Connect to Win 2003 server via VPN and see rest of network

Hi bhilgenkamp,

can you ping the other nodes as yet? via name and IP

No. I can ping the ip of the VPN server, as well as its FQDN. Trying to ping other nodes does not work, Pinging their FQDN resolves their ip but I do not get a reply. The VPN server is also the DNS server

Are there 1 or 2 network adapters on the server?
If 2 you will need to configure RRAS, probably "IP routing". RRAS management console | right click on server and choose properties | IP | enable IP routing
However if a single NIC, it should not be necessary. If it is a single NIC, and IP routing is enabled in RRAS you will likely need to turn it off.
The problem is more likely:
1) make sure any firewalls on the PC's, such as the Windows firewall, are configured to allow the remote connection. Better yet, switch them off completely for testing
2) on the VPN "virtual adapter" on the machine from which you are connecting, make sure "use default gateway on remote network" is enabled. This is located Control panel | network connections | right click on the VPN virtual adapter and choose properties | networking | TCP/IP properties | advanced | general |.........
3) the server's subnet should be different than the connecting client's subnet
4) if none of the above post the results from a command line of:
 route  print
here so we can see if there are any obvious problems.

1 NIC
No software firewall - only router
Use default gateway on remote net is selected
Subnets are different (local is 192.168.100.0 remote is 192.168.1.0)


Route table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 10 4b 2e c5 aa ...... 3Com EtherLink 10/100 PCI NIC (3C905-TX) - Packet Scheduler Miniport
0x3 ...00 08 02 3b 79 be ...... 82557-based Integrated Ethernet with Wake on LAN - Packet Scheduler Miniport
0x10004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x80005 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     70.171.188.1  70.171.189.199        21
          0.0.0.0          0.0.0.0     192.168.1.54    192.168.1.54        1
    68.15.230.226  255.255.255.255     70.171.188.1  70.171.189.199        20
     70.171.188.0    255.255.254.0   70.171.189.199  70.171.189.199        20
   70.171.189.199  255.255.255.255        127.0.0.1       127.0.0.1        20
   70.255.255.255  255.255.255.255   70.171.189.199  70.171.189.199        20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1        1
     192.168.1.54  255.255.255.255        127.0.0.1       127.0.0.1        50
    192.168.1.255  255.255.255.255     192.168.1.54    192.168.1.54        50
    192.168.100.0    255.255.255.0    192.168.100.1   192.168.100.1        20
    192.168.100.1  255.255.255.255        127.0.0.1       127.0.0.1        20
   192.168.100.50  255.255.255.255        127.0.0.1       127.0.0.1        50
  192.168.100.255  255.255.255.255    192.168.100.1   192.168.100.1        20
        224.0.0.0        240.0.0.0   70.171.189.199  70.171.189.199        20
        224.0.0.0        240.0.0.0    192.168.100.1   192.168.100.1        20
        224.0.0.0        240.0.0.0     192.168.1.54    192.168.1.54        1
  255.255.255.255  255.255.255.255   70.171.189.199  70.171.189.199        1
  255.255.255.255  255.255.255.255     192.168.1.54    192.168.1.54        1
  255.255.255.255  255.255.255.255    192.168.100.1   192.168.100.1        1
Default Gateway:      192.168.1.54
===========================================================================
Persistent Routes:
  None

therefore ???:
Server site public IP = 68.15.230.x
Server site LAN = 192.168.1.0
Local LAN =192.168.100.0
Local VPN virtual adapter = 192.168.1.54
However what is  70.171.189.x ?  I assume this computer has dual NIC's or a PPPoE network connection ?
Regardless, the following statements indicate the routing is correct for your VPN, at least at the client end:
68.15.230.226  255.255.255.255     70.171.188.1  70.171.189.199       20
192.168.1.54  255.255.255.255        127.0.0.1       127.0.0.1       50
192.168.1.255  255.255.255.255     192.168.1.54    192.168.1.54       50

I was thinking on this. You shouldn't have to, but you could try adding a route statement on the client computer. At a command line enter:

ROUTE ADD  192.168.1.0  MASK  255.255.255.0  192.168.1.54

if 2 NIC's you will need to add the interface # and if not WINXP you will need to add metric such as
ROUTE ADD  192.168.1.0  MASK  255.255.255.0  192.168.1.54  METRIC 50  IF  2

If you wish to delete enter:
ROUTE  DELETE  192.168.1.0

This should force all pings/traffic for the remote network ,through the virtual adapter. Might be worth a shot.

Correct Rob on the IP's. Sorry I didn't explain. I have two NICs in the client - one for WAN and one for LAN. The 70.171.189.199 is my public IP. I'll try adding a route when I get home from work today. The main reason I don't really wanna go that route is that right now my IP for the VPN is dynamically given to me from the VPN server. Guess I could use a static though. Anyway, I'l try this later.

The route add shouldn't be necessary, but you may want to try for troubleshooting purposes. If it works it may help to isolate the problem. When I get to a RRAS server I'll do a little tinkering as well. I don't have that option today.

Tried your suggestion, still can't ping the other computers on the remote network

Well it was worth a try. <G>
I am loading a test 2003 server as we speak. If you still haven't found a solution, tomorrow I'll try and break it and see if I can duplicate your problem. It likely has to routing being configured in RRAS where it shouldn't be.

Sorry, I forgot to put this in my previous post. When I go to look at RRAS it has not been configured yet. Would this do it?

RRAS must have been configured if you are able to connect. However, there are different parts to RRAS, you may have just done the VPN part, which is good. I assume you can open the RRAS console in administrative tools , click on the server name and open a list of features as oppose to getting " do you want to configure and enable RRAS now". If not, or you want to review the steps have a look at:
http://www.onecomputerguy.com/networking/w3k_vpn_server.htm
Should you want to start fresh (if you are not using other RRAS features) you can right click on the server name in the RRAS console and choose disable. Once complete, about 2 minutes, you can right click again and choose enable/configure and follow the wizard steps as outlined in the link.

Ok... For my VPN I created an incoming connection in network connections rather than using RRAS. I removed the incoming connection and set up the VPN using RRAS this time. I can connect to the VPN using the new setup, but I still cannot ping the other machines

Learn something everyday. I didn't know that was an option with 2003, thought only XP, then again, I guess no reason why not. It would have more limited capabilities though, than the RRAS configuration.

Yeah, I never even knew about VPN through RRAS. You do learn something everyday I guess...

Does this make sense? A route to the remote lan with a subnet mask of 255.255.255.0 and a gateway of the vpn server is created when I am connected when I de-select Use default gateway on remote network on my virtual adapter settings in Networking > TCP/IP > Properties > Advanced. If I select this box and connect, this route uses a mask of 255.255.255.0. Is that correct?

Should I repost this or would it be better if you kept it up?

Have you made any progress bhilgenkamp ? I did check and regardless of whether the "use default gateway" option is selected or not, the subnet mask is usually 255.255.255.255. However, you say when enabled you have a subnet mask of 255.255.255.0  Have you configured the mask manually, or is it assigned by the VPN server. It should be 255.255.255.255 for the routing to work properly.
Also on your RRAS console under the VPN server name is there a NAT option/menu? If so it should probably be disabled as you are not performing NAT. Then under IP routing, click on Static Routes. Are there any routes listed in the right hand window ?there shouldn't be.

Thanks for the follow up. I'll have to play with this again when I get home.

Let us know how it goes.