RAS problems in Window Server 2008 but fine in SBS 2008

Posted on 2012-08-24
Medium Priority
Last Modified: 2015-06-07

I will try describe this problem as simply as I can.

On our network we have several hardware VPN tunnels to customers using both Netgear and Cisco routers.  These all work perfectly from our LAN.

We also have a SBS 2008 server that has routing and remote access enabled to enabled employees to access out network from home.  So this is the "noddy" VPN that Windows server allows without the complication of configuring hardware in the employees home. When connected, the employees have full access to our LAN, the internet and also the aforementioned hardware VPN tunnels. Perfect!

We also have a Windows Server 2008 machine (r2) running.  This also have routing and remote access enabled as a backup to the SBS 2008 RAS system. So this server uses a completely different gateway.  It is just supposed to be an alternative route in.  Remote clients (employees) can successfully connect to this server just as easily as they can connect to the SBS 2008 server - HOWEVER, once they are connected, they lose normal internet connectivity and they cannot access any of the hardware tunnels. They can, however, access the company LAN ok as far as I can see.  They can ping the machines at the end of the hardware tunnels so the static routes on the gateway are OK, but that is as far as it goes.  The lack of internet capability is equally baffling.

I cannot figure out what the differences are between the Windows 2008 RAS offering (that does not work as expected) and the SBS 2008 RAS offering (which does work as expected). It is as if there is something else I need to enable in Windows Server 2008 RAS but what?

Question by:kpturner
  • 3
  • 2

Author Comment

ID: 38331079
I may have lied a little.  When connected to the Windows Server 2008 RAS the remote clients do NOT have access to the LAN either. All addresses can be resolved using DNS (internet, LAN machines, hardware VPN tunnels etc) and it is also possible to TRACERT to everything. However, nothing else works. You cannot TELNET to any of the machines (and you should be able to) and you cannot connect to any normal internet site even though TRACERT works OK.

It sounds like some sort of firewall issue that I need to sort out on Windows Server 2008 - or am I barking up the wrong tree?
LVL 10

Expert Comment

ID: 38331083
What is the difference in dns serers received from the 2 ras servers. Run Ipconfig /all when connected to each server.

Are the clients using the vpn server as their default gateway ? from CMD run "route print "
LVL 10

Expert Comment

ID: 38331090
I see you said dns works. What IP addresses are used for each ras server, same subnet ?
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why


Author Comment

ID: 38331187
Yes - each server is on the exact same subnet.

I tried disabling the firewall on the Windows Server 2008 box and then I was able to access the LAN and all the hardware tunnel VPNs normally.  However, I still cannot access any internet sites while connected. Intranet sites on my own LAN and on the machines I can see at the end of the hardware VPNs work fine.

Accepted Solution

kpturner earned 0 total points
ID: 38331346
I seem to have fixed it!

I re-enabled the firewall because that seemed to be a bad solution (and it didn't work anyway).

I then went to the RAS configuration and expanded IPv4 and found the NAT node. I then added a LAN interface to the NAT node and configured “Public interface connected to the internet” with NAT enabled.

Everything sprang into life!      I am not sure I know why though. This was pure trial and error - my network skills are not the best.
LVL 36

Expert Comment

by:Seth Simmons
ID: 40816688
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question