vpn clients can't browse network on expanded sunbet

Hello

We expanded the subnet from 255.255.255.0 to 255.255.252.0  base IP range starts at 192.168.0.1.
our DHCP server scope starts at 192.168.2 .xxx
thru RRAS on server 2008 vpn users connect but cannot access/ping ect..  any LAN  devices
if the DHCP server  issetup in RRAS-ipv4->DHCP relay agent.
If I set a block of static IP's in RRAS in the range of 192.168.0.xxx all works fine.
I tried a static block in the range of 192.168.2.xxx with no success.

internal DCHP clients pick up an IP in the range of 192.168.2.xxx and it works fine.

We have re-checked all network devices (including router) to make sure they are in the 255.255.252.000 range
ColdnorthAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
Your remote clients now have an expanded range to look through. So the remote client should have a subnet mask of 255.255.0.0 to allow for the complete office range. I think that should work.
ColdnorthAuthor Commented:
for the vpn users if RRAS is configured to serve addresses from our DHCP server they do receive an address of 192.168..2.xxx with a subnet of 255.255.252.0   but they cannot access any network resources. But if I assign a block of IP's in the range of 192.168.0.xxx they can access all devices in that range.
JohnBusiness Consultant (Owner)Commented:
Is the remote client setup targeted for 192.168.0.x ?  

For one remote client, remove the VPN profile (delete it). Restart the computer and make a new VPN Profile. Does that work?
Webinar: Cyber Crime Becomes Big Business

The rising threat of malware-as-a-service is not one to be overlooked. Malware-as-a-service is growing and easily purchased from a full-service cyber-criminal store in a “Virus Depot” fashion. Join us in our upcoming webinar as we discuss how to best defend against these attacks!

ColdnorthAuthor Commented:
all vpnclients are using Microsoft or Apple built-in VPN client and are set to DHCP.
JohnBusiness Consultant (Owner)Commented:
Fair enough. But there is a VPN profile in the machines (a machine of a box does not connect to your VPN).  So I am suggesting you take one machine and try a new VPN profile.

If the new profile works, you have your solution.

If the new profile does not work, there is something wrong with the network IP expansion.
matrix8086Commented:
Check the following:

Net mask is 255.255.252.0 on the vpn clients after connection - 192.168.2.0 network
Netmask is 255.255.252.0 on your subnet hosts - 192.168.0.0 network
Netmask is 255.255.252.0 on RRas server

I'd bet that the clients won't receives the right netmask :D

Best regards!
ColdnorthAuthor Commented:
Yes no matter which I use the client laptops have a mask is 255.255.255.255
JohnBusiness Consultant (Owner)Commented:
255.255.255.255 is the wrong subnet mask. That is for ONE IP address. No wonder they cannot browse. That is your problem.

Did you try deleting the VPN profile on one laptop and remaking it. I do not use your VPN but I do use VPN and this is at least a first approach.
matrix8086Commented:
You must configure Routing and Remote Access Server to give certain IP, NetMask, and Router information

Best regards!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Seth SimmonsSr. Systems AdministratorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.