Solved

Windows 2003 Server DHCP Clients and Site to Site VPN

Posted on 2009-05-18
18
273 Views
Last Modified: 2012-05-07
Good Afternoon Everyone...

I currently have a Windows 2003 R2 Standard Server that I just setup with DHCP, DNS, AD, and RRAS.  This server is in our home office.  This server has 2 NIC's, private one is for all the clients with an IP address of 192.168.150.xx.  The public NIC is connected to a Linksys RV042 router that is configured with a gateway to gateway VPN.  Our remote office has a RV042 that is the other end of the gateway to gateway site to site VPN.  This router is the DHCP for the clients at that office.  

So here is the issue.  The remote computers can see the server by going to the address bar and typing in the computer name.  The server at the home office can do the same with the computers at the remote site.  The clients behind the server at the home office can't see the remote office computers.  I'm assuming that I'm missing a configuration on the server to allow the DHCP clients to see the site to site VPN clients.

I've searched and searched for answers and can't find one that fits this issue...

Thanks in advance!!!!
0
Comment
Question by:JTTechnologies
  • 10
  • 7
18 Comments
 
LVL 6

Expert Comment

by:akrdm
ID: 24415642
I would suggest checking what you are using for your DNS server and make sure there are entries in the server for the computesr at the remote site so that it knows how to route to those computers. You might also be able to set the Secondary DNS server as the routher's IP address on the other end of the gateway VPN and see if that allows the computers to see them or atleast get to them by name or IP address.
0
 

Author Comment

by:JTTechnologies
ID: 24415733
I checked the DNS on the 2003 server and there isn't an entry for the VPN computers.  Should they have a record even though they aren't using the server for DNS?  These computers at the remote site aren't connecting to RRAS for VPN....
0
 

Author Comment

by:JTTechnologies
ID: 24428121
Just checking in to see if anyone had any thoughts on this issue...

Thanks again...
0
 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 24429564
When  you say can't see, do you mean that they cannot browse to the computers / ping them by name / ip address?
Do you have a single default gateway on the Server (the public one is usually the default gateway but this would be dependent on your network, but there must only be one)
Can you tracert to the remote workstations (by name / ip address)
If there is no DNS entry for those remote workstations it is unlikely you will be able to ping / whatever by name, but I want to check your routing first and then go from there
0
 

Author Comment

by:JTTechnologies
ID: 24431059
Right, from the DHCP clients behind the server, I can't ping or browse the computers on the VPN end.  The DHCP clients use the servers private side IP as the their gateway.  The server's public IP is coming from the RV042.  From the server I can ping and browse the VPN clients.  I'm assuming this is possible because the VPN clients are connected to the RV042.  Also, the VPN clients are logging into their computer not the domain.

If I have the remote site clients connect to the server with RRAS, I can ping them fine from any computer on the network, the problem there is that I don't want to have to rely on the user starting the connection ever time they start up their computer.  

So in short, the server can see the VPN clients because they it is connected to the site to site router, but the DHCP clients behind the server can't see them....

Thanks for helping!!!
0
 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 24431277
Have you got a static route on the Server to the VPN network? When you tracert to the VPN from a DHCP client is the LAST working IP the Server?
0
 

Author Comment

by:JTTechnologies
ID: 24431456
I don't believe I do, if I look in RRAS there are no static routes.  If I tracert to a VPN client, they all timeout...
0
 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 24431491
Add the static route in to the VPN network and see what happens - what is the last successful hop when starting at a DHCP client?
0
 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 24431497
Oh, and you do only have one default gateway yes?
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:JTTechnologies
ID: 24431534
Yes, the server is the only gateway...

So you want to add a the in house LAN IP to the static routes portion of RRAS?
0
 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 24431578
1. The SERVER should only have the 1 default gateway - check that
2. You need a route to whichever does not hang off the default gateway. So if your inhouse LAN is on the same subnet as the default gateway you want to add a route to the VPN network and visa versa
0
 

Author Comment

by:JTTechnologies
ID: 24431629
Ok, did an ipconfig on the server and it shows the only gateway is 192.168.111.1 which is the RV042.

The server's private static ip is 192.168.150.254

The DHCP clients get 192.168.150.xxx

The remote site's RV042's private address is 192.168.1.1

The DHCP clients there get 192.168.1.xxx

In static routes there are two NIC's to choose from, Public (192.168.111.2) and Private (192.168.150.254).  Should I make a route that is tied to the private card and point that to 192.168.1.1 for the remote site router?

Sorry if I'm not catching on, I was forced into learning about servers due to ours at work crashing...

Thanks again for taking all this time to help me...
0
 
LVL 10

Accepted Solution

by:
Kieran_Burns earned 500 total points
ID: 24431762
You have something like:
remote (192.168.1.0/24)-----192.168.1.1 (rv042)----192.168.111.1 (rv042)----192.168.111.2 (server)---192.168.150.254 (server)---192.168.150.0/24 (local)
You need add routes to the 192.168.1.0/24 network on the Server. The RV042s will (should!) have this routing in place already
 
0
 

Author Comment

by:JTTechnologies
ID: 24432440
Very cool, I'll give that a try and let you know how it goes...
0
 

Author Comment

by:JTTechnologies
ID: 24432928
Alright, I added a static route for the Private adapter.

Destination:  192.168.1.0
Subnet:        255.255.255.0
Gateway:    192.168.1.1

I have 3 computers at the remote office.  From the server I can ping them all by Computer name and IP address.  From the DHCP clients behind the server, I can ping one of them by IP address and name, the other two when I try to ping them by name, it times out.  I did notice that when the name is resolved it is coming up with a 192.168.150.xxx  instead of a 192.168.1.xxx.  The two that do that had a one point connected with Windows XP VPN software.  

From the server I can type in the computer name or ip of the remote VPN computers and it connects.  From the DHCP clients, if I type in the computer name or ip or the remotes, it does not connect...

Fix one thing, and more stuff creeps up....lol

Thanks again...
0
 
LVL 10

Assisted Solution

by:Kieran_Burns
Kieran_Burns earned 500 total points
ID: 24432967
I thought the private adapter would have a gateway of 192.168.111.1 not 1.1....
The reason you're seeing 192.168.150.xxx is that there is a NAT relationship in there somewhere... you need to route and not NAT
0
 

Author Comment

by:JTTechnologies
ID: 24432986
Ahh ok, let me check it out...
0
 

Author Comment

by:JTTechnologies
ID: 24433742
You're right, the gateway is 192.168.111.1.  I checked the routing table and with it set at 192.168.1.1 it didn't not configure, with 192.168.111.1 it did.

So now I just need to mess with the couple of VPN clients that are pulling .150.xxx IP addresses, I can do that without bugging you....

I want to say thanks again for all the help, really appreciate it...
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now