Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Connect to Win 2003 server via VPN and see rest of network

Posted on 2006-05-08
23
Medium Priority
?
241 Views
Last Modified: 2010-03-18
I am connecting to work to our Win 2003 server using the built in VPN feature in the server. I can ping the server and access its resources, but I also want to be able to access other nodes on the network there. How can I go about doing this?
0
Comment
Question by:bhilgenkamp
  • 10
  • 10
21 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16636203
Hi bhilgenkamp,

can you ping the other nodes as yet? via name and IP
0
 

Author Comment

by:bhilgenkamp
ID: 16636296
No. I can ping the ip of the VPN server, as well as its FQDN. Trying to ping other nodes does not work, Pinging their FQDN resolves their ip but I do not get a reply. The VPN server is also the DNS server
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16636427
Are there 1 or 2 network adapters on the server?
If 2 you will need to configure RRAS, probably "IP routing". RRAS management console | right click on server and choose properties | IP | enable IP routing
However if a single NIC, it should not be necessary. If it is a single NIC, and IP routing is enabled in RRAS you will likely need to turn it off.
The problem is more likely:
1) make sure any firewalls on the PC's, such as the Windows firewall, are configured to allow the remote connection. Better yet, switch them off completely for testing
2) on the VPN "virtual adapter" on the machine from which you are connecting, make sure "use default gateway on remote network" is enabled. This is located Control panel | network connections | right click on the VPN virtual adapter and choose properties | networking | TCP/IP properties | advanced | general |.........
3) the server's subnet should be different than the connecting client's subnet
4) if none of the above post the results from a command line of:
 route  print
here so we can see if there are any obvious problems.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:bhilgenkamp
ID: 16636521
1 NIC
No software firewall - only router
Use default gateway on remote net is selected
Subnets are different (local is 192.168.100.0 remote is 192.168.1.0)


Route table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 10 4b 2e c5 aa ...... 3Com EtherLink 10/100 PCI NIC (3C905-TX) - Packet Scheduler Miniport
0x3 ...00 08 02 3b 79 be ...... 82557-based Integrated Ethernet with Wake on LAN - Packet Scheduler Miniport
0x10004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x80005 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     70.171.188.1  70.171.189.199        21
          0.0.0.0          0.0.0.0     192.168.1.54    192.168.1.54        1
    68.15.230.226  255.255.255.255     70.171.188.1  70.171.189.199        20
     70.171.188.0    255.255.254.0   70.171.189.199  70.171.189.199        20
   70.171.189.199  255.255.255.255        127.0.0.1       127.0.0.1        20
   70.255.255.255  255.255.255.255   70.171.189.199  70.171.189.199        20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1        1
     192.168.1.54  255.255.255.255        127.0.0.1       127.0.0.1        50
    192.168.1.255  255.255.255.255     192.168.1.54    192.168.1.54        50
    192.168.100.0    255.255.255.0    192.168.100.1   192.168.100.1        20
    192.168.100.1  255.255.255.255        127.0.0.1       127.0.0.1        20
   192.168.100.50  255.255.255.255        127.0.0.1       127.0.0.1        50
  192.168.100.255  255.255.255.255    192.168.100.1   192.168.100.1        20
        224.0.0.0        240.0.0.0   70.171.189.199  70.171.189.199        20
        224.0.0.0        240.0.0.0    192.168.100.1   192.168.100.1        20
        224.0.0.0        240.0.0.0     192.168.1.54    192.168.1.54        1
  255.255.255.255  255.255.255.255   70.171.189.199  70.171.189.199        1
  255.255.255.255  255.255.255.255     192.168.1.54    192.168.1.54        1
  255.255.255.255  255.255.255.255    192.168.100.1   192.168.100.1        1
Default Gateway:      192.168.1.54
===========================================================================
Persistent Routes:
  None
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16636604
therefore ???:
Server site public IP = 68.15.230.x
Server site LAN = 192.168.1.0
Local LAN =192.168.100.0
Local VPN virtual adapter = 192.168.1.54
However what is  70.171.189.x ?  I assume this computer has dual NIC's or a PPPoE network connection ?
Regardless, the following statements indicate the routing is correct for your VPN, at least at the client end:
68.15.230.226  255.255.255.255     70.171.188.1  70.171.189.199       20
192.168.1.54  255.255.255.255        127.0.0.1       127.0.0.1       50
192.168.1.255  255.255.255.255     192.168.1.54    192.168.1.54       50
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16638156
I was thinking on this. You shouldn't have to, but you could try adding a route statement on the client computer. At a command line enter:

ROUTE ADD  192.168.1.0  MASK  255.255.255.0  192.168.1.54

if 2 NIC's you will need to add the interface # and if not WINXP you will need to add metric such as
ROUTE ADD  192.168.1.0  MASK  255.255.255.0  192.168.1.54  METRIC 50  IF  2

If you wish to delete enter:
ROUTE  DELETE  192.168.1.0

This should force all pings/traffic for the remote network ,through the virtual adapter. Might be worth a shot.
0
 

Author Comment

by:bhilgenkamp
ID: 16639093
Correct Rob on the IP's. Sorry I didn't explain. I have two NICs in the client - one for WAN and one for LAN. The 70.171.189.199 is my public IP. I'll try adding a route when I get home from work today. The main reason I don't really wanna go that route is that right now my IP for the VPN is dynamically given to me from the VPN server. Guess I could use a static though. Anyway, I'l try this later.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16641283
The route add shouldn't be necessary, but you may want to try for troubleshooting purposes. If it works it may help to isolate the problem. When I get to a RRAS server I'll do a little tinkering as well. I don't have that option today.
0
 

Author Comment

by:bhilgenkamp
ID: 16644551
Tried your suggestion, still can't ping the other computers on the remote network
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16644582
Well it was worth a try. <G>
I am loading a test 2003 server as we speak. If you still haven't found a solution, tomorrow I'll try and break it and see if I can duplicate your problem. It likely has to routing being configured in RRAS where it shouldn't be.
0
 

Author Comment

by:bhilgenkamp
ID: 16644635
Sorry, I forgot to put this in my previous post. When I go to look at RRAS it has not been configured yet. Would this do it?
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16644683
RRAS must have been configured if you are able to connect. However, there are different parts to RRAS, you may have just done the VPN part, which is good. I assume you can open the RRAS console in administrative tools , click on the server name and open a list of features as oppose to getting " do you want to configure and enable RRAS now". If not, or you want to review the steps have a look at:
http://www.onecomputerguy.com/networking/w3k_vpn_server.htm
Should you want to start fresh (if you are not using other RRAS features) you can right click on the server name in the RRAS console and choose disable. Once complete, about 2 minutes, you can right click again and choose enable/configure and follow the wizard steps as outlined in the link.
0
 

Author Comment

by:bhilgenkamp
ID: 16644832
Ok... For my VPN I created an incoming connection in network connections rather than using RRAS. I removed the incoming connection and set up the VPN using RRAS this time. I can connect to the VPN using the new setup, but I still cannot ping the other machines
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16644840
Learn something everyday. I didn't know that was an option with 2003, thought only XP, then again, I guess no reason why not. It would have more limited capabilities though, than the RRAS configuration.
0
 

Author Comment

by:bhilgenkamp
ID: 16644863
Yeah, I never even knew about VPN through RRAS. You do learn something everyday I guess...
0
 

Author Comment

by:bhilgenkamp
ID: 16645000
Does this make sense? A route to the remote lan with a subnet mask of 255.255.255.0 and a gateway of the vpn server is created when I am connected when I de-select Use default gateway on remote network on my virtual adapter settings in Networking > TCP/IP > Properties > Advanced. If I select this box and connect, this route uses a mask of 255.255.255.0. Is that correct?
0
 
LVL 78

Accepted Solution

by:
Rob Williams earned 1200 total points
ID: 16645068
I can't compare right now, but sounds right. With the default configuration the default gateway is enabled and subnet mask is 255.255.255.255 and the gateway is the virtual adapter itself. I have never compared when that is switched off, but it sounds logical.
What that "switch" does is allow you to communicate with the local LAN. By default when that is enabled you can only communicate with the VPN LAN and not your local. This is a security feature that protects the remote VPN site from potentially dangerous local traffic.
0
 

Author Comment

by:bhilgenkamp
ID: 16833401
Should I repost this or would it be better if you kept it up?
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16834839
Have you made any progress bhilgenkamp ? I did check and regardless of whether the "use default gateway" option is selected or not, the subnet mask is usually 255.255.255.255. However, you say when enabled you have a subnet mask of 255.255.255.0  Have you configured the mask manually, or is it assigned by the VPN server. It should be 255.255.255.255 for the routing to work properly.
Also on your RRAS console under the VPN server name is there a NAT option/menu? If so it should probably be disabled as you are not performing NAT. Then under IP routing, click on Static Routes. Are there any routes listed in the right hand window ?there shouldn't be.
0
 

Author Comment

by:bhilgenkamp
ID: 16835308
Thanks for the follow up. I'll have to play with this again when I get home.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16835359
Let us know how it goes.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Integration Management Part 2
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question