Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1348
  • Last Modified:

Static routes for RAS clients

I admin a network set up in two segments:  192.168.5.x containing windows servers and clients and 192.168.6.x containing unix servers.  This works fine for everyone in the office since the default gateway is the main router.  However remote clients have the "Use default gateway on remote network" unchecked in the VPN TCP/IP properties to maintain internet access.  This means that whilst the RAS server gives out a route for the 192.168.5.x destination (router set as the ip of the client) there is no route to 192.168.6.x.

I've tried to fix this by adding a 033 static route option to the DHCP server providing the lease to the VPN client to map dest. 192.168.6.0 to router 192.168.5.1 which works when added to a client manually.  However the DHCP server doesn't seem to push this option out - or if it does the client won't pick it up (or the RAS server doesn't pass this option along).

If you know of a way to solve this by whatever means, that would be great.
0
shildrew
Asked:
shildrew
  • 4
  • 3
  • 2
1 Solution
 
victorbxCommented:

both networks connected directly to the router ?

where the ras is sitting ?

what kind of vpn/dhcp  ?


victor
0
 
victorbxCommented:

both networks connected directly to the router ?

where the ras is sitting ?

what kind of vpn/dhcp  ?


victor
0
 
svenkarlsenCommented:
Have you tried adding the static route for 192.168.6.x. to the RAS Server ?
0
Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

 
shildrewAuthor Commented:
victorbx -
both network segments are connected directly to a cisco router.  the ras is sitting on the windows (5.x) network (& is not the router).  
The VPN is a Win2000 Routing and Remote access PPTP connection which happens to use EAP authentication (which I doubt is relevant).  
The DHCP is a standard win2000 DHCP server located on a different windows server than the RAS software.

svenkarlsen -
haven't tried that yet, i'll give that a shot it seems somewhat easier than messing around with DHCP options.
0
 
svenkarlsenCommented:
Have you tried adding the static route for 192.168.6.x. to the RAS Server ?

No need to try it (-----^------), - it would be illogical if it worked ;-)

The route must be added at the client, as the client use the global route 0.0.0.0, so it's probably better to focus on your DHCP server again.

0
 
svenkarlsenCommented:
Sorry for my slow thinking, - here's the solution/explanation:

Remember that using DHCP in connection with RAS means that RAS will optain and administer the DHCP leases, but no info is actually send to the RAS clients.

In order for DHCP info to be made available to RAS clients (DOmain name, etc.), you will need to enable the DHCP Relay Agent in RAS.  - please see:

http://support.microsoft.com/default.aspx?scid=kb;en-us;232703
0
 
shildrewAuthor Commented:
Thanks for yoru suggestion svenkarlsen.

I've made a minor modification but I'm not sure it will help.  The DHCP relay was already enabled but didn't have any IP addresses explicitly specified.  I would assume this meant it would broadcast the request but I'll check and find out.  

The ras clients however have always shown up in the dhcp servers lease list - is this trickery on the part of the ras?  I have now established that my local clients pick up the 033 static route option and add it appropriately which means that it is something to do with the remote access clients/server rather than my dhcp server configuration.

I'll check out this explicit server ip configuration in the hope that it works.

Thanks for your help so far!

Simon
0
 
svenkarlsenCommented:
Re: DHCP & RAS.

Yes, - RAS does 'cheat' - it takes out a lease of 10 addresses from the DHCP, but it administers them and they are not actually acquired by the RAS clients. Or you could say: it simply asks the DHCP for 10 addresses to populate it's address pool, but it is still the principles of 'RAS address pool' that is used.

When you use the DHCP Relay Agent, the RAS will still perform this process, but clients may receive info from the DHCP server by DHCPINFORM packets. DNS and WINS info received this way will override anything  obtained from the RAS.


P.S. Remember to configure an interface as 'Internal' for the DHCP Relay Agent at the RAS........
0
 
shildrewAuthor Commented:
Right, it seems to be working now - I made a further modification today which makes a lot of sense in retrospect.  It turns out that the DHCP Relay agent wasn't working properly.  Although it appeared to be configured correctly there were two interfaces called 'Internal' and the wrong one was added to the agent.  I added the other one instead and it is now happily relaying packets to my vpn clients.

Thanks for all your help guys, especially svenkarlsen who put me onto the right traacks in solving this and who has to get the points.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now