Solved

VPN clients connect, but can't access network

Posted on 2010-11-24
14
1,096 Views
Last Modified: 2012-06-27
I am configuring a new PPTP VPN on Server 2008 R2. Remote VPN Users can connect to the new VPN and ping the VPN server, but cannot access the network beyond it: ping requests to any other devices on the network just die.

I'm obviously missing a crucial step. Any ideas?

Thanks!
0
Comment
Question by:Stuart_Page
  • 7
  • 7
14 Comments
 
LVL 68

Expert Comment

by:Qlemo
ID: 34209901
When you set up the RRAS server, did you tick the "Allow local network access" (or similar) option?
0
 

Author Comment

by:Stuart_Page
ID: 34232683
I don't recall such an option. Checking through all of the settings on my current VPN, I don't see anything like what you're describing.

Thanks.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 34233203
And you are right, that option does not exist.
Did you setup RRAS in Routing mode or only as RAS Server?
0
 

Author Comment

by:Stuart_Page
ID: 34233547
I don't recall. Is there some way to verify this?
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 34234576
You see that in the RRAS server properties (in RRAS admin MMC).
0
 

Author Comment

by:Stuart_Page
ID: 34234647
This is just an RRAS server.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 34234668
Try if switching Routing on helps (it should). I assume the RAS server uses an IP pool of the LAN, either statically assigned or obtained via DHCP? If the RAS IP pool provides addresses from a completely different range, it's getting more complicated.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:Stuart_Page
ID: 34234707
I configured RRAS to use a IP range within one of the DHCP scopes on my DHCP server, so that VPN ip's would be obtained dynamically.

Where to turn on routing?
0
 

Author Comment

by:Stuart_Page
ID: 34234734
Routing was already checked here...
RRAS routing
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 500 total points
ID: 34234801
It is checked (for IPv4), but you need to set it to "LAN and demand-dial routing".
0
 

Author Comment

by:Stuart_Page
ID: 34345775
Ok, so the problem was that the VPN was configured on an entirely different subnet from the rest of the network. Once I corrected that issue, traffic began to flow.

Thanks.
0
 

Author Closing Comment

by:Stuart_Page
ID: 34345781
I found the answer to my question on my own.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 34345952
Of course it was, hence I recommended to switch demand dial routing on.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 34345976
BTW, in such cases you usually do not accept any answer but your own, and not award with a grade of "C". That grade bluntly says "was of not much help providing some very general stuff".
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now