VPN connection can't route to lan

Discussion in 'Windows Small Business Server' started by Doug Leece, Apr 10, 2005.

  1. Doug Leece

    Doug Leece Guest

    Hi All,
    I have rerun the RRAS wizard a dozen times, tried various manual
    modifications and yet this problem persists. I have a single NIC SBS server
    and we use a firewall to forward TCP/1723 and GRE to the private SBS
    address. The connection works great and I can access anything on the
    SBS/RRAS server without a problem. What i can't do is connect to any other
    servers on the LAN, even though they are all on the same /24 subnet. The
    remote VPN clients do pick up an address in the private /24 and the other
    servers in the network can contact the IP address known as "internal" in the
    RRAS manager window. I have enabled/disabled LAN routing with no effect. I
    don't have IPSEC enabled or disabled, just the default DEL SBS install.

    I have this same setup working at two other sites with no issues, it was
    almost too easy :) I have compared configs and see nothing different. The
    only change is the other two sites used SBS 2003 from MS but this new site
    uses the SBS media from Dell. It looks lie the packets never leave the SBS,
    I used TCP dump and specific port to sniff for this on the private LAN.

    Any ideas would be greatly appreciated, we need VPN to access a couple of
    internal serves, remote workplace on it's own is not enough unfortunatly.

    Thanks in advance.
    Doug Leece
    Calgary Alberta
     
    Doug Leece, Apr 10, 2005
    #1
    1. Advertisements

  2. Hi Doug,

    Thank you for posting here.

    Please let me know whether you're able to access computers via \\IPAddress or \\NetBIOS name.

    Please check the network subnets:

    1. Remote local subnet.
    2. Corporate LAN subnet.

    The above networks should not be on the same subnet. For example, if the Corporate LAN is 192.168.0.x, the Remote local subnet should be on
    different subnet. (192.168.1.x as an example)

    Please configure the network connections and check whether the problem persists. If the problem is not able to be resolved, please post the
    following info back:

    1. Establish VPN connection to the SBS Server.
    2. From the SBS Server, post the following commands' output:
    IPconfig /all
    Route print
    3. From the remote computer, post the output of the above commands as well.

    I hope the above info helps.

    Any update, let's get in touch.

    Bill Peng
    MCSE 2000, MCDBA
    Microsoft CSS Online Newsgroup Support

    Get Secure! - www.microsoft.com/security
    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.


    --------------------
     
    Bill Peng [MSFT], Apr 11, 2005
    #2
    1. Advertisements

  3. Doug Leece

    Doug Leece Guest

    Hi Bill thanks for the help here.

    Yes the two networks in question are on different subnets. I can't access
    any other network devices on the network hosting the the SBS/RAS server via
    netbios or tcpip just resources on the SBS. From the VPN client I can ping
    192.168.100.151 and 100.12 as well as pinging the SBS by netbios name. I
    would have thought that all traffic for the 192.168.100.0/24 network would
    be considered local to the 192.168.100.12 and 192.168.100.151 interfaces.
    Both addresses are pingable from inside the 192.168.100.0/24 network so
    shouldn't the PPTP address given by the DHCP server, 146 in this case with
    a route to 151, just pass through 151 to get to the local area ?

    Here is the server config:

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : cgy-sbs
    Primary Dns Suffix . . . . . . . : MAXGP.local
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : Yes
    WINS Proxy Enabled. . . . . . . . : Yes
    DNS Suffix Search List. . . . . . : MAXGP.local

    PPP adapter RAS Server (Dial In) Interface:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
    Physical Address. . . . . . . . . : 00-53-45-00-00-00
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.100.151
    Subnet Mask . . . . . . . . . . . : 255.255.255.255
    Default Gateway . . . . . . . . . :
    NetBIOS over Tcpip. . . . . . . . : Disabled

    Ethernet adapter Server Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
    Connection
    Physical Address. . . . . . . . . : 00-11-43-5A-AA-D6
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.100.12
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.100.254
    DNS Servers . . . . . . . . . . . : 192.168.100.12
    Primary WINS Server . . . . . . . : 192.168.100.12

    Ethernet adapter Network Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
    Connection #
    2
    Physical Address. . . . . . . . . : 00-11-43-5A-AA-D7
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Autoconfiguration IP Address. . . : 169.254.96.74
    Subnet Mask . . . . . . . . . . . : 255.255.0.0
    Default Gateway . . . . . . . . . :
    Primary WINS Server . . . . . . . : 192.168.100.12
    NetBIOS over Tcpip. . . . . . . . : Disabled


    Here is the vpn client config:

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : dadxp1
    Primary Dns Suffix . . . . . . . : skymail.ca
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : skymail.ca

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : 3Com EtherLink III ISAPNP
    Ethernet A
    dapter (Generic 3C509b)
    Physical Address. . . . . . . . . : 00-60-08-2F-A0-49
    Dhcp Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.60.11
    Subnet Mask . . . . . . . . . . . : 255.255.255.224
    Default Gateway . . . . . . . . . : 192.168.60.1
    DNS Servers . . . . . . . . . . . : 192.168.60.1
    192.168.60.6

    Ethernet adapter Local Area Connection 2:

    Media State . . . . . . . . . . . : Media disconnected
    Description . . . . . . . . . . . : 3Com 3C905TX-based Ethernet
    Adapter
    (Generic)
    Physical Address. . . . . . . . . : 00-C0-4F-81-5C-35

    PPP adapter be:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
    Physical Address. . . . . . . . . : 00-53-45-00-00-00
    Dhcp Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.100.146
    Subnet Mask . . . . . . . . . . . : 255.255.255.255
    Default Gateway . . . . . . . . . : 192.168.100.146
    DNS Servers . . . . . . . . . . . : 192.168.100.12
    Primary WINS Server . . . . . . . : 192.168.100.12


    Here are the known routes on the server:


    C:\Documents and Settings\Administrator>netstat -rn

    IPv4 Route Table
    ===========================================================================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x10002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
    0x10003 ...00 11 43 5a aa d6 ...... Intel(R) PRO/1000 MT Network Connection
    0x160004 ...00 11 43 5a aa d7 ...... Intel(R) PRO/1000 MT Network Connection
    #2
    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 192.168.100.254 192.168.100.12 1
    127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
    142.179.156.47 255.255.255.255 192.168.100.254 192.168.100.12 1
    169.254.0.0 255.255.0.0 169.254.96.74 169.254.96.74 10
    169.254.96.74 255.255.255.255 127.0.0.1 127.0.0.1 10
    169.254.255.255 255.255.255.255 169.254.96.74 169.254.96.74 10
    192.168.59.10 255.255.255.255 192.168.100.254 192.168.100.12 1
    192.168.100.0 255.255.255.0 192.168.100.12 192.168.100.12 10
    192.168.100.12 255.255.255.255 127.0.0.1 127.0.0.1 10
    192.168.100.146 255.255.255.255 192.168.100.151 192.168.100.151 1
    192.168.100.151 255.255.255.255 127.0.0.1 127.0.0.1 50
    192.168.100.255 255.255.255.255 192.168.100.12 192.168.100.12 10
    192.168.200.0 255.255.255.0 192.168.100.12 192.168.100.12 1
    224.0.0.0 240.0.0.0 169.254.96.74 169.254.96.74 10
    224.0.0.0 240.0.0.0 192.168.100.12 192.168.100.12 10
    255.255.255.255 255.255.255.255 169.254.96.74 169.254.96.74 1
    255.255.255.255 255.255.255.255 192.168.100.12 192.168.100.12 1
    Default Gateway: 192.168.100.254
    ===========================================================================
    Persistent Routes:
    None

    C:\Documents and Settings\Administrator>

    Corporate LAN is 192.168.0.x, the Remote local subnet should be on
    persists. If the problem is not able to be resolved, please post the
    that others may learn and benefit from your issue.
     
    Doug Leece, Apr 12, 2005
    #3
  4. Hi Doug,

    Thank you for the update.

    After check the info, I found that there're 2 NICs on the SBS machine. ("Ethernet adapter Network
    Connection" and "Ethernet adapter Server Local Area Connection".)

    To isolate the root cause of this issue, please disable "Ethernet adapter Network Connection".

    Then, please also collect the "Route Print" output from the remote client computer.

    I appreciate your time and I look forward to your update.

    Bill Peng
    MCSE 2000, MCDBA
    Microsoft CSS Online Newsgroup Support

    Get Secure! - www.microsoft.com/security
    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so that others may learn and
    benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
     
    Bill Peng [MSFT], Apr 13, 2005
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.