Link to home
Start Free TrialLog in
Avatar of kieran_stoney
kieran_stoneyFlag for United Kingdom of Great Britain and Northern Ireland

asked on

VPN issue

I have three sites which are connected together using a firewall based IPSEC site to site VPN. I also have several machines which connect to a server using SSTP VPN for remote access. The issue is that the machines which are connecting using the SSTP VPN are only able to connect to machines on the local subnet of the server which they are connecting and not the other sites. I found a work around in adding a static route manually on machines; however these machines are out of my control and the users aren't exactly "tech savvy". If I try adding a route using the routing and remote access console I loose access to the network which the route relates to.

How can I overcome this?

Any help is greatly appreciated
Avatar of agonza07
agonza07
Flag of United States of America image

Not sure if this still applies on 2008, or if its been replaced by something else, but approach #2 is still an option.

http://blogs.technet.com/b/rrasblog/archive/2006/06/30/routing-to-multiple-networks-behind-vpn-server.aspx

Approach #2, DHCP configured static routes.
http://technet.microsoft.com/en-us/library/dd145324(v=ws.10).aspx
(look at the "static routes" section)
Avatar of kieran_stoney

ASKER

Won't that cause an issue with dhcp clients on the local network not being able to access other sites?
Depending on how your network is configured. If you need to worry about that then maybe configuring reservations is the way around that.
I've done some research and came across using the default routing and remote access class within DHCP. However when I create the route using this it doesn't appear to be assigned to any machines.
The routes specified in the RRAS class will only apply to the RRAS server - not the clients.  

Also, as I understand it, RRAS actually obtains the DHCP lease and kind-of proxies it to the client (for want of a better way of explaining it).  The client receives a /32 address from the RRAS server which was assigned to the RRAS server via DHCP, so any options from the DHCP scope won't actually reach the client over a VPN-established connection.
ASKER CERTIFIED SOLUTION
Avatar of kieran_stoney
kieran_stoney
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
resolved