RAS problems in Window Server 2008 but fine in SBS 2008

Posted on 2012-08-24
Last Modified: 2015-06-07

I will try describe this problem as simply as I can.

On our network we have several hardware VPN tunnels to customers using both Netgear and Cisco routers.  These all work perfectly from our LAN.

We also have a SBS 2008 server that has routing and remote access enabled to enabled employees to access out network from home.  So this is the "noddy" VPN that Windows server allows without the complication of configuring hardware in the employees home. When connected, the employees have full access to our LAN, the internet and also the aforementioned hardware VPN tunnels. Perfect!

We also have a Windows Server 2008 machine (r2) running.  This also have routing and remote access enabled as a backup to the SBS 2008 RAS system. So this server uses a completely different gateway.  It is just supposed to be an alternative route in.  Remote clients (employees) can successfully connect to this server just as easily as they can connect to the SBS 2008 server - HOWEVER, once they are connected, they lose normal internet connectivity and they cannot access any of the hardware tunnels. They can, however, access the company LAN ok as far as I can see.  They can ping the machines at the end of the hardware tunnels so the static routes on the gateway are OK, but that is as far as it goes.  The lack of internet capability is equally baffling.

I cannot figure out what the differences are between the Windows 2008 RAS offering (that does not work as expected) and the SBS 2008 RAS offering (which does work as expected). It is as if there is something else I need to enable in Windows Server 2008 RAS but what?

Question by:kpturner

    Author Comment

    I may have lied a little.  When connected to the Windows Server 2008 RAS the remote clients do NOT have access to the LAN either. All addresses can be resolved using DNS (internet, LAN machines, hardware VPN tunnels etc) and it is also possible to TRACERT to everything. However, nothing else works. You cannot TELNET to any of the machines (and you should be able to) and you cannot connect to any normal internet site even though TRACERT works OK.

    It sounds like some sort of firewall issue that I need to sort out on Windows Server 2008 - or am I barking up the wrong tree?
    LVL 10

    Expert Comment

    What is the difference in dns serers received from the 2 ras servers. Run Ipconfig /all when connected to each server.

    Are the clients using the vpn server as their default gateway ? from CMD run "route print "
    LVL 10

    Expert Comment

    I see you said dns works. What IP addresses are used for each ras server, same subnet ?

    Author Comment

    Yes - each server is on the exact same subnet.

    I tried disabling the firewall on the Windows Server 2008 box and then I was able to access the LAN and all the hardware tunnel VPNs normally.  However, I still cannot access any internet sites while connected. Intranet sites on my own LAN and on the machines I can see at the end of the hardware VPNs work fine.

    Accepted Solution

    I seem to have fixed it!

    I re-enabled the firewall because that seemed to be a bad solution (and it didn't work anyway).

    I then went to the RAS configuration and expanded IPv4 and found the NAT node. I then added a LAN interface to the NAT node and configured “Public interface connected to the internet” with NAT enabled.

    Everything sprang into life!      I am not sure I know why though. This was pure trial and error - my network skills are not the best.
    LVL 34

    Expert Comment

    by:Seth Simmons
    This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

    Featured Post

    Want to promote your upcoming event?

    Attending an event? Speaking at a conference? Or exhibiting at a tradeshow? Easily inform your contacts by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

    Join & Write a Comment

    I was asked if I could set up a fax machine so that incoming faxes were delivered to people's Exchange inboxes and so that they could send faxes from their desktops without needing to print the document first.  I knew it was possible but I had no id…
    Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
    This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
    This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now