AboutPricingCommunityTeamsStart Free TrialLog in
Avatar of kieran_stoney
kieran_stoney
Flag for United Kingdom of Great Britain and Northern Ireland asked on

VPN issue

I have three sites which are connected together using a firewall based IPSEC site to site VPN. I also have several machines which connect to a server using SSTP VPN for remote access. The issue is that the machines which are connecting using the SSTP VPN are only able to connect to machines on the local subnet of the server which they are connecting and not the other sites. I found a work around in adding a static route manually on machines; however these machines are out of my control and the users aren't exactly "tech savvy". If I try adding a route using the routing and remote access console I loose access to the network which the route relates to.

How can I overcome this?

Any help is greatly appreciated
Windows Server 2008VPNRouters
Avatar of undefined
Last Comment
kieran_stoney
8/22/2022 - Mon
agonza07
Not sure if this still applies on 2008, or if its been replaced by something else, but approach #2 is still an option.

http://blogs.technet.com/b/rrasblog/archive/2006/06/30/routing-to-multiple-networks-behind-vpn-server.aspx

Approach #2, DHCP configured static routes.
http://technet.microsoft.com/en-us/library/dd145324(v=ws.10).aspx
(look at the "static routes" section)
kieran_stoney
ASKER
Won't that cause an issue with dhcp clients on the local network not being able to access other sites?
agonza07
Depending on how your network is configured. If you need to worry about that then maybe configuring reservations is the way around that.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
kieran_stoney
ASKER
I've done some research and came across using the default routing and remote access class within DHCP. However when I create the route using this it doesn't appear to be assigned to any machines.
Craig Beck
The routes specified in the RRAS class will only apply to the RRAS server - not the clients.  

Also, as I understand it, RRAS actually obtains the DHCP lease and kind-of proxies it to the client (for want of a better way of explaining it).  The client receives a /32 address from the RRAS server which was assigned to the RRAS server via DHCP, so any options from the DHCP scope won't actually reach the client over a VPN-established connection.
ASKER CERTIFIED SOLUTION
kieran_stoney
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
kieran_stoney
ASKER
resolved
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Plans and Pricing
Resources
Product
Podcasts
Careers
Contact Us
Teams
Certified Expert Program
Credly Partnership
Udemy Partnership
Privacy Policy
Terms of Use

© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent