shildrew
asked on
Static routes for RAS clients
I admin a network set up in two segments: 192.168.5.x containing windows servers and clients and 192.168.6.x containing unix servers. This works fine for everyone in the office since the default gateway is the main router. However remote clients have the "Use default gateway on remote network" unchecked in the VPN TCP/IP properties to maintain internet access. This means that whilst the RAS server gives out a route for the 192.168.5.x destination (router set as the ip of the client) there is no route to 192.168.6.x.
I've tried to fix this by adding a 033 static route option to the DHCP server providing the lease to the VPN client to map dest. 192.168.6.0 to router 192.168.5.1 which works when added to a client manually. However the DHCP server doesn't seem to push this option out - or if it does the client won't pick it up (or the RAS server doesn't pass this option along).
If you know of a way to solve this by whatever means, that would be great.
I've tried to fix this by adding a 033 static route option to the DHCP server providing the lease to the VPN client to map dest. 192.168.6.0 to router 192.168.5.1 which works when added to a client manually. However the DHCP server doesn't seem to push this option out - or if it does the client won't pick it up (or the RAS server doesn't pass this option along).
If you know of a way to solve this by whatever means, that would be great.
both networks connected directly to the router ?
where the ras is sitting ?
what kind of vpn/dhcp ?
victor
Have you tried adding the static route for 192.168.6.x. to the RAS Server ?
ASKER
victorbx -
both network segments are connected directly to a cisco router. the ras is sitting on the windows (5.x) network (& is not the router).
The VPN is a Win2000 Routing and Remote access PPTP connection which happens to use EAP authentication (which I doubt is relevant).
The DHCP is a standard win2000 DHCP server located on a different windows server than the RAS software.
svenkarlsen -
haven't tried that yet, i'll give that a shot it seems somewhat easier than messing around with DHCP options.
both network segments are connected directly to a cisco router. the ras is sitting on the windows (5.x) network (& is not the router).
The VPN is a Win2000 Routing and Remote access PPTP connection which happens to use EAP authentication (which I doubt is relevant).
The DHCP is a standard win2000 DHCP server located on a different windows server than the RAS software.
svenkarlsen -
haven't tried that yet, i'll give that a shot it seems somewhat easier than messing around with DHCP options.
Have you tried adding the static route for 192.168.6.x. to the RAS Server ?
No need to try it (-----^------), - it would be illogical if it worked ;-)
The route must be added at the client, as the client use the global route 0.0.0.0, so it's probably better to focus on your DHCP server again.
No need to try it (-----^------), - it would be illogical if it worked ;-)
The route must be added at the client, as the client use the global route 0.0.0.0, so it's probably better to focus on your DHCP server again.
Sorry for my slow thinking, - here's the solution/explanation:
Remember that using DHCP in connection with RAS means that RAS will optain and administer the DHCP leases, but no info is actually send to the RAS clients.
In order for DHCP info to be made available to RAS clients (DOmain name, etc.), you will need to enable the DHCP Relay Agent in RAS. - please see:
http://support.microsoft.com/default.aspx?scid=kb;en-us;232703
Remember that using DHCP in connection with RAS means that RAS will optain and administer the DHCP leases, but no info is actually send to the RAS clients.
In order for DHCP info to be made available to RAS clients (DOmain name, etc.), you will need to enable the DHCP Relay Agent in RAS. - please see:
http://support.microsoft.com/default.aspx?scid=kb;en-us;232703
ASKER
Thanks for yoru suggestion svenkarlsen.
I've made a minor modification but I'm not sure it will help. The DHCP relay was already enabled but didn't have any IP addresses explicitly specified. I would assume this meant it would broadcast the request but I'll check and find out.
The ras clients however have always shown up in the dhcp servers lease list - is this trickery on the part of the ras? I have now established that my local clients pick up the 033 static route option and add it appropriately which means that it is something to do with the remote access clients/server rather than my dhcp server configuration.
I'll check out this explicit server ip configuration in the hope that it works.
Thanks for your help so far!
Simon
I've made a minor modification but I'm not sure it will help. The DHCP relay was already enabled but didn't have any IP addresses explicitly specified. I would assume this meant it would broadcast the request but I'll check and find out.
The ras clients however have always shown up in the dhcp servers lease list - is this trickery on the part of the ras? I have now established that my local clients pick up the 033 static route option and add it appropriately which means that it is something to do with the remote access clients/server rather than my dhcp server configuration.
I'll check out this explicit server ip configuration in the hope that it works.
Thanks for your help so far!
Simon
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Right, it seems to be working now - I made a further modification today which makes a lot of sense in retrospect. It turns out that the DHCP Relay agent wasn't working properly. Although it appeared to be configured correctly there were two interfaces called 'Internal' and the wrong one was added to the agent. I added the other one instead and it is now happily relaying packets to my vpn clients.
Thanks for all your help guys, especially svenkarlsen who put me onto the right traacks in solving this and who has to get the points.
Thanks for all your help guys, especially svenkarlsen who put me onto the right traacks in solving this and who has to get the points.
both networks connected directly to the router ?
where the ras is sitting ?
what kind of vpn/dhcp ?
victor