Solved

cant reach VPN client from server end using RRAS on Windows server 2003

Posted on 2007-03-21
6
198 Views
Last Modified: 2010-03-18
I have one server that is running RRAS I am using it as a VPN server. I have another server that is my dhcp server, dns server and domain controler. I have the vpn setup and when a VPN client is conected I can ping the client from the VPN server but i cannot ping the VPN client from the other servers or pc's on the network. I need to be able to do this. I no that on the dial up tab of the user there is an option to specify static routes. There is also a place to specify static routes in RRAS. Im not even sure if this is what I need to do but if it is how do I go about it? if it is not, how can I get the other pc's on the lan to be able to comunicate with the VPN Client.
0
Comment
Question by:dustinwk
  • 4
  • 2
6 Comments
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
-First problem is; does the VPN client have a static address ? Though this is not necessary to ping, but in the long term if other machines/servers need to connect, they will need to do so.
If you want to assign a VPN client a static IP you can do so under the dial-in tab of the user's profile in Active Directory.
-Are your VPN clients assigned an IP in a different subnet than the local network for the servers? if so you ether need to change the Static address pool in RRAS to be the same subnet, or add a route to the servers, to locate the VPN client, which is why you need the static address above. As an example, assume the server network uses 192.168.100.x, the RRAS server's IP is 192.168.100.254, and the VPN clients use 192.168.200.x then add to the other servers:
route  -p  add 192.168.200.0  mask  255.255.255.0  192.168.100.254
to remove the route
route delete 192.168.200.0
0
 

Author Comment

by:dustinwk
Comment Utility
hey rob, this is somewhat the same issue ive been having I have not been able to get an answer but I have gone through several things and thus the new post.

Yes I have set up the clients dial-up tab to include a stattic address and yes they are on the same subnet. again I have no problem comunicating with the client from the VPN server. I have all the ports open up on the clent side firewalls and such. But the other pc's on the network do not see the static address assigned by RRAS as valid is there away to make them see it or route it for such.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Hi dustinwk. Sorry I missed you reply here somehow. Also didn't notice earlier that we have been working on this same issue before. To bad there have been no other replies for additional input. Glad to stay on it though.

We have been through most of options I am familiar with, but I am very interested in some of the issues you are dealing with. Tonight or in the morning I will try to simulate this, and the DHCP relay configurations, on some virtual machines and get back to you. I was able to do something similar to what you are doing here by adding a route on the client and on the server, but it was not exactly the same situation, so I'll test further and report back.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
Comment Utility
dustinwk, played with this a bit and re-reading we need to add some routes but I need to confirm the configuration.
Do both the RRAS server and the other (DNS, DHCP etc) have a single network card, or do either have 2.
What are all the subnets for server's, client PC's and, VPN clients. If all the same still need a route, but let me know.
If they are all the same subnet, and a single network adapter, best to put the route on the router. What make and model is that (at the server site)
0
 

Author Comment

by:dustinwk
Comment Utility
thanks for the help rob but i gave up on this one
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
OK. Thanks dustinwk.
Cheers !
--Rob
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
This video discusses moving either the default database or any database to a new volume.
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now