Using RRAS Nat inside a VPN connection

Hi. I have a Windows 2008 machine configured with RRAS and am connecting through a SSTP VPN tunnel to it. While it was no small miracle to get SSTP working, I am facing another issue at this time.

I have configured RRAS to hand out IP addresses in the 192.168.254.x range (the server's NIC is and that subnet is full, so I have to use NAT for VPN clients) and when I connect to the server with VPN, I am getting an IP address from RRAS and successfully pinging the "Internal" interface ( as well as the NIC interface ( The problem I am having is with NAT.

I would like outgoing requests from the VPN clients to translate to the server's IP of so I can have VPN clients connect to other servers on the 192.168.2.x subnet. I don't care about getting port address translation working, as the 192.168.2.x subnet does not have to initiate connections to any VPN computers.

I have fiddled around with the NAT module configuring adapters and IP ranges and static routes and all the like, but just can not get this working. It seems the NAT module is not even doing anything, since "total mappings" and "inbound packets transmitted" are all 0.

The clients routing tables should be set up correctly, as I have statically routed the 192.168.2.x subnet to go through the gateway. Still no luck.

Could someone please advise as to the proper configuration to get a VPN client with a private IP translating packets to reach destinations outside the RRAS server?
Who is Participating?
Rob WilliamsConnect With a Mentor Commented:
You likely need to add routes to the VPN client computers and a return route to the servers to which you want to connect because they are more than a single hop away.
On the client:
route add  mask
on the other server's (assuming the VPN server's LAN IP is not their default gateway, if it is this route is not necessary):
route add
If this works you could add these routes to the local router rather than each client and server.
lbgausAuthor Commented:
Wow. That was incredibly simple, I almost feel stupid for missing it.

Thank you VERY much. You rock!
Rob WilliamsCommented:
Thanks lbgaus. Glad to hear it worked for you.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.