Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

VPN SETUP QUESTION!  500 points!

Posted on 2005-04-22
9
Medium Priority
?
369 Views
Last Modified: 2010-04-10
Hello,

I am trying to setup a VPN and need some help with the IP subnet configuration.  Under the IP tab in the Routing and Remote Access area, I assigned some static IP's for the VPN clients to use.  The range is 192.168.2.10 to 192.168.2.20.  Now the IP address of the server is 192.168.1.21.  Now when I connect to the VPN from a different client computer, I try to ping the server IP 192.168.1.21 but it times out probably since its on a different subnet.  

Can someone please help me figure this out?

The reason I am doing all this is because many clients on the LAN could not access their pop and smtp emails after someone logged onto the VPN.  Many people said that I had to assign IP addresses on different subnets to solve the problem.

Thanks
0
Comment
Question by:NAPSR
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 1500 total points
ID: 13846343
what are your subnet masks,, without knowing your subnet masks it is impossible to tell you if they are on the same subnet or not.

Also, don't listen to whoever told you about the reason the clients couldn't connect to their POP/SMTP server anymore after connecting to the VPN b/c they dont know what they are talking about.  

The root cause of your problem is that by default the windows VPN client has "use gateway of remote network" checked.  When this is checked remote clients aren't able to get out to the internet (since their gateway has been changed by the VPN connection).  To change this go to this link and check out step 9.  it will tell you how to disable "use gateway of remote network"

you never mentioned what VPN client you are using, so im assuming its windows
0
 

Author Comment

by:NAPSR
ID: 13846373
Can you please see the post below:

http://www.experts-exchange.com/Networking/Q_21397979.html


Thanks
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 13846422
so basically this is a duplicate question?  which is against the member agreement b/c it causes confusion for everyone?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:NAPSR
ID: 13846481
If no one answers my original question, what am I supposed to do but post another one?
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 13846550
have you ever heard of reinventing the wheel???  if you have the same situation and have the same people look at it, you will get the same results here as you did in the first forum.  that is why you aren't supposed to post duplicate questions!!!!

what is the point of posting another question (in the same TA i might add) and then simply referring me right back to the original question??? which one am i supposed to post in??? again, that is why duplicate questions aren't allowed.
0
 

Author Comment

by:NAPSR
ID: 13846583
There is no need to be rude about it!!!!!!!!!!!!!!!!

I am a beginner at this so I am learning.  In the future, don't bother answering any of my posts!!!!!

I will go ahead and give you the points for the first reply.
0
 
LVL 9

Expert Comment

by:MrAruba
ID: 13846612
man o man, mikey is really grumpy today.
0
 
LVL 24

Expert Comment

by:purplepomegranite
ID: 13846627
If you are using RRAS on Windows 2003 (or 2000) to handle your VPN, it should be distributing an IP address using your LAN subnet, not another subnet.  if it distributes an IP address for another subnet, all your VPN client will see is the server - and this is assuming that the server has been given an IP address on the VPN range, otherwise the client won't even see the server.

There is a fundamental difference between using RRAS to allow remote access and creating a VPN between two networks (which would require different subnets to allow the routing to work).

Your RRAS server should be obtaining addresses from your DHCP server for distribution to VPN clients.  All your LAN clients should also be obtaining IP addresses from this server, so there is no chance that an IP address will be issued twice (unless you are not using Windows DHCP, or are using static IPs on some machines).

It is very strange that a client dialling into your network should affect users on your LAN.  It would imply that RRAS is treating the connection as a demand-dial interface, not a VPN.  Without more information, I am not sure what would be causing this.

The "Use default gateway on remote network" will only affect the VPN client, it will categorically not affect any LAN clients.  The LAN clients will always use the default gateway given them by their DHCP server.

What I would suggest you do is disable routing and remote access and recreate it from scratch.  Before recreating it, ensure your DHCP server is correctly configured on your LAN and that all clients are set to DHCP.  Then when you reinstall RRAS, it will be automatically configured to obtain addresses from the DHCP server - you won't have to exclude ranges, or anything like that.  Configure the DHCP server for a single range (e.g. 192.162.1.x) - DO NOT declare extra subnets.

If there is any information missing from your description (e.g. there is another DHCP server on the network), then please post it here.
0
 
LVL 24

Expert Comment

by:purplepomegranite
ID: 13846651
Sorry, am now watching the other question thread...
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question