Solved

Static routes for RAS clients

Posted on 2003-11-04
9
1,302 Views
Last Modified: 2007-12-19
I admin a network set up in two segments:  192.168.5.x containing windows servers and clients and 192.168.6.x containing unix servers.  This works fine for everyone in the office since the default gateway is the main router.  However remote clients have the "Use default gateway on remote network" unchecked in the VPN TCP/IP properties to maintain internet access.  This means that whilst the RAS server gives out a route for the 192.168.5.x destination (router set as the ip of the client) there is no route to 192.168.6.x.

I've tried to fix this by adding a 033 static route option to the DHCP server providing the lease to the VPN client to map dest. 192.168.6.0 to router 192.168.5.1 which works when added to a client manually.  However the DHCP server doesn't seem to push this option out - or if it does the client won't pick it up (or the RAS server doesn't pass this option along).

If you know of a way to solve this by whatever means, that would be great.
0
Comment
Question by:shildrew
  • 4
  • 3
  • 2
9 Comments
 
LVL 4

Expert Comment

by:victorbx
ID: 9679418

both networks connected directly to the router ?

where the ras is sitting ?

what kind of vpn/dhcp  ?


victor
0
 
LVL 4

Expert Comment

by:victorbx
ID: 9679420

both networks connected directly to the router ?

where the ras is sitting ?

what kind of vpn/dhcp  ?


victor
0
 
LVL 9

Expert Comment

by:svenkarlsen
ID: 9683768
Have you tried adding the static route for 192.168.6.x. to the RAS Server ?
0
 

Author Comment

by:shildrew
ID: 9685267
victorbx -
both network segments are connected directly to a cisco router.  the ras is sitting on the windows (5.x) network (& is not the router).  
The VPN is a Win2000 Routing and Remote access PPTP connection which happens to use EAP authentication (which I doubt is relevant).  
The DHCP is a standard win2000 DHCP server located on a different windows server than the RAS software.

svenkarlsen -
haven't tried that yet, i'll give that a shot it seems somewhat easier than messing around with DHCP options.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 9

Expert Comment

by:svenkarlsen
ID: 9685848
Have you tried adding the static route for 192.168.6.x. to the RAS Server ?

No need to try it (-----^------), - it would be illogical if it worked ;-)

The route must be added at the client, as the client use the global route 0.0.0.0, so it's probably better to focus on your DHCP server again.

0
 
LVL 9

Expert Comment

by:svenkarlsen
ID: 9686443
Sorry for my slow thinking, - here's the solution/explanation:

Remember that using DHCP in connection with RAS means that RAS will optain and administer the DHCP leases, but no info is actually send to the RAS clients.

In order for DHCP info to be made available to RAS clients (DOmain name, etc.), you will need to enable the DHCP Relay Agent in RAS.  - please see:

http://support.microsoft.com/default.aspx?scid=kb;en-us;232703
0
 

Author Comment

by:shildrew
ID: 9686987
Thanks for yoru suggestion svenkarlsen.

I've made a minor modification but I'm not sure it will help.  The DHCP relay was already enabled but didn't have any IP addresses explicitly specified.  I would assume this meant it would broadcast the request but I'll check and find out.  

The ras clients however have always shown up in the dhcp servers lease list - is this trickery on the part of the ras?  I have now established that my local clients pick up the 033 static route option and add it appropriately which means that it is something to do with the remote access clients/server rather than my dhcp server configuration.

I'll check out this explicit server ip configuration in the hope that it works.

Thanks for your help so far!

Simon
0
 
LVL 9

Accepted Solution

by:
svenkarlsen earned 125 total points
ID: 9687862
Re: DHCP & RAS.

Yes, - RAS does 'cheat' - it takes out a lease of 10 addresses from the DHCP, but it administers them and they are not actually acquired by the RAS clients. Or you could say: it simply asks the DHCP for 10 addresses to populate it's address pool, but it is still the principles of 'RAS address pool' that is used.

When you use the DHCP Relay Agent, the RAS will still perform this process, but clients may receive info from the DHCP server by DHCPINFORM packets. DNS and WINS info received this way will override anything  obtained from the RAS.


P.S. Remember to configure an interface as 'Internal' for the DHCP Relay Agent at the RAS........
0
 

Author Comment

by:shildrew
ID: 9748686
Right, it seems to be working now - I made a further modification today which makes a lot of sense in retrospect.  It turns out that the DHCP Relay agent wasn't working properly.  Although it appeared to be configured correctly there were two interfaces called 'Internal' and the wrong one was added to the agent.  I added the other one instead and it is now happily relaying packets to my vpn clients.

Thanks for all your help guys, especially svenkarlsen who put me onto the right traacks in solving this and who has to get the points.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Owning a franchise can be the dream of a lifetime. It provides a chance for economic growth. You can be as successful as you want.  To make your franchise successful, you need to market it successfully. Here are six of the best marketing strategies …
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now