Solved

VPN clients connect, but can't access network

Posted on 2010-11-24
14
1,105 Views
Last Modified: 2012-06-27
I am configuring a new PPTP VPN on Server 2008 R2. Remote VPN Users can connect to the new VPN and ping the VPN server, but cannot access the network beyond it: ping requests to any other devices on the network just die.

I'm obviously missing a crucial step. Any ideas?

Thanks!
0
Comment
Question by:Stuart_Page
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 7
14 Comments
 
LVL 70

Expert Comment

by:Qlemo
ID: 34209901
When you set up the RRAS server, did you tick the "Allow local network access" (or similar) option?
0
 

Author Comment

by:Stuart_Page
ID: 34232683
I don't recall such an option. Checking through all of the settings on my current VPN, I don't see anything like what you're describing.

Thanks.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 34233203
And you are right, that option does not exist.
Did you setup RRAS in Routing mode or only as RAS Server?
0
Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

 

Author Comment

by:Stuart_Page
ID: 34233547
I don't recall. Is there some way to verify this?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 34234576
You see that in the RRAS server properties (in RRAS admin MMC).
0
 

Author Comment

by:Stuart_Page
ID: 34234647
This is just an RRAS server.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 34234668
Try if switching Routing on helps (it should). I assume the RAS server uses an IP pool of the LAN, either statically assigned or obtained via DHCP? If the RAS IP pool provides addresses from a completely different range, it's getting more complicated.
0
 

Author Comment

by:Stuart_Page
ID: 34234707
I configured RRAS to use a IP range within one of the DHCP scopes on my DHCP server, so that VPN ip's would be obtained dynamically.

Where to turn on routing?
0
 

Author Comment

by:Stuart_Page
ID: 34234734
Routing was already checked here...
RRAS routing
0
 
LVL 70

Accepted Solution

by:
Qlemo earned 500 total points
ID: 34234801
It is checked (for IPv4), but you need to set it to "LAN and demand-dial routing".
0
 

Author Comment

by:Stuart_Page
ID: 34345775
Ok, so the problem was that the VPN was configured on an entirely different subnet from the rest of the network. Once I corrected that issue, traffic began to flow.

Thanks.
0
 

Author Closing Comment

by:Stuart_Page
ID: 34345781
I found the answer to my question on my own.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 34345952
Of course it was, hence I recommended to switch demand dial routing on.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 34345976
BTW, in such cases you usually do not accept any answer but your own, and not award with a grade of "C". That grade bluntly says "was of not much help providing some very general stuff".
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question