Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Site-to-Site VPN and Routing

Posted on 2008-10-31
12
Medium Priority
?
2,236 Views
Last Modified: 2012-06-21
I have two offices, site A with SBS 2003, single nic, subnet 192.168.200.0, and B with Windows Server 2008, single nic, subnet 192.168.201.0. I have configured site B with RRAS to VPN to A. The server can ping site A just fine, but none of the clients on site B can ping through to A.
The gateway at site B is setup correctly to route traffic to that subnet through the server. When I created the demand dial interface on the server it asked for a static route, and I put in 192.168.200.0, mask 255.255.255.0, metric 1.
I've done this before at another time and place using Windows 2003, and I remember running into the same problem, but for the life of me I can't remember how I fixed it.

Thanks in adance,
Kevin
0
Comment
Question by:kevincurrey
  • 6
  • 4
12 Comments
 
LVL 7

Expert Comment

by:Dusan_Bajic
ID: 22856157
Can you run "route print" on both servers and paste here
0
 

Author Comment

by:kevincurrey
ID: 22859210
Interface List
 21 ........................... Remote Router
 10 ...00 15 f2 5a 11 0c ...... NVIDIA nForce 10/100/1000 Mbps Ethernet
 12 ........................... RAS (Dial In) Interface
  1 ........................... Software Loopback Interface 1
 11 ...00 00 00 00 00 00 00 e0  isatap.{E86C6192-CC73-48B9-81EA-8C41A0134039}
 20 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #2
 14 ...00 00 00 00 00 00 00 e0  isatap.{074876A9-C0F6-4412-B856-694E2247E4C7}
 22 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #4

Active Routes:
Network Dest.      Netmask                 Gateway             Interface                 Metric
0.0.0.0                    0.0.0.0                     192.168.201.1 192.168.201.60     276
127.0.0.0               255.0.0.0                  On-link              127.0.0.1               306
127.0.0.1               255.255.255.255    On-link              127.0.0.1               306
127.255.255.255 255.255.255.255    On-link              127.0.0.1                 306
(public ip A)          255.255.255.255    192.168.201.1   192.168.201.60     21
192.168.201.0     255.255.255.0          On-link                192.168.201.60   276
192.168.201.15   255.255.255.255     On-link                  192.168.201.15  306
192.168.201.60   255.255.255.255     On-link                  192.168.201.60  276
192.168.201.255 255.255.255.255     On-link                 192.168.201.60   276
192.168.200.0      255.255.255.0         192.168.200.26 192.168.200.24    21
192.168.200.24    255.255.255.255    On-link                 192.168.200.24    276
224.0.0.0                240.0.0.0                  On-link                 127.0.0.1               306
224.0.0.0                240.0.0.0                  On-link                 192.168.201.60   277
224.0.0.0                240.0.0.0                  On-link                 192.168.201.15   306
255.255.255.255 255.255.255.255     On-link                 127.0.0.1               306
255.255.255.255 255.255.255.255     On-link                 192.168.201.60   276
255.255.255.255 255.255.255.255     On-link                 192.168.201.15   306
255.255.255.255 255.255.255.255     On-link                 192.168.200.24   276

Persistent Routes:
Network Address     Netmask         Gateway Address       Metric
0.0.0.0                         0.0.0.0             192.168.201.1            Default
0
 

Author Comment

by:kevincurrey
ID: 22859242
I should have also posted results from tracert:
Tracert on server B:
 1    73 ms    73 ms    73 ms  serverA.domain.local [192.168.200.2]
Tracert on client:
  1    <1 ms    <1 ms    <1 ms  192.168.201.1  (router)
 2    <1 ms     *       <1 ms  192.168.201.60      (server B)
 3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 7

Expert Comment

by:Dusan_Bajic
ID: 22887781
can you run route print on server A also?
0
 

Author Comment

by:kevincurrey
ID: 22888149
There are not any routes from site A to site B, and this is intentional as I only need and want traffic to go one way.

Thanks,
Kevin

Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.200.1    192.168.200.2      1
   75.162.207.147  255.255.255.255     192.168.200.1    192.168.200.2      1
        127.0.0.0        255.0.0.0         127.0.0.1        127.0.0.1      1
  128.187.172.199  255.255.255.255     192.168.200.1    192.168.200.2      1
    192.168.200.0    255.255.255.0    1 92.168.200.2    192.168.200.2     10
    192.168.200.2  255.255.255.255         127.0.0.1        127.0.0.1     10
   192.168.200.21  255.255.255.255    192.168.200.2    192.168.200.26      1
   192.168.200.22  255.255.255.255    192.168.200.26   192.168.200.26      1
   192.168.200.24  255.255.255.255    192.168.200.26   192.168.200.26      1
   192.168.200.26  255.255.255.255         127.0.0.1        127.0.0.1     50
  192.168.200.255  255.255.255.255     192.168.200.2    192.168.200.2     10
        224.0.0.0        240.0.0.0     192.168.200.2    192.168.200.2     10
  255.255.255.255  255.255.255.255     192.168.200.2    192.168.200.2      1
Default Gateway:      192.168.200.1

Persistent Routes:
  None
0
 
LVL 7

Expert Comment

by:Dusan_Bajic
ID: 22888268
That is hardly possible. Take ping for example. You send packet, you need to receive reply or it doesn't make much sense. You need that route if you want reply. In fact, you need that route, period.
0
 

Author Comment

by:kevincurrey
ID: 22888810
So you don't think its a problem in the routing of server B? Because I've done it this way before with success. I'm just missing a step that I took before, and I can't fiure out what that is. I believe it had something to do with NAT on the remote interface for server B.
I do appreciate the input though and will try it.
0
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 22888847
The first route print shows some things I don't understand:

Network Dest.      Netmask                 Gateway             Interface                 Metric
0.0.0.0                    0.0.0.0                     192.168.201.1 192.168.201.60     276
...this tells me that this computer has .201.60 on a NIC.
192.168.201.15   255.255.255.255     On-link                  192.168.201.15  306
...this tells me that this computer has .201.15 on a NIC..??? you didn't mention it.
192.168.200.0      255.255.255.0         192.168.200.26 192.168.200.24    21
...this tells me that this computer has .200.24 on a NIC??? that doesn't make sense to me as the subnet is supposed to be on the other end of the VPN.  The VPN must have different subnets at each end.

I don't see any persistent routes.  Presumably 192.168.201.1 has the route to 192.168.200.0, right?  But, this is a problem because any packet going to 192.168.200.0 will go to 192.168.200.24    which appears to be a NIC on the first machine.

Now to the second route print:

Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.200.1    192.168.200.2      1
   75.162.207.147  255.255.255.255     192.168.200.1    192.168.200.2      1
        127.0.0.0        255.0.0.0         127.0.0.1        127.0.0.1      1
  128.187.172.199  255.255.255.255     192.168.200.1    192.168.200.2      1
    192.168.200.0    255.255.255.0    1 92.168.200.2    192.168.200.2     10
    192.168.200.2  255.255.255.255         127.0.0.1        127.0.0.1     10
   192.168.200.21  255.255.255.255    192.168.200.2    192.168.200.26      1
   192.168.200.22  255.255.255.255    192.168.200.26   192.168.200.26      1
   192.168.200.24  255.255.255.255    192.168.200.26   192.168.200.26      1
   192.168.200.26  255.255.255.255         127.0.0.1        127.0.0.1     50
  192.168.200.255  255.255.255.255     192.168.200.2    192.168.200.2     10
        224.0.0.0        240.0.0.0     192.168.200.2    192.168.200.2     10
  255.255.255.255  255.255.255.255     192.168.200.2    192.168.200.2      1
Default Gateway:      192.168.200.1

Persistent Routes:
  None
*******************
All this looks fine.  Presumably 192.168.200.1 knows how to route packets to 192.168.201.0, yes?
0
 
LVL 7

Accepted Solution

by:
Dusan_Bajic earned 2000 total points
ID: 22888878
Oh, I see what you mean. You have to enable NAT (if it is not already enabled) at RRAS on server B, and add VPN interface as public and LAN as private.
0
 

Author Comment

by:kevincurrey
ID: 22888964
Dusan -
I think that's it! I was putting NAT on the VPN interface as private and didn't put NAT on the LAN interface. I don't have a way of checking it now, but I think that should do it.

Thank you, I'll accept as solution as soon as I can confirm that it works.
0
 

Author Closing Comment

by:kevincurrey
ID: 31512272
Thanks again! That was all I needed to do.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question