?
Solved

Routing over a VPN to Internal network

Posted on 2011-10-15
11
Medium Priority
?
456 Views
Last Modified: 2012-08-13
I have asked this prior with no real answers except to ask Rackspace. I need to know what route to add on a windows Server 2008R2 box, I would like the syntax as well as the IP's. I am confused by this process.

I have a few servers on rackspace with IP's of the following on the internal NICs:
10.182.224.105
10.182.224.131
10.182.34.226
Etc...
All have SM of 255.255.224.0

I have VPN setup on a Windows Server 2008R2 with RRAS and a public adapter IP of 50.57.x.x
I would like the VPN Clients to connect via this 50.57 address and have an IP in the range of 192.168.10.x. I can sucessesfully configure this to occur, but can not ping the other servers in the environment. I can ping the internal NIC (10.182.224.105) of the VPN server I am connecting to.

What I need is how I route the 192.168.10.x VPN clients to all of the server on the internal IP's of the 10.X network

"Route add ????? SM????? localip???"

I believe this is the correct way to ask the question. Rackspace WILL NOT help with this since they say the server is working the way it should..and running. They do not offer config support. Also, I can not install a virtual NIC as far as I know, nor can I be given any other IP's on the 10 network for use. PLEASE HELP!!  Can I do this or am I missing something?
0
Comment
Question by:azthewolf
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 5

Expert Comment

by:hvillanu
ID: 36974408
Hi,
Can you clarify witch VPN Server/Concentrator are you using? (windows ppt / Linux openvpn / Cisco Pix or ...? )
-regards-
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 36974441
When dialing in with RAS/RRAS, the client gets an IP address of the RAS IP pool configured. So all VPN clients will appear with 192.168.10.x addresses - so far, so good.

I assume you did not set up all internal NICs to use the RRAS server as a default gateway. Most probably you have another router for Internet access. If I'm correct with that, VPN client packets will be forwarded correctly into the LAN - at least in regard of 10.182.224.x; 10.182.34.x isn't the same subnet, so the RRAS server will have to ask the default gateway to route traffic, which I assume it does know how to do. But in any event those 10.182.x.x networks do not know where to send 192.168.10.x packets to, and I suppose that is your real issue.

The default gateway should know to ask the RRAS server for routing 192.168.10.x packets; this is the most simple setup imaginable.
0
 

Author Comment

by:azthewolf
ID: 36974456
It is windows pptp that I am trying to use. The problem is no router is available since this is rackspace. How would I set rras for the correct default gateway?
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
LVL 71

Accepted Solution

by:
Qlemo earned 2000 total points
ID: 36974504
Sounds as if you cannot change the routing for Rackspace stuff - they just might not want to do that. In that case your best way is to use an IP pool in the local subnet, something in the range of 10.182.224-255.x. That way you need not to care about subnetting or routing.
0
 

Author Comment

by:azthewolf
ID: 36974508
They say I can not do that because that is the interal network. Is there a way to config the server as a router for this?
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 36974530
BS. Of course you can use any address of the LAN. The only reason for not being able to choose IP addresses yourself is because they need to know each and any "local" machine's IP address, because they implement routing/switching/VLAN on a virtual or physical layer between those machines. If that is true, you cannot use any "foreign" IP address, because it will just not pass the next switch or router.
That is the price you pay for a managed cloud-like machine farm.
In fact I know too less about Rackspace and Cloud Computing or virtual applicances to give sound advice. It all depends how "they" manage the "LAN" and the machines assigned to you.
0
 

Author Comment

by:azthewolf
ID: 36983114
After talking with Rackspace more, i have learned that they are blocking layer 2 traffic on the internal network. I then spun up a new server enables RRAS and NAT on the adapter, was able to ping all servers and do everything I wanted. THEN I joined the domain.. my NAT mappings went away and all I see is a - with no options of doing anything. Frustrated beyond at this point.. any ideas?

Thank you all so MUCH!!
0
 
LVL 29

Expert Comment

by:pwindell
ID: 36986548
I was the one who said "call Rackspace" that last time you asked.

I don't have much regard for these outsourcing companies, which is probably pretty clear.

Rackspace is the primary source of the problem and they are the only ones who can really deal with it properly by getting off their lazy boneheaded rearends and providing the proper service they are supposed to be providing to their customers.  That is their job.  As far as I am concerned this is typical of any of these outsourcing places.  All they care about is getting you to sign that contract, then they just give you the finger with their "screw you" attitudes and then make you be the one to jump through hoops to satisfy their silly boneheaded policies.

If they won't help you get a proper solution,..then drop them and go with someone else or get off the "cloud bandwagon" and supply your own services in-house.

There is no magic solution that you can just flip a switch somewhere and everything will just work.
0
 

Author Closing Comment

by:azthewolf
ID: 36986723
Thanks for the help! I was able to get some extra IPs from them, and combined with NAT. The solution is tested and working well!
0
 

Author Comment

by:azthewolf
ID: 36986740
Droping them is NOT and option. Seems you do not like them much, so far they have helped me out a lot and for this application there really was no other options.  I understand that you do not like rackspace, but I was able to get this working and it has tested OK now. Thanks for all the help.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 36987022
It isn't Rackspace personally.  It is the whole "cloud" outsourcing thing in general and the quality of service people often get from outsourcing.

I only said drop them if they wouldn't help,...sounds like they finally help and things are working,...so "mission accomplished" as far as I am concerned.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question