[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Trying To Connect VPN To Routing and Remote Access Server on Server 2008 R2

Posted on 2012-08-27
68
Medium Priority
?
1,847 Views
Last Modified: 2012-09-04
I have successfully connected to my RRAS Server from home using only 1 NIC on the server. I was able to browse server as well as client shares but I lost all other connectivity on my W7 client machine (web, email) even with the "Use Default Gateway..." option unchecked.

So today I went and added a NIC card to my server and since I have a block of 5 IPs from my ISP I asigned it one of those IPs and reconfigured the RRAS using the VPN option and that NIC card which bypassed the router altogether. When I got home I found that I was unable to even ping that IP.

Am I way off base here?

Home:
W7 NIC 192.168.1.15(static)/ DNS and gateway 192.168.1.1
VPN setup dynamic and pointing to 97.76.8.76

Server:
Main NIC WAN 97.76.8.74/ LAN 10.1.3.32/ DNS 65.32.1.65 & .70/ Gateway 10.1.3.1

NIC#2 WAN 97.76.8.76 then I let RRAS configure the rest (i.e. no gateway, no NET BIOS over TCP/IP and DNS 65.32.1.65 & 65.32.1.70
0
Comment
Question by:A_AmericanELectric
  • 39
  • 20
  • 9
68 Comments
 
LVL 29

Expert Comment

by:pwindell
ID: 38341673
Am I way off base here?

Yes.....way off base.

Get rid of the second Nic.
You can't run two Nics on the same IP segment unless you are Nic-Teaming (which there is no way that you are doing that)

Disabling the "Use gateway on remote network" is the only setting involved,...and that should have worked.

With this being a Win7 Client,...maybe the "Windows Firewall" is activating and doing something stupid,...I don't know.
0
 
LVL 71

Assisted Solution

by:Qlemo
Qlemo earned 1002 total points
ID: 38342477
I have to agree.
For debugging, open a command prompt and call
    route print
    ipconfig /all
before and after you are connected (with your original setup, no "Use Gateway ..."). Note the differences. Your local routes should not change, and only the RAS network should get added.
0
 
LVL 29

Assisted Solution

by:pwindell
pwindell earned 498 total points
ID: 38342550
When "Use Gateway.." is enabled the VPN Interface WAN (PPP/SLIP)  Gateway should be the same IP as the Interface.  But when "Use Gateway..." is not enabled the Gateway is supposed to blank which allows the machine's original Gateway to have control.

The Mask should always be 255.255.255.255 in either case
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:A_AmericanELectric
ID: 38343883
Okay I disabled the 2nd NIC and reconfigured the RRAS using the custom/VPN route. I have the clients IPV4 set to dynamic and I connect to server just fine but still lose all connectivity.
Also cannot ping 10.1.3.32 which is the local address of the server right now. I can usually ping that from the client. I'm sure this is a server setting but you may have to walk me through like a child.

I think I need to setup a static address pool on RRAS and a static address on client. I did this once before which produced the best results but have never been able to get it again.

I have a lot going on on the server-side router:
Ports 1723 TCP / 1701 UDP and 500 UDP all forwarded to 10.1.3.32 and I also have all 3 VPN pass through enabled.
0
 

Author Comment

by:A_AmericanELectric
ID: 38343926
I forgot- here's the route print for the server:

C:\Users\Andy.APLUSSERVER-1>route print
===========================================================================
Interface List
 23...........................RAS (Dial In) Interface
 11...14 da e9 f4 c1 bd ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.1.3.1        10.1.3.32    276
         10.1.3.0    255.255.255.0         On-link         10.1.3.32    276
        10.1.3.32  255.255.255.255         On-link         10.1.3.32    276
        10.1.3.55  255.255.255.255         On-link         10.1.3.55    306
       10.1.3.255  255.255.255.255         On-link         10.1.3.32    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         10.1.3.32    276
        224.0.0.0        240.0.0.0         On-link         10.1.3.55    306
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         10.1.3.32    276
  255.255.255.255  255.255.255.255         On-link         10.1.3.55    306
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0         10.1.3.1  Default
          0.0.0.0          0.0.0.0         10.1.3.1  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 15     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 15     58 2001::/32                On-link
 15    306 2001:0:4137:9e76:3850:41b:f5fe:fcdf/128
                                    On-link
 11    276 fe80::/64                On-link
 15    306 fe80::/64                On-link
 15    306 fe80::3850:41b:f5fe:fcdf/128
                                    On-link
 11    276 fe80::ed5e:f6a5:d005:c3bf/128
                                    On-link
  1    306 ff00::/8                 On-link
 15    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

C:\Users\Andy.APLUSSERVER-1>
0
 

Author Comment

by:A_AmericanELectric
ID: 38343931
I'm messing you guys up but that was after setting a static address pool of 10.1.3.55 to 10.1.3.56
0
 

Author Comment

by:A_AmericanELectric
ID: 38343963
Firewall completely disabled on client and Use Default gateway unchecked. still lose all connectivity and unable to ping 10.1.3.32. Interestingly enough- (maybe static address pool) but I try to ping aplusserver-1 and it times out but says "Pinging aplusserver-1 [10.1.3.55]".
I thought the address pool was for the client which is what I set to 10.1.3.55 and 56
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 38344604
We need the route print executed on the client, not the server (though that might be interesting, too).
0
 

Author Comment

by:A_AmericanELectric
ID: 38346584
ok Ill give you everything
0
 

Author Comment

by:A_AmericanELectric
ID: 38346806
This is with a fresh configuration on RRAS usin custom/ VPN and both server and client dynamic. This is in the connected state. Unable to ping and lose all connectivity.

NOTE:
I'm pretty sure that when I previously had a successful VPN (was able to browse the server as well as client shares on the remote host network), I had a static address pool of say [10.1.3.55 to 10.1.3.60] and the client VPN connection configured statically  to 10.1.3.55

Route Print (Client):
D:\Users\Andy>route print
===========================================================================
Interface List
 12...14 da e9 13 a6 08 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.15    266
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.15    266
     192.168.1.15  255.255.255.255         On-link      192.168.1.15    266
    192.168.1.255  255.255.255.255         On-link      192.168.1.15    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.15    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.15    266
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.1.1  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 11     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 11     58 2001::/32                On-link
 11    306 2001:0:9d38:953c:3407:a7:3f57:fef0/128
                                    On-link
 12    266 fe80::/64                On-link
 11    306 fe80::/64                On-link
 11    306 fe80::3407:a7:3f57:fef0/128
                                    On-link
 12    266 fe80::e534:cae6:6c14:1e82/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    306 ff00::/8                 On-link
 12    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

D:\Users\Andy>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : ACE-1
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 14-DA-E9-13-A6-08
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::e534:cae6:6c14:1e82%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.15(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 185916137
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-4D-27-B7-14-DA-E9-13-A6-08

   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:3407:a7:3f57:fef0(Prefer
red)
   Link-local IPv6 Address . . . . . : fe80::3407:a7:3f57:fef0%11(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{A6E77290-2604-4FA2-A6B7-570C34BC3A2B}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

D:\Users\Andy>route print
===========================================================================
Interface List
 20...........................VPN Connection
 12...14 da e9 13 a6 08 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.15    266
       97.76.8.74  255.255.255.255      192.168.1.1     192.168.1.15     11
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.15    266
      192.168.1.0    255.255.255.0       10.1.3.148     192.168.1.55     11
     192.168.1.15  255.255.255.255         On-link      192.168.1.15    266
     192.168.1.55  255.255.255.255         On-link      192.168.1.55    266
    192.168.1.255  255.255.255.255         On-link      192.168.1.15    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.15    266
        224.0.0.0        240.0.0.0         On-link      192.168.1.55    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.15    266
  255.255.255.255  255.255.255.255         On-link      192.168.1.55    266
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.1.1  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 12    266 fe80::/64                On-link
 12    266 fe80::e534:cae6:6c14:1e82/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

D:\Users\Andy>
....
IPconfig (client)
D:\Users\Andy>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : ACE-1
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

PPP adapter VPN Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VPN Connection
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.55(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 65.32.1.65
                                       65.32.1.70
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 14-DA-E9-13-A6-08
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::e534:cae6:6c14:1e82%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.15(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 185916137
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-4D-27-B7-14-DA-E9-13-A6-08

   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{0854EEA3-E294-44DB-9C6B-6C78B75E5C99}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A6E77290-2604-4FA2-A6B7-570C34BC3A2B}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

D:\Users\Andy>

IP Config (Server)

C:\Users\Andy.APLUSSERVER-1>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : AplusServer-1
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : No

PPP adapter RAS (Dial In) Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : RAS (Dial In) Interface
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.1.3.148(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 14-DA-E9-F4-C1-BD
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::ed5e:f6a5:d005:c3bf%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.1.3.32(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.1.3.1
   DHCPv6 IAID . . . . . . . . . . . : 236247785
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-61-57-B6-14-DA-E9-F4-C1-BD

   DNS Servers . . . . . . . . . . . : 65.32.1.65
                                       65.32.1.70
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{74C0CE74-2420-488A-BFC3-1D4BD113C922}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1c16:3967:f5fe:fcdf(Pref
erred)
   Link-local IPv6 Address . . . . . : fe80::1c16:3967:f5fe:fcdf%15(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{6E06F030-7526-11D2-BAF4-00600815A4BD}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

C:\Users\Andy.APLUSSERVER-1>
0
 

Author Comment

by:A_AmericanELectric
ID: 38346840
With everything setup dynamically it shows the server on .148 but all my vpn ports are forwarded to .32


Ping from client to server name with VPN connected:
D:\Users\Andy>ping aplusserver-1

Pinging aplusserver-1 [10.1.3.148] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 10.1.3.148:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
0
 
LVL 29

Expert Comment

by:pwindell
ID: 38346968
Way too much of a "dump of stuff" for me to sort through.

Back at the beginning you said you could connect to the VPN Server from the Client and was able to browse shares.  If that is true than the VPN is working perfectly fine,..so you can forget about doing anything more to/with the server.  Leave the server be.

If the Client looses connectivity to it's own local LAN while connected to the VPN then it is an issue that is 100% on the Client and no where else.

From the first post:
I have successfully connected to my RRAS Server from home using only 1 NIC on the server.

That is not true.  The server has two Nic (after you removed the one I told you to get rid of), and that is fine.  VPN Server, almost by definition should have two Nic (just not in the same subnet).  Yes RRAS is supposed to work with a single nic,..but it is a "hack job" and unreliable (IMO).  Later in your first post you said:

Server:
Main NIC WAN 97.76.8.74/ LAN 10.1.3.32/ DNS 65.32.1.65 & .70/ Gateway 10.1.3.1

               (nic 1)                         (nic 2)

That is two Nics,..not one.   Not that this matters with your Client issues,...but you still need to fully understand what you have there.

Anyway, you need to focus on the Client end. But like I said before,...the "Use gateway on..." is the only relevant setting apart from the Windows Firewall.  Disabling that should allow it to do what you want.   If that isn't doing that then I don't know what to tell you, There is no other item to flip, toggle or whatever.  Maybe you are confusing the loss of connectivity with the loss of Netbios Naming or External (Internet) DNS Naming which would not be that surprising.  When you think you have lost connectivity you need to ping "targets" by the raw IP# to see what is really happening.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 38346992
Ping from client to server name with VPN connected:
D:\Users\Andy>ping aplusserver-1
Pinging aplusserver-1 [10.1.3.148] with 32 bytes of data:
Request timed out.


Ping directly to the IP you want,...do not use "names" while troubleshooting.   Naming issues will cause you to get "false negatives" on connectivity tests.
0
 

Author Comment

by:A_AmericanELectric
ID: 38347041
Ok you have my attention:
 I physically have 1 NIC card plugged into the Cisco router (10.1.3.32). 97.76.8.74 is the static WAN IP that the router uses. LAN IP for the router is configured to 10.1.3.1.

The other NIC card presently has no cat5 plugged into it. Do I need to get that on another subnet and if so, how?

The success was in the past. I am able to connect now but not only lose web and Outlook connectivity but I'm also not able to browse or ping the RRAS server.

Do I need the static address pool? If so, should it be 10.1.3.55 to .56 or 192.168.55 to 56 ?

I guess none of this matters until I get that second NIC setup the way you tell me.

"you need to focus on the client" okay I get that but shouldn't I at least get access to the server shares like I had before first?
0
 
LVL 29

Expert Comment

by:pwindell
ID: 38347046
One other thing to consider with Win7 and Vista,...when it detects a "new" connection it will give you the "nag" screen asking if it is Home, Work, or Public.   Well forget "home",...it's about useless,...always choose "Work" unless it is some kind of truely "Public" network.  The choices you make there will effect how much the Windows Firewall gets in the way and screws things up.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 38347125
Ok,...well...you never said there was a Cisco Router anywhere till now.  You said (or at least I interpreted that) the 3.32 and the 8.74 were the IPS of the Server.  That made me believe the Server was the Network Edge Device.  Also what you called a router would not really be a router,...it is a NAT Firewall.  Yes, I know, the Consumer "world" calls everything a "router" when you go into BestBuy,..but it just isn't true,..that is just how the consumer "world" has made a mess out of the IT industry.

Anyway,..I guess it doesn't matter...that ends up being just an FYI discussion.

Bottom line,...get the Server back to the original state it was in way back at the beginning (before you added that extra nic I told you to get rid of) when the Shares and stuff seemed to be working and the only problem was just the Home LAN appeared unreachable to the Client after the VPN was activated.

Then once that is back to where it was,...troubleshoot this as primarily a Client-Side problem. Then maybe we can figure something out at that point.

It is just too big of a mess now to sort out with "forum posts" right now.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 38347261
Additional,...

Normally you can still reach Local LAN Resources even with "Use gateway on remote..." enabled because the Local LAN Resources are in the same subnet as the Client's physical Nic,...you just can not go beyond that,... such as get to the Internet over your own Local Internet account because routing to any other subnet goes out the VPN,...I do that every day.

You should only have to disable "Use gateway on remote..." if you want the local LAN Client to use the local LAN's Internet connection independently.  That is the way the Windows VPN Client works,...maybe others like the Cisco VPN Client or the OpenVPN Client may do things differently,..but that is their mistake.  What some products do is called Inverse Split-Tunneling,...but they don't make it clear that is what they are doing.
See Variants and Related Technology - Inverse split tunneling in the following link:
http://en.wikipedia.org/wiki/Split_tunneling


Anyway, bottom line with the "Use gateway on remote.." setting,...it simply "toggles" the Default Gateway.  When enabled the VPN is the Default Gateway,...when disabled the Client's original Default Gateway takes over,...that is all it really does.
0
 

Author Comment

by:A_AmericanELectric
ID: 38347424
Thank you for taking all this time with me but your last comment got me thinking about why I was unable to browse the server. I went in just to test and checked the "Use Default Gateway" and sure enough I'm on the server. Everything is presently dynamic on each end- nothing changed except the gateway option.
As you can see in the image, I am able to browse the server shares and this time Outlook is even reaching the server but still lose web access.
So this time ...Gateway helped with Windows browsing as well as email ports but not web browsing.
serverShares.PNG
0
 

Author Comment

by:A_AmericanELectric
ID: 38347460
Also you said that using 1 NIC was a hack job. Well the majority of the reasons I do any of this is just to teach myself how and if it happens to make my life a little easier as in this case because I'm able to work with Quickbboks company file as well as Dreamweaver site folder, then that's all the better.

How do I configure the second NIC on another subnet?

Sorry for forgetting to mention the router... or firewall but it is an RV082 dual WAN VPN router.
(forget about configuring it for VPN. Almost impossible and does a lousy job! And besides I would not learn anything about RRAS if I did)
0
 
LVL 29

Expert Comment

by:pwindell
ID: 38347505
How do I configure the second NIC on another subnet?

When you do that you are replacing the RV082 with the VPN Server and the RV082 collects dust on a shelf somewhere.  The VPN Server then becomes the Firewall and the VPN Server at the same time (just like the RV082 can be both at the same time).

If in such a case you do not physically replace the RV082 with RRAS box then you would be creating an Back-to-Back DMZ with an Inner Firewall and an Outer Firewall,...with the RV082 being the "outer" and the RRAS box being the inner.

For example:
Back-to-Back DMS Sample

Now maybe you could disable all Layer3 functionality of the RV082 which leaves it in what is commonly called "Bridge mode",...which makes it invisible and so the RRAS box would appear to be on the network edge.  But I can not help you with that,..I'm not intimately familiar with the RV082
0
 

Author Comment

by:A_AmericanELectric
ID: 38347606
Well  since I'm not running AD or anything (as is required in your illustration), would another IP address that I have from my ISP be useful just for RRAS? In other words, can I setup the 2nd NIC on 97.76.8.75 by physically plugging it in to another port on my ISP's firewall and leave the 1st NIC on 10.1.3.32 behind the RV082?

From what I think I'm reading- the reason 2 NICs are even used is so that one can act as an access point (pardon my misuse of terminology) for the client and the other handles the LAN for both the server as well as the remote client. Is that correct?
0
 

Author Comment

by:A_AmericanELectric
ID: 38347616
I have a block of 5 IPs 97.76.8.74 to .78 with a gateway of .73
0
 
LVL 29

Expert Comment

by:pwindell
ID: 38347641
There is no ISP's Firewall,...the RV082 is the Firewall.

From what I think I'm reading- the reason 2 NICs are even used is so that one can act as an access point (pardon my misuse of terminology) for the client and the other handles the LAN for both the server as well as the remote client. Is that correct?

No that is not correct.
0
 

Author Comment

by:A_AmericanELectric
ID: 38347648
ok then the ISP modem with 4 ports.
0
 

Author Comment

by:A_AmericanELectric
ID: 38347664
so you are saying that since I have the RV082 in place that only having 1 NIC on the server is not a hack job and the way it should be?
0
 
LVL 29

Expert Comment

by:pwindell
ID: 38347697
ok then the ISP modem with 4 ports.

Then it would be another NAT Firewall with the 4 ports being a 4-port Switch built into the NAT Firewall.  "Modems" only have one in and one out,...they don't have the 4 Switch Ports like you see on all the "home user" retail NAT Firewalls have.

so you are saying that since I have the RV082 in place that only having 1 NIC on the server is not a hack job and the way it should be?


Pretty much,...yes

I have a block of 5 IPs 97.76.8.74 to .78 with a gateway of .73

With your current physical layout there is no way to use those unless the RV082 gives you a means to add all of them to the WAN Interface and then perform a Reverse-NAT or a Static NAT from each of them back to a resource behind the RV082.

Now if there is a separate "modem" upstream of the RV082 then theoretically you could put the RRAS box "Side-by-side" with the RV082 and each can run separately and independently.  But that isn't going to solve your original problem and would pretty much leave the RV082 with no reason to exist other than to raise your utility bill a little.
0
 

Author Comment

by:A_AmericanELectric
ID: 38347704
Im probably annoying you now so let me backup...
With the current configuration I'm almost back to as good as I ever had it. 1NIC on server/ both server and client VPN dynamic/ Use Default Gateway is enabled.
So the mess is cleaned up.
I think that if I create a static address pool and config the client static as well, I'll have everything so if I send you only the route print of the client can you tell me how to do that.

If so, that would solve the problem
0
 
LVL 29

Expert Comment

by:pwindell
ID: 38347705
Is this a Comcast "CableTV" Internet connection?
0
 
LVL 29

Expert Comment

by:pwindell
ID: 38347731
Im probably annoying you now so let me backup...
With the current configuration I'm almost back to as good as I ever had it. 1NIC on server/ both server and client VPN dynamic/ Use Default Gateway is enabled.


Address pool is fine, that is for the Clients.  The Server needs to be Static. Assign it an IP that is outside the range that the RV082 is "handing out" yet keep it in the same Subnet. Typically these things like the RV082 only "hand out" a partial range of the larger over all subnet.

So the mess is cleaned up.
I think that if I create a static address pool and config the client static as well, I'll have everything so if I send you only the route print of the client can you tell me how to do that.


Maybe.
0
 

Author Comment

by:A_AmericanELectric
ID: 38347750
Now if there is a separate "modem" upstream of the RV082 then theoretically you could put the RRAS box "Side-by-side" with the RV082 and each can run separately and independently.  But that isn't going to solve your original problem and would pretty much leave the RV082 with no reason to exist other than to raise your utility bill a little.

Thats what I was proposing but I was thinking that the RV082 could handle the LAN for the office as it always has and the 2nd NIC plugged into the NAT Router with 4 poert switch could be statically configured to one of the other IPs. The RV082 is a dual WAN router with a DMZ port for the 2nd but I don't think that helps anything
0
 

Author Comment

by:A_AmericanELectric
ID: 38347753
ok here it comes:
0
 

Author Comment

by:A_AmericanELectric
ID: 38347756
D:\Users\Andy>route print
===========================================================================
Interface List
 20...........................VPN Connection
 12...14 da e9 13 a6 08 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.15   4491
          0.0.0.0          0.0.0.0         On-link      192.168.1.55     11
       97.76.8.74  255.255.255.255      192.168.1.1     192.168.1.15   4236
        127.0.0.0        255.0.0.0         On-link         127.0.0.1   4531
        127.0.0.1  255.255.255.255         On-link         127.0.0.1   4531
  127.255.255.255  255.255.255.255         On-link         127.0.0.1   4531
      192.168.1.0    255.255.255.0         On-link      192.168.1.15   4491
     192.168.1.15  255.255.255.255         On-link      192.168.1.15   4491
     192.168.1.55  255.255.255.255         On-link      192.168.1.55    266
    192.168.1.255  255.255.255.255         On-link      192.168.1.15   4491
        224.0.0.0        240.0.0.0         On-link         127.0.0.1   4531
        224.0.0.0        240.0.0.0         On-link      192.168.1.15   4492
        224.0.0.0        240.0.0.0         On-link      192.168.1.55     11
  255.255.255.255  255.255.255.255         On-link         127.0.0.1   4531
  255.255.255.255  255.255.255.255         On-link      192.168.1.15   4491
  255.255.255.255  255.255.255.255         On-link      192.168.1.55    266
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.1.1  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 11     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 11     58 2001::/32                On-link
 11    306 2001:0:9d38:953c:48f:2e04:3f57:fec8/128
                                    On-link
 12    266 fe80::/64                On-link
 11    306 fe80::/64                On-link
 11    306 fe80::48f:2e04:3f57:fec8/128
                                    On-link
 12    266 fe80::e534:cae6:6c14:1e82/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    306 ff00::/8                 On-link
 12    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

D:\Users\Andy>route print
===========================================================================
Interface List
 20...........................VPN Connection
 12...14 da e9 13 a6 08 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.15   4491
          0.0.0.0          0.0.0.0         On-link      192.168.1.55     11
       97.76.8.74  255.255.255.255      192.168.1.1     192.168.1.15   4236
        127.0.0.0        255.0.0.0         On-link         127.0.0.1   4531
        127.0.0.1  255.255.255.255         On-link         127.0.0.1   4531
  127.255.255.255  255.255.255.255         On-link         127.0.0.1   4531
      192.168.1.0    255.255.255.0         On-link      192.168.1.15   4491
     192.168.1.15  255.255.255.255         On-link      192.168.1.15   4491
     192.168.1.55  255.255.255.255         On-link      192.168.1.55    266
    192.168.1.255  255.255.255.255         On-link      192.168.1.15   4491
        224.0.0.0        240.0.0.0         On-link         127.0.0.1   4531
        224.0.0.0        240.0.0.0         On-link      192.168.1.15   4492
        224.0.0.0        240.0.0.0         On-link      192.168.1.55     11
  255.255.255.255  255.255.255.255         On-link         127.0.0.1   4531
  255.255.255.255  255.255.255.255         On-link      192.168.1.15   4491
  255.255.255.255  255.255.255.255         On-link      192.168.1.55    266
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.1.1  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 11     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 11     58 2001::/32                On-link
 11    306 2001:0:9d38:953c:2cfa:37d0:3f57:fec8/128
                                    On-link
 12    266 fe80::/64                On-link
 11    306 fe80::/64                On-link
 11    306 fe80::2cfa:37d0:3f57:fec8/128
                                    On-link
 12    266 fe80::e534:cae6:6c14:1e82/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    306 ff00::/8                 On-link
 12    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
0
 

Author Comment

by:A_AmericanELectric
ID: 38347765
If it matters- the NIC on the client is configured to 192.168.1.15 static using 192.168.1.1 for the gateway and DNS
0
 
LVL 29

Expert Comment

by:pwindell
ID: 38347787
Route tables are almost useless to me.

Just establish the VPN,...make sure you then have connectivity to the Network that you "VPN'ed into".  If that is good...then....

Then try to ping a device on the local LAN that the Client is on.  Use the IP,...not a name,..for example, ping the Local Home Gateway device which is probably 192.168.1.1.

If it fails, then disable IPV6 and try again.  IPV6 is serving no good purpose here.
0
 

Author Comment

by:A_AmericanELectric
ID: 38347812
this is what I just VPN'ed into:
D:\Users\Andy>ping 10.1.3.1

Pinging 10.1.3.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 10.1.3.1:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

I am able to ping my own router at 192.168.1.1

interestingly I am able to access the remote WEB config page (port 8081) of the RV082 (server side) with the VPN active
0
 

Author Comment

by:A_AmericanELectric
ID: 38347827
VPN active:

D:\Users\Andy>ping 10.1.3.32

Pinging 10.1.3.32 with 32 bytes of data:
Reply from 10.1.3.32: bytes=32 time=65ms TTL=127
Reply from 10.1.3.32: bytes=32 time=65ms TTL=127
Reply from 10.1.3.32: bytes=32 time=69ms TTL=127
Reply from 10.1.3.32: bytes=32 time=66ms TTL=127

Ping statistics for 10.1.3.32:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 65ms, Maximum = 69ms, Average = 66ms
0
 
LVL 29

Expert Comment

by:pwindell
ID: 38347865
this is what I just VPN'ed into:
D:\Users\Andy>ping 10.1.3.1
Pinging 10.1.3.1 with 32 bytes of data:
Request timed out.
Request timed out.


Don't worry about that one.  Actually you VPN'ed into 10.1.3.0/24. We're talking about networks, not individual devices.

VPN active:
D:\Users\Andy>ping 10.1.3.32
Pinging 10.1.3.32 with 32 bytes of data:
Reply from 10.1.3.32: bytes=32 time=65ms TTL=127


And with the VPN Active you can ping a target within 10.1.3.0/24 which is 10.1.3.32,...which worked,...so the VPN is working correctly.  I'm not concerned that you can't ping 10.1.3.1,...you can ping 10.1.3.32 and that is what matters.

Now with the VPN still active,...ping 192.168.1.1
What happens?
0
 

Author Comment

by:A_AmericanELectric
ID: 38347887
I'm able to ping 192.168.1.1 as well but still have to turn VPN off in order to reply to you.
Also ipv6 is turned off on the client and has been since last night
0
 

Author Comment

by:A_AmericanELectric
ID: 38347893
Just to see what happened I set a static address pool on the server of 10.1.3.55 to .59 and then connected and did an ipconfig and it still shows the tunnel as being 192.168.1.55.
I think when I had the best results a while back, the address of the VPN connection was 10.1.3... even though the local lan (at home) was 192...
0
 
LVL 29

Expert Comment

by:pwindell
ID: 38347897
I'm able to ping 192.168.1.1 as well

Then it is working perfectly.

But still have to turn VPN off in order to reply to you.

It just means that the Firewall in the 10.1.3.o/24 network does not allow you to the Internet or that you have no DNS Resolution when going through the 10.1.3.0/24 network.  That would be expected since you Static Pool of Address on the RRAS box is not granting you a DNS Server along with the IP Specs.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 38347905
Just to see what happened I set a static address pool on the server of 10.1.3.55 to .59 and then connected and did an ipconfig and it still shows the tunnel as being 192.168.1.55.
I think when I had the best results a while back, the address of the VPN connection was 10.1.3... even though the local lan (at home) was 192...


Stop messing with it when it was working correctly.  You didn't give me time to finish typing my last reply.
0
 

Author Comment

by:A_AmericanELectric
ID: 38347915
1 last tidbit- even though I have the firewall off on the client, I chose "share with no one" for all of my folders to keep the wife and kids from browsing my folders. After doing so I do remember seeing a warning on the Network window about being invisible to the network but it went away
0
 
LVL 29

Expert Comment

by:pwindell
ID: 38347919
If the Business Network (10.1.3.0/24) has a fully capable DHCP Server then stop using the Address Pool.  Install the DHCP Relay Agent in RRAS (installed as a Protocol) and then let it assign IP Specs to VPN Client via DHCP.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 38347931
I have to go,..it's the end of my day.  I think you have things working,...you just have to fully realize that it is, in fact, working.  I think part of your problem is not knowing what the proper behavor to expect from it is, so you're trying to fix things that are not broken.

I'll be around tomorrow.
0
 

Author Comment

by:A_AmericanELectric
ID: 38348592
Ok. I got rid of address pool and added the interface to the DHCP Relay Agent. Still the same results.

If I ENABLE the "Use Default Gateway" on the client I lose web connection but can browse server shares.
If I DISABLE the "Use Default Gateway" on the client I lose web connection and CANNOT browse server shares
0
 

Author Comment

by:A_AmericanELectric
ID: 38348658
This is with "Use Default Gateway" enabled but if I disable that- I lose the red X but unable to browse server.work network
0
 
LVL 29

Expert Comment

by:pwindell
ID: 38349849
It is working the way it is supposed to work.....

With "Use remote gateway" enabled:
1. Can reach targeted business LAN as normal
2. Can reach local Home LAN as normal
3. Cannot go "outside" the Home LAN (such as the Internet) without going through the Business LAN to get there, which often means you have no Internet access while the VPN is active.

With "Use remote gateway" disabled:
1. Can reach local Home LAN as normal
2. Can reach targeted Business LAN as normal but will only be able to reach the exact subnet that you connected into. (10.1.3.0/24)
3. Can go "outside" the Home LAN (such as the Internet) using your own Home Internet Connection just fine

"Browsing" anything is not the same thing as being able to "Reach" anything.   "Reaching" a target is "networking",...."browsing" a target is not networking.  Browsing a target requires the Computer Browser Service, Netbios Naming, DNS,...and often WINS.  The Business LAN needs to have these. DNS and WINS are usually installed on the Domain Controller.  Include them in the DHCP Scope so that the DHCP Relay Agent in RRAS can pass them on to the VPN Client.  But even then "Browsing" will probably be inconsistant at best,...so get used to it,...we live in an imperfect world.
0
 

Author Comment

by:A_AmericanELectric
ID: 38352292
With "Use remote gateway" enabled:
1. Can reach targeted business LAN as normal
 YES
2. Can reach local Home LAN as normal YES
3. Cannot go "outside" the Home LAN (such as the Internet) without going through the Business LAN to get there, which often means you have no Internet access while the VPN is active. YES- THIS IS WHAT I NEED HELP WITH, ACCESSING THE INTERNET THROUGH THE BUSINESS LAN IF THAT IS THE ONLY WAY

With "Use remote gateway" disabled:
1. Can reach local Home LAN as normal
YES, NOW I CAN
2. Can reach targeted Business LAN as normal but will only be able to reach the exact subnet that you connected into. (10.1.3.0/24) NO NO NO
3. Can go "outside" the Home LAN (such as the Internet) using your own Home Internet Connection just fine YES
0
 

Author Comment

by:A_AmericanELectric
ID: 38352324
"Use remote gateway" enabled = can reach RRAS server IP

"Use remote gateway" disabled = cannot reach RRAS server IP
0
 

Author Comment

by:A_AmericanELectric
ID: 38352338
OK what I did last night was right-click DHCP relay agent and chose 'Add Interface'.
I added the local area connection adapter (same as 10.1.3.32)
I then right clicked DHCP Relay agent> Properties and chose 10.1.3.1 as the DHCP server address. The last part is what I was unsure of and may be wrong.

Why can't I reach my RRAS server and use the home internet connection with "Use remote gateway" disabled? That seems to be the cure for everyone else on the internet since thats all the posts I can find and nothing beyond that.
0
 

Author Comment

by:A_AmericanELectric
ID: 38352381
I'm guessing you are gone for today. Sorry but I just got in. Anyway just one more thing:

I found this on a technet page:

"Additional considerations

 If the DHCP server is on the same subnet as the RRAS server, then you do not have to configure the DHCP relay agent. RRAS can find DHCP servers on the same subnet by using broadcast network packets."

Is this not a clue that I don't have the DHCP relay agent configured properly? And that if I did have it configured properly, I would be able to disable the "Use remote gateway and still reach the RRAS server?
0
 
LVL 29

Expert Comment

by:pwindell
ID: 38352390
I'm done.  
You're not listening to what I have been saying.
You are expecting things that won't happen while denying that we have already proven it to be working.
I've spent enough time on this,...there is nothing more that I can say that I haven't already said over and over.
0
 

Author Comment

by:A_AmericanELectric
ID: 38352403
Thats because You refuse to listen! I understand you perfectly but I know there has to be a way to maintain a VPN connection to the server and still be able to browse the internet and receive email.

If you don't want to help then pass the comment along because we aren't getting anywhere
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 38352624
Difficult to get a grab on the current config here, so could you just confirm, when connected without "Use remote gateway" checked:

(1) you are getting an 10.1.3.x IP on the client when dialing in
(2) you cannot ping 10.1.3.32 (RRAS server)
(3) you cannot ping any address on 10.1.3.x network
(4) Internet does not work while connected

The routes posted in http:#a38347756 do not belong to that configuration, I presume. And I agree that having 192.168.1.55 appearing is strange, as it should be 10.1.3.x with static RAS DHCP pool or the DHCP Agent. You should see that IP in IPconfig, and the network and IP in the routing table (route print).
I also agree that you do never have to set up a DHCP relay agent if the DHCP server is on the target network - only when having to cross routers, a DHCP relay agent needs to be used. A static RAS DHCP pool is ok for testing (and if you do not need to provide additional info like DNS, WINS aso.). Using DHCP server leases for RAS allows to hand over more IP options to the RAS client, however.
0
 

Author Comment

by:A_AmericanELectric
ID: 38352891
Hello Qlemo! I thought I lost all support on this thread so I went to the office and decided to play around. Based on this post: http://www.youtube.com/watch?v=wpt2z3LA0dQ I went and reactivated my 2nd NIC, named it "public"and configured it as follows (I have a block of 5 IPS from my ISP):
I plugged it into my ISP's 4 port switch and set it up static with 97.76.8.76/ gateway 97.76.8.73.

Then I went to my main NIC which us plugged into the RV082 firewall, named it "private" and left the IP 10.1.3.32 and removed the gateway. I found that I had an internet connection so I cam back home and changed my VPN to point to 97.76.8.76 instead of 97.76.8.74 which is the WAN IP of the RV082.
It connected right away as it did before but, as I suspected, I could not access anything using 10.1.3.32 but I put \\97.76.8.76 into the browser and viola I had both internet and access to the server shares. And that was with the "Use Default Gateway" option checked.

I figured well I can live with that but there was 1 problem- I lost my connection to IIS site and email server because my default gateway was no longer pointing to 10.1.3.1 I assume.

This tells me that I can do it but I ASSUME I need to figure out how to forward any requests coming into 97.76.8.76 on port 80, 25,110 etc to the correct place.
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 38353351
I can't tell exactly why IIS aso. should not work, because I don't know your configuration. If IIS is running on the RRAS server you will need to make sure it listens to the public IPs, because prior you configured it using private IPs.

Anyway, the configuration does not make that much sense that way (to me). You are exposing a possible vulnerable server to the public, and need to take care of protecting it - with the router your are significantly more secure.

Currently you should be able to use both public IPs for dialing in, so you should try again what happens with your client routes when dialing in as before. And make sure the Routing feature is enabled in RRAS config - that should allow access to 10.1.3.x network for both configs IMO.

I'm convinced that your Internet and browsing issues with the "original" configuration are caused by DNS/WINS, as pwindell suspected.
0
 

Author Comment

by:A_AmericanELectric
ID: 38354398
I agree that I cannot leave the server  vulnerable but I was glad to seer I was able to achieve it by bypassing the RV082 which is what seems to me to be causing the DNS issue. I will send a route print now from the client but remember the 2nd adapter is physically still plugged in .

I'm also still getting an IP address on the VPN of 192.168.1.55 instead of 10.1.3.x

I found it interesting that with the VPN connected to 97.76.8.74 I could still enter \\97.76.8.76 into the browser and browse the shares. But with the DG gateway set back to 10.1.3.1 on the servers main, private NIC and no DG on the 97.76.8.76 NIC ((EVERYTHING BACK LIKE IT WAS)
 I still have no access to server shares unless activating "use default gateway" which causes me to lose web, etc.
0
 

Author Comment

by:A_AmericanELectric
ID: 38354436
C:\Windows\system32>route print
===========================================================================
Interface List
 20...........................VPN Connection
 12...14 da e9 13 a6 08 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.15   4235
          0.0.0.0          0.0.0.0         On-link      192.168.1.55     12
       97.76.8.74  255.255.255.255      192.168.1.1     192.168.1.15   4236
        127.0.0.0        255.0.0.0         On-link         127.0.0.1   4531
        127.0.0.1  255.255.255.255         On-link         127.0.0.1   4531
  127.255.255.255  255.255.255.255         On-link         127.0.0.1   4531
      192.168.1.0    255.255.255.0         On-link      192.168.1.15   4491
     192.168.1.15  255.255.255.255         On-link      192.168.1.15   4491
     192.168.1.55  255.255.255.255         On-link      192.168.1.55    267
    192.168.1.255  255.255.255.255         On-link      192.168.1.15   4491
        224.0.0.0        240.0.0.0         On-link         127.0.0.1   4531
        224.0.0.0        240.0.0.0         On-link      192.168.1.15   4492
        224.0.0.0        240.0.0.0         On-link      192.168.1.55     12
  255.255.255.255  255.255.255.255         On-link         127.0.0.1   4531
  255.255.255.255  255.255.255.255         On-link      192.168.1.15   4491
  255.255.255.255  255.255.255.255         On-link      192.168.1.55    267
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 11     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 11     58 2001::/32                On-link
 11    306 2001:0:9d38:953c:ca1:3519:3f57:fec8/128
                                    On-link
 12    266 fe80::/64                On-link
 11    306 fe80::/64                On-link
 11    306 fe80::ca1:3519:3f57:fec8/128
                                    On-link
 12    266 fe80::e534:cae6:6c14:1e82/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    306 ff00::/8                 On-link
 12    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
0
 

Author Comment

by:A_AmericanELectric
ID: 38354450
I'm heading over to the office. Is there anything I should do to 2nd adapter? Unplug it or plug it in behind the RV082 and reconfigure it?
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 38355459
You can leave it that way. We can switch off the NIC using the GUI, provided you get access via RV082 ... But I will have to look into this into more detail (very much) later, sorry.
0
 

Author Comment

by:A_AmericanELectric
ID: 38358155
So this may complicate things a little but I can easily undo these changes-
I've been playing around with the Hyper-V on the Server 2008 R2 machine (same machine that hosts RRAS) and I added a 3rd NIC and configured it per a Microsoft Teknet tutorial.
I disabled the "public" (97.76.8.76) NIC for now. All that works great.

Can I create another VM as a "Network Edge" using both  the "public" (97.76.8.76) NIC and the VLAN NIC and have only RRAS setup on that VM to handle the VPN transactions?
Or does this just unnecessarily complicate things?
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 38358947
Looking at your route print outputs, you are still
* not getting an 10.1.3.x IP on the client when dialing in
* your RAS IP 192.168.1.55 is still conflicting with your Home subnet 192.168.1.0/24.
* you are still getting the default gateway set to the RAS connection:
    0.0.0.0          0.0.0.0         On-link      192.168.1.55     12

In your client RAS connection info you should be able to set an IP manually - try that (using a valid and free 10.1.3.x address).
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 38358948
Re: : http:#a38358155, I don't get what you after here? Sounds overcomplicated ...
0
 

Author Comment

by:A_AmericanELectric
ID: 38359958
I've been playing around with hyper-v for the last couple of days. This was going to be my next project anyway.
So, using a Physical NIC as "VM NIC", what I did was:

1.

disabled all the bindings from the host and let Hyper-V create the virtual nic

2.

configured virtual NIC as static 10.1.3.36 on the guest OS

3.

Installed only RRAS on guest os with a static address pool of 10.1.3.95 to ...99

4.

Went to local users and groups and gave Administrator dial-in permission and issued the Administrator a static IP address. (curious- I gave Administrator 10.1.3.95, see below)

5.

Deleted client VPN connection and created a new, default connectionC:\Windows\system32>ipconfig

PPP adapter VPN Connection:

   Connection-specific DNS Suffix  . :
   IPv4 Address. . . . . . . . . . . : 10.1.3.96
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 0.0.0.0

I now have a super fast VPN and total connectivity.
I guess this isn't really a permanent solution but now at least I know it can be achieved between the 2 networks.
I've disabled and reconfigured the RRAS on the host dozens of times over the last several days with the exact same values so I have no idea what could be going on there.
0
 

Author Comment

by:A_AmericanELectric
ID: 38359971
UPDATE:
I can also reach the host and any client machines either by name or IP as well as reach the client from the server-side. Pretty cool!
If we could just do this on the host machine the problem would be solved.
Could IIS7 on the host somehow be coming into play here?
Or could something be configured wrong on the host's NIC?
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 38360227
IIS should not matter - but who knows ... DHCP and/or NIC settings can be the culprit in your original config. But we cannot know anything precise here, we Experts are on the guessing end ;-).
0
 

Author Comment

by:A_AmericanELectric
ID: 38362295
I'm going to credit the question to you anyway (thanks to both of you) but what do you think of leaving the RRAS on the guest OS? Security/ stability/ reliability?
Because from what I understand, its not a good idea to run so many server roles together on the same server (ie. RRAS, IIS, SMTP, SQL, ColdFusion) which is why Hyper-V was planned as my next project to learn anyway.
0
 
LVL 71

Accepted Solution

by:
Qlemo earned 1002 total points
ID: 38363138
In general it is a good idea to separate roles providing extended features. To have RRAS on another machine (different from other servers) is even best practice for security reasons. I would not go that far to say you should have a server for each role, but using something around 3 or 4 is certainly better than having all in one.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question