RAS problems in Window Server 2008 but fine in SBS 2008


I will try describe this problem as simply as I can.

On our network we have several hardware VPN tunnels to customers using both Netgear and Cisco routers.  These all work perfectly from our LAN.

We also have a SBS 2008 server that has routing and remote access enabled to enabled employees to access out network from home.  So this is the "noddy" VPN that Windows server allows without the complication of configuring hardware in the employees home. When connected, the employees have full access to our LAN, the internet and also the aforementioned hardware VPN tunnels. Perfect!

We also have a Windows Server 2008 machine (r2) running.  This also have routing and remote access enabled as a backup to the SBS 2008 RAS system. So this server uses a completely different gateway.  It is just supposed to be an alternative route in.  Remote clients (employees) can successfully connect to this server just as easily as they can connect to the SBS 2008 server - HOWEVER, once they are connected, they lose normal internet connectivity and they cannot access any of the hardware tunnels. They can, however, access the company LAN ok as far as I can see.  They can ping the machines at the end of the hardware tunnels so the static routes on the gateway are OK, but that is as far as it goes.  The lack of internet capability is equally baffling.

I cannot figure out what the differences are between the Windows 2008 RAS offering (that does not work as expected) and the SBS 2008 RAS offering (which does work as expected). It is as if there is something else I need to enable in Windows Server 2008 RAS but what?

Who is Participating?
kpturnerAuthor Commented:
I seem to have fixed it!

I re-enabled the firewall because that seemed to be a bad solution (and it didn't work anyway).

I then went to the RAS configuration and expanded IPv4 and found the NAT node. I then added a LAN interface to the NAT node and configured “Public interface connected to the internet” with NAT enabled.

Everything sprang into life!      I am not sure I know why though. This was pure trial and error - my network skills are not the best.
kpturnerAuthor Commented:
I may have lied a little.  When connected to the Windows Server 2008 RAS the remote clients do NOT have access to the LAN either. All addresses can be resolved using DNS (internet, LAN machines, hardware VPN tunnels etc) and it is also possible to TRACERT to everything. However, nothing else works. You cannot TELNET to any of the machines (and you should be able to) and you cannot connect to any normal internet site even though TRACERT works OK.

It sounds like some sort of firewall issue that I need to sort out on Windows Server 2008 - or am I barking up the wrong tree?
What is the difference in dns serers received from the 2 ras servers. Run Ipconfig /all when connected to each server.

Are the clients using the vpn server as their default gateway ? from CMD run "route print "
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

I see you said dns works. What IP addresses are used for each ras server, same subnet ?
kpturnerAuthor Commented:
Yes - each server is on the exact same subnet.

I tried disabling the firewall on the Windows Server 2008 box and then I was able to access the LAN and all the hardware tunnel VPNs normally.  However, I still cannot access any internet sites while connected. Intranet sites on my own LAN and on the machines I can see at the end of the hardware VPNs work fine.
Seth SimmonsSr. Systems AdministratorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.