Windows 2003 Server DHCP Clients and Site to Site VPN

Good Afternoon Everyone...

I currently have a Windows 2003 R2 Standard Server that I just setup with DHCP, DNS, AD, and RRAS.  This server is in our home office.  This server has 2 NIC's, private one is for all the clients with an IP address of 192.168.150.xx.  The public NIC is connected to a Linksys RV042 router that is configured with a gateway to gateway VPN.  Our remote office has a RV042 that is the other end of the gateway to gateway site to site VPN.  This router is the DHCP for the clients at that office.  

So here is the issue.  The remote computers can see the server by going to the address bar and typing in the computer name.  The server at the home office can do the same with the computers at the remote site.  The clients behind the server at the home office can't see the remote office computers.  I'm assuming that I'm missing a configuration on the server to allow the DHCP clients to see the site to site VPN clients.

I've searched and searched for answers and can't find one that fits this issue...

Thanks in advance!!!!
JTTechnologiesAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

akrdmCommented:
I would suggest checking what you are using for your DNS server and make sure there are entries in the server for the computesr at the remote site so that it knows how to route to those computers. You might also be able to set the Secondary DNS server as the routher's IP address on the other end of the gateway VPN and see if that allows the computers to see them or atleast get to them by name or IP address.
0
JTTechnologiesAuthor Commented:
I checked the DNS on the 2003 server and there isn't an entry for the VPN computers.  Should they have a record even though they aren't using the server for DNS?  These computers at the remote site aren't connecting to RRAS for VPN....
0
JTTechnologiesAuthor Commented:
Just checking in to see if anyone had any thoughts on this issue...

Thanks again...
0
Do You Have a Trusted Wireless Environment?

A Trusted Wireless Environment is a framework for building a complete Wi-Fi network that is fast, easy to manage, and secure.

Kieran_BurnsCommented:
When  you say can't see, do you mean that they cannot browse to the computers / ping them by name / ip address?
Do you have a single default gateway on the Server (the public one is usually the default gateway but this would be dependent on your network, but there must only be one)
Can you tracert to the remote workstations (by name / ip address)
If there is no DNS entry for those remote workstations it is unlikely you will be able to ping / whatever by name, but I want to check your routing first and then go from there
0
JTTechnologiesAuthor Commented:
Right, from the DHCP clients behind the server, I can't ping or browse the computers on the VPN end.  The DHCP clients use the servers private side IP as the their gateway.  The server's public IP is coming from the RV042.  From the server I can ping and browse the VPN clients.  I'm assuming this is possible because the VPN clients are connected to the RV042.  Also, the VPN clients are logging into their computer not the domain.

If I have the remote site clients connect to the server with RRAS, I can ping them fine from any computer on the network, the problem there is that I don't want to have to rely on the user starting the connection ever time they start up their computer.  

So in short, the server can see the VPN clients because they it is connected to the site to site router, but the DHCP clients behind the server can't see them....

Thanks for helping!!!
0
Kieran_BurnsCommented:
Have you got a static route on the Server to the VPN network? When you tracert to the VPN from a DHCP client is the LAST working IP the Server?
0
JTTechnologiesAuthor Commented:
I don't believe I do, if I look in RRAS there are no static routes.  If I tracert to a VPN client, they all timeout...
0
Kieran_BurnsCommented:
Add the static route in to the VPN network and see what happens - what is the last successful hop when starting at a DHCP client?
0
Kieran_BurnsCommented:
Oh, and you do only have one default gateway yes?
0
JTTechnologiesAuthor Commented:
Yes, the server is the only gateway...

So you want to add a the in house LAN IP to the static routes portion of RRAS?
0
Kieran_BurnsCommented:
1. The SERVER should only have the 1 default gateway - check that
2. You need a route to whichever does not hang off the default gateway. So if your inhouse LAN is on the same subnet as the default gateway you want to add a route to the VPN network and visa versa
0
JTTechnologiesAuthor Commented:
Ok, did an ipconfig on the server and it shows the only gateway is 192.168.111.1 which is the RV042.

The server's private static ip is 192.168.150.254

The DHCP clients get 192.168.150.xxx

The remote site's RV042's private address is 192.168.1.1

The DHCP clients there get 192.168.1.xxx

In static routes there are two NIC's to choose from, Public (192.168.111.2) and Private (192.168.150.254).  Should I make a route that is tied to the private card and point that to 192.168.1.1 for the remote site router?

Sorry if I'm not catching on, I was forced into learning about servers due to ours at work crashing...

Thanks again for taking all this time to help me...
0
Kieran_BurnsCommented:
You have something like:
remote (192.168.1.0/24)-----192.168.1.1 (rv042)----192.168.111.1 (rv042)----192.168.111.2 (server)---192.168.150.254 (server)---192.168.150.0/24 (local)
You need add routes to the 192.168.1.0/24 network on the Server. The RV042s will (should!) have this routing in place already
 
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JTTechnologiesAuthor Commented:
Very cool, I'll give that a try and let you know how it goes...
0
JTTechnologiesAuthor Commented:
Alright, I added a static route for the Private adapter.

Destination:  192.168.1.0
Subnet:        255.255.255.0
Gateway:    192.168.1.1

I have 3 computers at the remote office.  From the server I can ping them all by Computer name and IP address.  From the DHCP clients behind the server, I can ping one of them by IP address and name, the other two when I try to ping them by name, it times out.  I did notice that when the name is resolved it is coming up with a 192.168.150.xxx  instead of a 192.168.1.xxx.  The two that do that had a one point connected with Windows XP VPN software.  

From the server I can type in the computer name or ip of the remote VPN computers and it connects.  From the DHCP clients, if I type in the computer name or ip or the remotes, it does not connect...

Fix one thing, and more stuff creeps up....lol

Thanks again...
0
Kieran_BurnsCommented:
I thought the private adapter would have a gateway of 192.168.111.1 not 1.1....
The reason you're seeing 192.168.150.xxx is that there is a NAT relationship in there somewhere... you need to route and not NAT
0
JTTechnologiesAuthor Commented:
Ahh ok, let me check it out...
0
JTTechnologiesAuthor Commented:
You're right, the gateway is 192.168.111.1.  I checked the routing table and with it set at 192.168.1.1 it didn't not configure, with 192.168.111.1 it did.

So now I just need to mess with the couple of VPN clients that are pulling .150.xxx IP addresses, I can do that without bugging you....

I want to say thanks again for all the help, really appreciate it...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.