Robin Hickmott
asked on
Windows Server 2003 - RRAS
Hi we have 3 Servers
Site 1 is based at the office and uses the address range 192.168.0.x
Site 2 is based at another location and uses the address range 192.168.2.x
Site 3 is based at another location and uses the address range 192.168.3.x
Site 1 has a router with static routes of 192.168.x.x pointed at a RAS server which until yseterday was running Server 2000. This Server runs on 192.168.0.10 and has a Internal loopback for the RAS which DHCPs an address from the router in the range of 192.168.200-255.
Site 2 has a Server 2003 box with an IP of 192.168.0.25 and 192.168.2.25
Site 3 has a Server 2003 box with an IP of 192.168.0.26 and 192.168.3.26
Both Sites 2 and 3 have Internal Loopback Adaptors ( One NIC )
This Server accepts connection from the two sites via a Persistant PPTP link and a unique user account on the server. Once logged in the system assigns the relevant static links to the tunnel and anything on either side of the tunnel can see and ping machines the other side. ( Static Routes are assigned on the user account )
This was working fine until yesterday when the server was replaced and upgraded to 2003. The config is the same however Site 1 cannot see anything on Site 2 or 3 ( pings just time out or bounce between the RAS server and the router )
The only difference I can see in the Setup was under Windows 2000 under IGMP we had LAN, INTERNAL and LOOPBACK where now we only have Internal and LAN. The config has not changed on the other two servers.
From Site 3 Server
ping 192.168.0.1
Pinging 192.168.0.1 with 32 bytes of data:
Reply from 192.168.0.1: bytes=32 time=41ms TTL=63
Reply from 192.168.0.1: bytes=32 time=44ms TTL=63
Reply from 192.168.0.1: bytes=32 time=40ms TTL=63
Reply from 192.168.0.1: bytes=32 time=40ms TTL=63
Ping statistics for 192.168.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 40ms, Maximum = 44ms, Average = 41ms
Tracing route to 192.168.0.1 over a maximum of 30 hops
1 45 ms 39 ms 55 ms PINGU [192.168.0.212]
2 42 ms 41 ms 43 ms 192.168.0.1
Trace complete.
FROM SITE 1 - SERVER
ping 192.168.2.1
Pinging 192.168.2.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.2.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\Documents and Settings\Administrator>tra cert 192.168.2.1
Tracing route to 192.168.2.1 over a maximum of 30 hops
1 37 ms 39 ms 40 ms OUTPOST [192.168.0.25]
2 * * * Request timed out.
3
FROM SITE 1 - MY WORKSTATION
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Robinnn>tracert 192.168.2.1
Tracing route to 192.168.2.1 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.0.1
2 <1 ms <1 ms <1 ms 192.168.0.10
3 48 ms 41 ms 40 ms 192.168.0.25
4 *
Any Ideas :)
Site 1 is based at the office and uses the address range 192.168.0.x
Site 2 is based at another location and uses the address range 192.168.2.x
Site 3 is based at another location and uses the address range 192.168.3.x
Site 1 has a router with static routes of 192.168.x.x pointed at a RAS server which until yseterday was running Server 2000. This Server runs on 192.168.0.10 and has a Internal loopback for the RAS which DHCPs an address from the router in the range of 192.168.200-255.
Site 2 has a Server 2003 box with an IP of 192.168.0.25 and 192.168.2.25
Site 3 has a Server 2003 box with an IP of 192.168.0.26 and 192.168.3.26
Both Sites 2 and 3 have Internal Loopback Adaptors ( One NIC )
This Server accepts connection from the two sites via a Persistant PPTP link and a unique user account on the server. Once logged in the system assigns the relevant static links to the tunnel and anything on either side of the tunnel can see and ping machines the other side. ( Static Routes are assigned on the user account )
This was working fine until yesterday when the server was replaced and upgraded to 2003. The config is the same however Site 1 cannot see anything on Site 2 or 3 ( pings just time out or bounce between the RAS server and the router )
The only difference I can see in the Setup was under Windows 2000 under IGMP we had LAN, INTERNAL and LOOPBACK where now we only have Internal and LAN. The config has not changed on the other two servers.
From Site 3 Server
ping 192.168.0.1
Pinging 192.168.0.1 with 32 bytes of data:
Reply from 192.168.0.1: bytes=32 time=41ms TTL=63
Reply from 192.168.0.1: bytes=32 time=44ms TTL=63
Reply from 192.168.0.1: bytes=32 time=40ms TTL=63
Reply from 192.168.0.1: bytes=32 time=40ms TTL=63
Ping statistics for 192.168.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 40ms, Maximum = 44ms, Average = 41ms
Tracing route to 192.168.0.1 over a maximum of 30 hops
1 45 ms 39 ms 55 ms PINGU [192.168.0.212]
2 42 ms 41 ms 43 ms 192.168.0.1
Trace complete.
FROM SITE 1 - SERVER
ping 192.168.2.1
Pinging 192.168.2.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.2.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\Documents and Settings\Administrator>tra
Tracing route to 192.168.2.1 over a maximum of 30 hops
1 37 ms 39 ms 40 ms OUTPOST [192.168.0.25]
2 * * * Request timed out.
3
FROM SITE 1 - MY WORKSTATION
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Robinnn>tracert 192.168.2.1
Tracing route to 192.168.2.1 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.0.1
2 <1 ms <1 ms <1 ms 192.168.0.10
3 48 ms 41 ms 40 ms 192.168.0.25
4 *
Any Ideas :)
Do you have any firewalls enabled under 03?
If not, then it could be that a port is blocked on the server from that site that was not before, allowing access to incoming requests.
If not, then it could be that a port is blocked on the server from that site that was not before, allowing access to incoming requests.
ASKER
No Firewalls on any of them there all firewalled at the routers and not across the tunnel.
It almost seems like there routing though the subnet I cant remeber the trace routes before hand but im sure it used to route from 0.10 to 2.25.
Its a similar thing from the other site it routes via 0.223 or whatever the loopback address.
It almost seems like there routing though the subnet I cant remeber the trace routes before hand but im sure it used to route from 0.10 to 2.25.
Its a similar thing from the other site it routes via 0.223 or whatever the loopback address.
Check windows inbuilt firewalls
controlpanel --firewalls
Allow ports which are necessary
Reps
controlpanel --firewalls
Allow ports which are necessary
Reps
ASKER
You cant use Windows Firewall when Routing and Remote Access is on.
Ports are forwarded in though the router and both tunnels connect ok connectivity shouldent be an issue.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Robinnn>tracert 192.168.2.1
Tracing route to 192.168.2.1 over a maximum of 30 hops
1 2 ms <1 ms <1 ms 192.168.0.1
2 <1 ms <1 ms <1 ms 192.168.0.10
3 41 ms 40 ms 39 ms 192.168.0.25
4 *
Im pretty sure that the last hop should be 192.168.2.25 as thats when the subnet routing occurs between those two subnets.
Intrestingly though the two remote servers seem to be able to see the workstations at the office I only have server access
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator>tra cert 192.168.0.1
Tracing route to 192.168.0.1 over a maximum of 30 hops
1 44 ms 59 ms 42 ms PINGU [192.168.0.212]
2 51 ms 43 ms 52 ms 192.168.0.1
Trace complete.
So both Servers can see the network this end but thats assumingly because they have IPs in both subnets. I will have to try from a workstation at the other site.
Ports are forwarded in though the router and both tunnels connect ok connectivity shouldent be an issue.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Robinnn>tracert 192.168.2.1
Tracing route to 192.168.2.1 over a maximum of 30 hops
1 2 ms <1 ms <1 ms 192.168.0.1
2 <1 ms <1 ms <1 ms 192.168.0.10
3 41 ms 40 ms 39 ms 192.168.0.25
4 *
Im pretty sure that the last hop should be 192.168.2.25 as thats when the subnet routing occurs between those two subnets.
Intrestingly though the two remote servers seem to be able to see the workstations at the office I only have server access
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator>tra
Tracing route to 192.168.0.1 over a maximum of 30 hops
1 44 ms 59 ms 42 ms PINGU [192.168.0.212]
2 51 ms 43 ms 52 ms 192.168.0.1
Trace complete.
So both Servers can see the network this end but thats assumingly because they have IPs in both subnets. I will have to try from a workstation at the other site.
Hi,
There are some difference in the Windows 2000 and 2003 RRAS.
Have you checked the Packet Filters on the Interfaces.
While configuring the Windows 2003 RRAS did you unchecked the Ststic Packet filter option.
Go to Server properties and check whether it is set for Lan Routing or Lan and Demand dial Routing?
Kumar
There are some difference in the Windows 2000 and 2003 RRAS.
Have you checked the Packet Filters on the Interfaces.
While configuring the Windows 2003 RRAS did you unchecked the Ststic Packet filter option.
Go to Server properties and check whether it is set for Lan Routing or Lan and Demand dial Routing?
Kumar
ASKER
I just removed RRAS and Run the Setup again.
Configuration is Set for
VPN Access
Demand-dial connections
LAN Routing
I couldent see No static Packet Box to untick during the setup
It sets up IGMP as a IP Routing protocol with the LAN as the Proxy and Internal as the Router. The only difference in this set up and the other servers I can see is that the static routes are applied to the user account that dials in rather then the Demand Dial Connection which is the case with the other servers.
Configuration is Set for
VPN Access
Demand-dial connections
LAN Routing
I couldent see No static Packet Box to untick during the setup
It sets up IGMP as a IP Routing protocol with the LAN as the Proxy and Internal as the Router. The only difference in this set up and the other servers I can see is that the static routes are applied to the user account that dials in rather then the Demand Dial Connection which is the case with the other servers.
Hi,
This option comes when you configure the RRAS very first time in the wizzard where you Select the Network.
If you have already configured the RRAS you can check the filters on this location:
In RRAS Expand IP Routing
Click the General
Inside it there would be Internal, Loopback, External and other Interfaces.
R-Click on the Interface and go to properties.
Now there should be Inbound and Outbound filters.
Delete the Filters if there is any.
Kumar
This option comes when you configure the RRAS very first time in the wizzard where you Select the Network.
If you have already configured the RRAS you can check the filters on this location:
In RRAS Expand IP Routing
Click the General
Inside it there would be Internal, Loopback, External and other Interfaces.
R-Click on the Interface and go to properties.
Now there should be Inbound and Outbound filters.
Delete the Filters if there is any.
Kumar
ASKER
Ah right yup I found that earlier but there are no filters defined on any of the servers there set to transmit everything.
ASKER
Just installed a Temporary Server 2000 VPN and its decided to work the settings are no different as I suspected this routes via the Servers IP address rather than the loopback address ill have to look at the settings to see if theres any change.
SITE 3 to 2 via 1
Tracing route to 192.168.3.1 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.2.1
2 1 ms <1 ms <1 ms 192.168.2.25
3 46 ms * 106 ms 192.168.0.26
4 96 ms 100 ms 106 ms 192.168.3.1
Trace complete.
SITE 3 to 2 via 1
Tracing route to 192.168.3.1 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.2.1
2 1 ms <1 ms <1 ms 192.168.2.25
3 46 ms * 106 ms 192.168.0.26
4 96 ms 100 ms 106 ms 192.168.3.1
Trace complete.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Reps