NAPSR
asked on
VPN SETUP QUESTION! 500 points!
Hello,
I am trying to setup a VPN and need some help with the IP subnet configuration. Under the IP tab in the Routing and Remote Access area, I assigned some static IP's for the VPN clients to use. The range is 192.168.2.10 to 192.168.2.20. Now the IP address of the server is 192.168.1.21. Now when I connect to the VPN from a different client computer, I try to ping the server IP 192.168.1.21 but it times out probably since its on a different subnet.
Can someone please help me figure this out?
The reason I am doing all this is because many clients on the LAN could not access their pop and smtp emails after someone logged onto the VPN. Many people said that I had to assign IP addresses on different subnets to solve the problem.
Thanks
I am trying to setup a VPN and need some help with the IP subnet configuration. Under the IP tab in the Routing and Remote Access area, I assigned some static IP's for the VPN clients to use. The range is 192.168.2.10 to 192.168.2.20. Now the IP address of the server is 192.168.1.21. Now when I connect to the VPN from a different client computer, I try to ping the server IP 192.168.1.21 but it times out probably since its on a different subnet.
Can someone please help me figure this out?
The reason I am doing all this is because many clients on the LAN could not access their pop and smtp emails after someone logged onto the VPN. Many people said that I had to assign IP addresses on different subnets to solve the problem.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
so basically this is a duplicate question? which is against the member agreement b/c it causes confusion for everyone?
ASKER
If no one answers my original question, what am I supposed to do but post another one?
have you ever heard of reinventing the wheel??? if you have the same situation and have the same people look at it, you will get the same results here as you did in the first forum. that is why you aren't supposed to post duplicate questions!!!!
what is the point of posting another question (in the same TA i might add) and then simply referring me right back to the original question??? which one am i supposed to post in??? again, that is why duplicate questions aren't allowed.
what is the point of posting another question (in the same TA i might add) and then simply referring me right back to the original question??? which one am i supposed to post in??? again, that is why duplicate questions aren't allowed.
ASKER
There is no need to be rude about it!!!!!!!!!!!!!!!!
I am a beginner at this so I am learning. In the future, don't bother answering any of my posts!!!!!
I will go ahead and give you the points for the first reply.
I am a beginner at this so I am learning. In the future, don't bother answering any of my posts!!!!!
I will go ahead and give you the points for the first reply.
man o man, mikey is really grumpy today.
If you are using RRAS on Windows 2003 (or 2000) to handle your VPN, it should be distributing an IP address using your LAN subnet, not another subnet. if it distributes an IP address for another subnet, all your VPN client will see is the server - and this is assuming that the server has been given an IP address on the VPN range, otherwise the client won't even see the server.
There is a fundamental difference between using RRAS to allow remote access and creating a VPN between two networks (which would require different subnets to allow the routing to work).
Your RRAS server should be obtaining addresses from your DHCP server for distribution to VPN clients. All your LAN clients should also be obtaining IP addresses from this server, so there is no chance that an IP address will be issued twice (unless you are not using Windows DHCP, or are using static IPs on some machines).
It is very strange that a client dialling into your network should affect users on your LAN. It would imply that RRAS is treating the connection as a demand-dial interface, not a VPN. Without more information, I am not sure what would be causing this.
The "Use default gateway on remote network" will only affect the VPN client, it will categorically not affect any LAN clients. The LAN clients will always use the default gateway given them by their DHCP server.
What I would suggest you do is disable routing and remote access and recreate it from scratch. Before recreating it, ensure your DHCP server is correctly configured on your LAN and that all clients are set to DHCP. Then when you reinstall RRAS, it will be automatically configured to obtain addresses from the DHCP server - you won't have to exclude ranges, or anything like that. Configure the DHCP server for a single range (e.g. 192.162.1.x) - DO NOT declare extra subnets.
If there is any information missing from your description (e.g. there is another DHCP server on the network), then please post it here.
There is a fundamental difference between using RRAS to allow remote access and creating a VPN between two networks (which would require different subnets to allow the routing to work).
Your RRAS server should be obtaining addresses from your DHCP server for distribution to VPN clients. All your LAN clients should also be obtaining IP addresses from this server, so there is no chance that an IP address will be issued twice (unless you are not using Windows DHCP, or are using static IPs on some machines).
It is very strange that a client dialling into your network should affect users on your LAN. It would imply that RRAS is treating the connection as a demand-dial interface, not a VPN. Without more information, I am not sure what would be causing this.
The "Use default gateway on remote network" will only affect the VPN client, it will categorically not affect any LAN clients. The LAN clients will always use the default gateway given them by their DHCP server.
What I would suggest you do is disable routing and remote access and recreate it from scratch. Before recreating it, ensure your DHCP server is correctly configured on your LAN and that all clients are set to DHCP. Then when you reinstall RRAS, it will be automatically configured to obtain addresses from the DHCP server - you won't have to exclude ranges, or anything like that. Configure the DHCP server for a single range (e.g. 192.162.1.x) - DO NOT declare extra subnets.
If there is any information missing from your description (e.g. there is another DHCP server on the network), then please post it here.
Sorry, am now watching the other question thread...
ASKER
https://www.experts-exchange.com/questions/21397979/VPN-causing-POP3-and-SMTP-to-not-work-500-POINTS.html
Thanks