local directly-connected subnet to the internal NIC and no
networks beyond that, hence there is no need of a gateway
address for the inside NIC (none is defined, only the
outside NIC has a default gateway pointing to the outside
router interface) and there is no need to statically
define the route for the internal LAN (although I have
done so in my tests, to no effect).
Other intranet clients can ping the VPN clients (when
connected) and the rest of the network (including the VPN
server).
I added a static route of the form

route add 192.168.9.0 mask 255.255.255.0 192.168.9.1

to the VPN server route table using RAS (where 192.168.9.x
is the static address pool), although routes are built and
maintained on a session/connection basis by RAS.

Is there a reason why I cannot see the directly-connected
network from the VPN clients? When I am trying to tracert
a computer that is inside the intranet zone, all requests
end at the VPN server interface. I am running both RIP and
IGRP in an effort to debug this issue.

Any ideas? I have lost 50% of my hair with this!!

Robert L

unread,

Apr 23, 2003, 1:47:51 PM4/23/03

have you enable ip routing? post the results of ipconfig /all and route
table here may help.

--
For more information, go to http://www25.brinkster.com/ChicagoTech

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Robert Lin, MS-MVP, MCSE & CNE
Windows & Network Support, Tips and FAQs on
http://www25.brinkster.com/ChicagoTech
This posting is provided "AS IS" with no warranties.

"Socrates Katsoudas" <mx...@hotmail.com> wrote in message
news:015b01c309b6$17727220$a101...@phx.gbl...

0 new messages