lbeg
asked on
Windows Server 2003 - RRAS VPN connections only work through Linksys brand home routers...
RRAS VPN connections only work through Linksys brand home routers and I can't figure out why. It could be in server rras properties or the network configuration; either way, why is this happening and is there a solution to this problem, so all home routers (dlink, belkin, etc.) can connect?
General Properties:
Windows Server 2003
Service - Routing and Remote Access using pptp protocol
Fortigate firewall
static t1
Properties for RRAS:
enabled as a router with LAN routing only
enabled as Remote Access Server
Uses Windows Authentication / Windows Accounting
IP routing enabled
Allows ip-based and demand-dial remote interface connections
Server assigns addresses using dhcp
Broadcast name resolution enabled
PPP: multilink connections enabled, dynamic bandwidth control using BAP or BACP enabled, LCP extensions enabled, software compression enabled
Properties for networking:
PPTP (1723) forwarded (ext --> int) to the rras ip address
ext. subnet: 255.255.255.252
int. subnet: 255.255.255.0
int. scope: 192.168.3.x
General Properties:
Windows Server 2003
Service - Routing and Remote Access using pptp protocol
Fortigate firewall
static t1
Properties for RRAS:
enabled as a router with LAN routing only
enabled as Remote Access Server
Uses Windows Authentication / Windows Accounting
IP routing enabled
Allows ip-based and demand-dial remote interface connections
Server assigns addresses using dhcp
Broadcast name resolution enabled
PPP: multilink connections enabled, dynamic bandwidth control using BAP or BACP enabled, LCP extensions enabled, software compression enabled
Properties for networking:
PPTP (1723) forwarded (ext --> int) to the rras ip address
ext. subnet: 255.255.255.252
int. subnet: 255.255.255.0
int. scope: 192.168.3.x
ASKER
Windows IP Configuration
Host Name . . . . . . . . . . . . : server
Primary Dns Suffix . . . . . . . : example.example.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : example.example.com
PPP adapter RAS Server (Dial In) Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.3.36
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : example.example.com
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-14-22-22-64-5E
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.3.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.3.1
DNS Servers . . . . . . . . . . . : 192.168.3.2
Host Name . . . . . . . . . . . . : server
Primary Dns Suffix . . . . . . . : example.example.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : example.example.com
PPP adapter RAS Server (Dial In) Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.3.36
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : example.example.com
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-14-22-22-64-5E
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.3.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.3.1
DNS Servers . . . . . . . . . . . : 192.168.3.2
ASKER
Also, when I say vpn connections only work with Linksys brand, I mean the vpn connection can only access ip addresses, not netbios or fqdn. The problem therein lies in that most people only know network addresses by their name, not ip address.
Are you using WINS on your network? If so, you should define that in the NIC's settings which will allow remote users to see network resources.
Jeff
TechSoEasy
Jeff
TechSoEasy
1- make sure RRAS is listed in the RAS and IAS servers security group
2- make sure your binding order is correct
3- and -4 (i am no expret and must be checked by TechSoEasy or firewall gurus)
3-clients making a connection through VPN must be on diffrent subnet than the one used by ur internal clients..
4-ur internal and external NIC cards should also be on diffrent subnets...
i am no expert in firewall\VPNs ....just making some general comments....
take care and good luck.
2- make sure your binding order is correct
3- and -4 (i am no expret and must be checked by TechSoEasy or firewall gurus)
3-clients making a connection through VPN must be on diffrent subnet than the one used by ur internal clients..
4-ur internal and external NIC cards should also be on diffrent subnets...
i am no expert in firewall\VPNs ....just making some general comments....
take care and good luck.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Therefore, if you feel that it's necessary, you can modify the domain name, but please only modify anything that is identifiable to something generic. Such as changing TechSoEasy.local to MyCompany.local. If you have any public IP addresses, please just replace the last two octets with ***.***, and some people do not like to have the MAC (Physical) address shown... if you like, just modify he last few sections of these to **-**-**.
Jeff
TechSoEasy