?
Solved

VPN default gateway problem

Posted on 2009-04-20
11
Medium Priority
?
708 Views
Last Modified: 2012-06-21
Hi Guys,
i got a Windows 2003 VPN server behind cisco asa 5510 . windows clients can connect to the windows 2003 vpn server without any problem,also getting the ip address and dns server settings from the DHCP server, except the default gateway.
the default gateway is shown as 0.0.0.0 under ipconfig
when i 'route print' the results shows the default gateway is same as the ip address.
anu idea? please help me
we got VLAN's in the network
the DHCP server is on different VLAN to the windows RAS server. but i enabled the dhcp relay agent on the RAS, but still no luck.

I did issue a command on cisco 3560
Int vlan 6
ip helper-address <dhcp server ip>

please help me....


0
Comment
Question by:APPIREDDY
  • 6
  • 5
11 Comments
 
LVL 6

Expert Comment

by:Gunter17
ID: 24186346
If you have an ASA, why not just use it as your VPN server?

It supports Cisco VPN Clients, and Windows PPTP/L2TP clients.

Here's the output of my ipconfig /all when connected via Cisco VPN Client.
Ethernet adapter Local Area Connection 2:
 
        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Cisco Systems VPN Adapter
        Physical Address. . . . . . . . . : 00-05-9A-3C-78-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 10.0.250.4
        Subnet Mask . . . . . . . . . . . : 255.0.0.0
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . : 10.0.0.10

Open in new window

0
 

Author Comment

by:APPIREDDY
ID: 24186516
thanks for the reply. i know, but for the timebeing i will have to make this windows server2003 work.my ipconfig on the client showes as below
C:\Users\reddy>ipconfig

Windows IP Configuration


PPP adapter Tns VPN:

   Connection-specific DNS Suffix  . :
   IPv4 Address. . . . . . . . . . . : 192.168.3.57
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 0.0.0.0

also i got two nics on the RAS server as followes
VPN Network Adaptor
    Ip add:192.168.3.10
    sub mask:255.255.255.0
    DG:192.168.3.1
   DNS:192.168.0.6
LAN Adaptor
LAN Network Adaptor
    Ip add:192.168.3.9
    sub mask:255.255.255.0
    DG:
   DNS:

please advise if anything is wrong.

regards
0
 
LVL 6

Expert Comment

by:Gunter17
ID: 24186557
Just curious, why have two NICs on the server pointing to the same internal network?

Is RRAS binding to the correct NIC?
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 6

Expert Comment

by:Gunter17
ID: 24186563
Can I see a route print on the client as well.
0
 

Author Comment

by:APPIREDDY
ID: 24191808
C:\Documents and Settings\lap>IPCONFIG

Windows IP Configuration


Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 192.168.1.2
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.1

PPP adapter tns:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 192.168.3.52
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 192.168.3.52

C:\Documents and Settings\lap>ROUTE PRINT
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0b db 14 50 40 ...... 3Com 3C920 Integrated Fast Ethernet Controller
0x80004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.2       21
          0.0.0.0          0.0.0.0     192.168.3.52    192.168.3.52       1
    82.33.242.236  255.255.255.255      192.168.1.1     192.168.1.2       20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.1.0    255.255.255.0      192.168.1.2     192.168.1.2       20
      192.168.1.2  255.255.255.255        127.0.0.1       127.0.0.1       20
    192.168.1.255  255.255.255.255      192.168.1.2     192.168.1.2       20
      192.168.3.0    255.255.255.0     192.168.3.52    192.168.3.52       1
     192.168.3.52  255.255.255.255        127.0.0.1       127.0.0.1       50
    192.168.3.255  255.255.255.255     192.168.3.52    192.168.3.52       50
        224.0.0.0        240.0.0.0      192.168.1.2     192.168.1.2       20
        224.0.0.0        240.0.0.0     192.168.3.52    192.168.3.52       1
  255.255.255.255  255.255.255.255      192.168.1.2     192.168.1.2       1
  255.255.255.255  255.255.255.255     192.168.3.52    192.168.3.52       1
Default Gateway:      192.168.3.52
===========================================================================
Persistent Routes:
  None
0
 

Author Comment

by:APPIREDDY
ID: 24191817
ras IS BINDING TO THE CORRECT nic. ideally i want to separate VPN traffic from the Local network traffic.
0
 

Author Comment

by:APPIREDDY
ID: 24192650
Hi Guys
i configured another windows 2003 server as VPN server and this time only one NIC i used, but still no luck on the client PC i have the following route information
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.111.1   192.168.111.27   4250
          0.0.0.0          0.0.0.0         On-link      192.168.3.66     26
    82.33.242.251  255.255.255.255    192.168.111.1   192.168.111.27   4251
        127.0.0.0        255.0.0.0         On-link         127.0.0.1   4531
        127.0.0.1  255.255.255.255         On-link         127.0.0.1   4531
  127.255.255.255  255.255.255.255         On-link         127.0.0.1   4531
      169.254.0.0      255.255.0.0         On-link      192.168.30.1   4521
  169.254.255.255  255.255.255.255         On-link      192.168.30.1   4501
     192.168.3.66  255.255.255.255         On-link      192.168.3.66    281
     192.168.30.0    255.255.255.0         On-link      192.168.30.1   4501
     192.168.30.1  255.255.255.255         On-link      192.168.30.1   4501
   192.168.30.255  255.255.255.255         On-link      192.168.30.1   4501
    192.168.111.0    255.255.255.0         On-link    192.168.111.27   4506
   192.168.111.27  255.255.255.255         On-link    192.168.111.27   4506
  192.168.111.255  255.255.255.255         On-link    192.168.111.27   4506
    192.168.220.0    255.255.255.0         On-link     192.168.220.1   4501
    192.168.220.1  255.255.255.255         On-link     192.168.220.1   4501
  192.168.220.255  255.255.255.255         On-link     192.168.220.1   4501
        224.0.0.0        240.0.0.0         On-link         127.0.0.1   4531
        224.0.0.0        240.0.0.0         On-link      192.168.30.1   4506
        224.0.0.0        240.0.0.0         On-link     192.168.220.1   4506
        224.0.0.0        240.0.0.0         On-link    192.168.111.27   4511
        224.0.0.0        240.0.0.0         On-link      192.168.3.66     26
  255.255.255.255  255.255.255.255         On-link         127.0.0.1   4531
  255.255.255.255  255.255.255.255         On-link      192.168.30.1   4501
  255.255.255.255  255.255.255.255         On-link     192.168.220.1   4501
  255.255.255.255  255.255.255.255         On-link    192.168.111.27   4506
  255.255.255.255  255.255.255.255         On-link      192.168.3.66    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 14    276 fe80::/64                On-link
 16    276 fe80::/64                On-link
 14    276 fe80::30d2:12f6:7194:55e/128
                                    On-link
 16    276 fe80::f992:3c7c:21d6:8954/128
                                    On-link
  1    306 ff00::/8                 On-link
 14    276 ff00::/8                 On-link
 16    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

I don't know why the default gateway is not picking up.but it can pick up DNS server addresses issued by DHCP server.should i have to do any port forwarding on ASA-5510? I have already doing port forwarding for pptp, isakmp,gre.please advise.






0
 
LVL 6

Accepted Solution

by:
Gunter17 earned 2000 total points
ID: 24197231
If you werent forwarding the correct ports you wouldnt get this far.

The routes look good...
PPP adapter tns:
 
        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 192.168.3.52
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 192.168.3.52
 
You have a gateway now?

Open in new window

0
 

Author Comment

by:APPIREDDY
ID: 24223281
i got the gateway, but it is showing the same as ip address. does it make sense?
0
 
LVL 6

Expert Comment

by:Gunter17
ID: 24228648
My VPN connections show the gatway as the IP address as well.

Can you not get to any internal devices?
0
 

Author Closing Comment

by:APPIREDDY
ID: 31572319
thanks for the help. it's all working fine.thanks guys
0

Featured Post

The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question