Subnet Mask issue in VPN
I'm trying to setup a PPTP VPN on my Windows 2000 server. When I connect to the VPN connection. I get an IP address 192.168.0.52 and Subnet mask of 255.255.255.255. The exchange server that I'm trying to connect to is 192.168.0.23 but subnet mask of 255.255.255.0. Is this why I can't ping the exchange server once I'm connected thru the VPN? If this is my issue, now can I change the subnet mask to match the existing server network's subnet mask.
Thanks in advance for any advice.
Thanks in advance for any advice.
That could be a VPN assigned host address on the remote network.
Do an ipconfig /all on the client PC and see what address is used for the tunnel.
Is the exchange server on the same physical server as the VPN termination point or a separate box?
Do an ipconfig /all on the client PC and see what address is used for the tunnel.
Is the exchange server on the same physical server as the VPN termination point or a separate box?
On the server is there an Allow callers to access my local area network checkbox like in Vista? You would need that to hit private LAN side resources.
Correct me if I'm wrong, but isn't a subnet mask of 255.255.255.255 going to prevent you from doing anything at all over any network? .. well, except maybe pinging yourself.
The subnet mask seperates the network and host portions of your IP address. A subnet mask of 255.0.0.0 makes the first octet the network and the last 3 the node/host/whatever. But one that's all 255's would mean you have a network with 0 possible hosts.
Whatever is assigning you the IP address seems to have some faulty info. Either that, or your computer has TCP/IP configured manually (always fun). I'm guessing it's supposed to be 255.255.255.0, since you're using a 192.168 address. If not, try 255.255.0.0.
The subnet mask seperates the network and host portions of your IP address. A subnet mask of 255.0.0.0 makes the first octet the network and the last 3 the node/host/whatever. But one that's all 255's would mean you have a network with 0 possible hosts.
Whatever is assigning you the IP address seems to have some faulty info. Either that, or your computer has TCP/IP configured manually (always fun). I'm guessing it's supposed to be 255.255.255.0, since you're using a 192.168 address. If not, try 255.255.0.0.
MS RAS will always create such a host route. There need to be additional routes to allow for network access, however.
ASKER
Ok, so I did a test just to make sure it wasn't Windows 7, I created my Windows XP Mode computer and configured the VPN. The VPN connects and gives me the following with "Use default gateway on remote network." checked.
I get the following assigned
The local area network
192.168.1.141
255.255.255.0
192.168.1.1
192.168.0.51
255.255.255.255
192.168.0.51
You would think that the server would issue 255.255.255.0 and 192.168.0.1 but it doesn't, and from what I've seen configuring the VPN connection on the server it doesn't show where to configure that info. This is basically the same thing that I was getting on the Windows 7 box. The exchange server's address on the inside network is 192.168.0.23
I get the following assigned
The local area network
192.168.1.141
255.255.255.0
192.168.1.1
192.168.0.51
255.255.255.255
192.168.0.51
You would think that the server would issue 255.255.255.0 and 192.168.0.1 but it doesn't, and from what I've seen configuring the VPN connection on the server it doesn't show where to configure that info. This is basically the same thing that I was getting on the Windows 7 box. The exchange server's address on the inside network is 192.168.0.23
ASKER
Ok unchecked the "Use default gateway on remote network" and go the following
Local Area Connection
192.168.1.141
255.255.255.0
192.168.1.1
PPP Adapter VPN Connection
192.168.0.51
255.255.255.255
Gateway Nothing
I also tried to ping the exchange server at 192.168.0.23 and got two responses then anytime I try to ping it responds with timeout
Local Area Connection
192.168.1.141
255.255.255.0
192.168.1.1
PPP Adapter VPN Connection
192.168.0.51
255.255.255.255
Gateway Nothing
I also tried to ping the exchange server at 192.168.0.23 and got two responses then anytime I try to ping it responds with timeout
ASKER
ok, I tried again on the Windows 7 system, at first I had the use remote network checked and the VPN connected. I tried pinging the exchange server and got about 20 responses back, then it started "Request timed out" then I unchecked use remote network and connected again and it pinged for about a minute or so and then started Request timed out. When it is able to ping the exchange server the Outlook client can show names of people on the server to add your account and of course when the request timed out starts happening then you can't.
I just tried stopping the VPN and immediately reconnecting to it, then trying the "Add New Email Account" in Outlook 2007 and it found my name and server. So far it is still pinging about a minute or two later, oop, soon as I wrote that, Request Timed Out."
It also seems that as soon as that hits it never finds it again until I disconnect from the VPN and reconnect
I just tried stopping the VPN and immediately reconnecting to it, then trying the "Add New Email Account" in Outlook 2007 and it found my name and server. So far it is still pinging about a minute or two later, oop, soon as I wrote that, Request Timed Out."
It also seems that as soon as that hits it never finds it again until I disconnect from the VPN and reconnect
ASKER
Connected again for a few minutes and pinged two different servers on the remote network, the exchange server and another server. Both were pinging back and then both Request times out at the same time. That would make me believe that it is router or the switch on the network. Maybe it is blocking it because of the 255.255.255.255? maybe? just scratching my head
ASKER
Is anyone else using the MS VPN PPTP on their server to connect to a remote network? Do this give you the 255.255.255.255 subnet mask also?
I just reconnected to the VPN and was on the 192.168.0.1 configuration page of the router and it seems to not like that "Request Timed Out" almost within a few seconds of accessing a page on the router.
I now connected the Windows 7 and the XP Mode computer and both are pinging at the same time. Both request timed out happened at the same time on both computer connected to the remote network.
I just reconnected to the VPN and was on the 192.168.0.1 configuration page of the router and it seems to not like that "Request Timed Out" almost within a few seconds of accessing a page on the router.
I now connected the Windows 7 and the XP Mode computer and both are pinging at the same time. Both request timed out happened at the same time on both computer connected to the remote network.
The "Request time out" is most probably an issue with duplicate IP addresses. It appears that either the RAS server or RAS client IP are used already on your network (as mentioned in http:#26163439.
The host route (single IP address, subnet mask 255.255.255.255) is correct, RAS client will always generate that subnet mask (as mentioned already in http:#26166295.
I assume that the duplicate IP is the only problem you have, which is causing all that trouble. No matter how you set the "Use remote gateway" option, you should always be able to reach the remote network (on the same subnet of your assigned RAS IP). Only difference is for addresses other than the RAS LAN, if they will be send via RAS in addition, or stay local.
The host route (single IP address, subnet mask 255.255.255.255) is correct, RAS client will always generate that subnet mask (as mentioned already in http:#26166295.
I assume that the duplicate IP is the only problem you have, which is causing all that trouble. No matter how you set the "Use remote gateway" option, you should always be able to reach the remote network (on the same subnet of your assigned RAS IP). Only difference is for addresses other than the RAS LAN, if they will be send via RAS in addition, or stay local.
ASKER
Definitely not a duplicate IP Address issue, I only have a few servers and the IP address range used in RAS is 192.168.0.50-59 and not used anywhere else and only this laptop has been trying to access it.
I enabled logging on the RAS server and one thing I got was
The user <>i has connected and has been successfully authenticated on port VPN4-127. Data sent and received over this link is strongly encrypted.
This connection was severed about 10 seconds later and no other logging was performed, the laptop still shows the VPN connection as still connected even though you can't ping any of the servers on the remote network anymore. My guess is the 2wire modem/router has something to do with this issue..
I guess I could create a RAS server for a test and have someone else try it that would like to configure it and test it themselves Anyone willing to do that for this test? maybe I'm missing something.
I enabled logging on the RAS server and one thing I got was
The user <>i has connected and has been successfully authenticated on port VPN4-127. Data sent and received over this link is strongly encrypted.
This connection was severed about 10 seconds later and no other logging was performed, the laptop still shows the VPN connection as still connected even though you can't ping any of the servers on the remote network anymore. My guess is the 2wire modem/router has something to do with this issue..
I guess I could create a RAS server for a test and have someone else try it that would like to configure it and test it themselves Anyone willing to do that for this test? maybe I'm missing something.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I forgot one option: Change the VPN type, e.g. to L2TP/IPsec with pre-shared secret. That is easy to set up, and sufficient for your case.
If you do not check that option, you should get that host route, plus a network route with 255.255.255.0 subnet mask for that network.