Solved

Static routes for RAS clients

Posted on 2003-11-04
9
1,316 Views
Last Modified: 2007-12-19
I admin a network set up in two segments:  192.168.5.x containing windows servers and clients and 192.168.6.x containing unix servers.  This works fine for everyone in the office since the default gateway is the main router.  However remote clients have the "Use default gateway on remote network" unchecked in the VPN TCP/IP properties to maintain internet access.  This means that whilst the RAS server gives out a route for the 192.168.5.x destination (router set as the ip of the client) there is no route to 192.168.6.x.

I've tried to fix this by adding a 033 static route option to the DHCP server providing the lease to the VPN client to map dest. 192.168.6.0 to router 192.168.5.1 which works when added to a client manually.  However the DHCP server doesn't seem to push this option out - or if it does the client won't pick it up (or the RAS server doesn't pass this option along).

If you know of a way to solve this by whatever means, that would be great.
0
Comment
Question by:shildrew
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 4

Expert Comment

by:victorbx
ID: 9679418

both networks connected directly to the router ?

where the ras is sitting ?

what kind of vpn/dhcp  ?


victor
0
 
LVL 4

Expert Comment

by:victorbx
ID: 9679420

both networks connected directly to the router ?

where the ras is sitting ?

what kind of vpn/dhcp  ?


victor
0
 
LVL 9

Expert Comment

by:svenkarlsen
ID: 9683768
Have you tried adding the static route for 192.168.6.x. to the RAS Server ?
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 

Author Comment

by:shildrew
ID: 9685267
victorbx -
both network segments are connected directly to a cisco router.  the ras is sitting on the windows (5.x) network (& is not the router).  
The VPN is a Win2000 Routing and Remote access PPTP connection which happens to use EAP authentication (which I doubt is relevant).  
The DHCP is a standard win2000 DHCP server located on a different windows server than the RAS software.

svenkarlsen -
haven't tried that yet, i'll give that a shot it seems somewhat easier than messing around with DHCP options.
0
 
LVL 9

Expert Comment

by:svenkarlsen
ID: 9685848
Have you tried adding the static route for 192.168.6.x. to the RAS Server ?

No need to try it (-----^------), - it would be illogical if it worked ;-)

The route must be added at the client, as the client use the global route 0.0.0.0, so it's probably better to focus on your DHCP server again.

0
 
LVL 9

Expert Comment

by:svenkarlsen
ID: 9686443
Sorry for my slow thinking, - here's the solution/explanation:

Remember that using DHCP in connection with RAS means that RAS will optain and administer the DHCP leases, but no info is actually send to the RAS clients.

In order for DHCP info to be made available to RAS clients (DOmain name, etc.), you will need to enable the DHCP Relay Agent in RAS.  - please see:

http://support.microsoft.com/default.aspx?scid=kb;en-us;232703
0
 

Author Comment

by:shildrew
ID: 9686987
Thanks for yoru suggestion svenkarlsen.

I've made a minor modification but I'm not sure it will help.  The DHCP relay was already enabled but didn't have any IP addresses explicitly specified.  I would assume this meant it would broadcast the request but I'll check and find out.  

The ras clients however have always shown up in the dhcp servers lease list - is this trickery on the part of the ras?  I have now established that my local clients pick up the 033 static route option and add it appropriately which means that it is something to do with the remote access clients/server rather than my dhcp server configuration.

I'll check out this explicit server ip configuration in the hope that it works.

Thanks for your help so far!

Simon
0
 
LVL 9

Accepted Solution

by:
svenkarlsen earned 125 total points
ID: 9687862
Re: DHCP & RAS.

Yes, - RAS does 'cheat' - it takes out a lease of 10 addresses from the DHCP, but it administers them and they are not actually acquired by the RAS clients. Or you could say: it simply asks the DHCP for 10 addresses to populate it's address pool, but it is still the principles of 'RAS address pool' that is used.

When you use the DHCP Relay Agent, the RAS will still perform this process, but clients may receive info from the DHCP server by DHCPINFORM packets. DNS and WINS info received this way will override anything  obtained from the RAS.


P.S. Remember to configure an interface as 'Internal' for the DHCP Relay Agent at the RAS........
0
 

Author Comment

by:shildrew
ID: 9748686
Right, it seems to be working now - I made a further modification today which makes a lot of sense in retrospect.  It turns out that the DHCP Relay agent wasn't working properly.  Although it appeared to be configured correctly there were two interfaces called 'Internal' and the wrong one was added to the agent.  I added the other one instead and it is now happily relaying packets to my vpn clients.

Thanks for all your help guys, especially svenkarlsen who put me onto the right traacks in solving this and who has to get the points.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Remote Desktop Software 6 463
Question about teaming two NIC's on Server 2012 2 597
Windows 7 7 273
Windows 7 / Windows 8 casual users can't connect to Win 2000 SBS shares 6 326
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article was initially published on Monitis Blog, you can read it here . When it comes to deciding which approach to website performance monitoring is best for your business, unfortunately, like so many options in life . . . it depends. In t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question