[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

VPN issue

Posted on 2013-05-24
7
Medium Priority
?
277 Views
Last Modified: 2013-07-10
I have three sites which are connected together using a firewall based IPSEC site to site VPN. I also have several machines which connect to a server using SSTP VPN for remote access. The issue is that the machines which are connecting using the SSTP VPN are only able to connect to machines on the local subnet of the server which they are connecting and not the other sites. I found a work around in adding a static route manually on machines; however these machines are out of my control and the users aren't exactly "tech savvy". If I try adding a route using the routing and remote access console I loose access to the network which the route relates to.

How can I overcome this?

Any help is greatly appreciated
0
Comment
Question by:kieran_stoney
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 20

Expert Comment

by:agonza07
ID: 39196166
Not sure if this still applies on 2008, or if its been replaced by something else, but approach #2 is still an option.

http://blogs.technet.com/b/rrasblog/archive/2006/06/30/routing-to-multiple-networks-behind-vpn-server.aspx

Approach #2, DHCP configured static routes.
http://technet.microsoft.com/en-us/library/dd145324(v=ws.10).aspx
(look at the "static routes" section)
0
 
LVL 1

Author Comment

by:kieran_stoney
ID: 39196393
Won't that cause an issue with dhcp clients on the local network not being able to access other sites?
0
 
LVL 20

Expert Comment

by:agonza07
ID: 39196526
Depending on how your network is configured. If you need to worry about that then maybe configuring reservations is the way around that.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 1

Author Comment

by:kieran_stoney
ID: 39196534
I've done some research and came across using the default routing and remote access class within DHCP. However when I create the route using this it doesn't appear to be assigned to any machines.
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 39197108
The routes specified in the RRAS class will only apply to the RRAS server - not the clients.  

Also, as I understand it, RRAS actually obtains the DHCP lease and kind-of proxies it to the client (for want of a better way of explaining it).  The client receives a /32 address from the RRAS server which was assigned to the RRAS server via DHCP, so any options from the DHCP scope won't actually reach the client over a VPN-established connection.
0
 
LVL 1

Accepted Solution

by:
kieran_stoney earned 0 total points
ID: 39301751
Issue resolved by creating new scope for vpn clients and assigning static routes within it.
0
 
LVL 1

Author Closing Comment

by:kieran_stoney
ID: 39313533
resolved
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question