Re: VPN Client can't access internal network -- Help?!?!

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Eric (estam_at_scsiweb.com)
Date: 04/07/04

• Next message: Mykhaylo Khodorev: "AD problems on VPN connection"
• Previous message: Mitch: "RE: Internet trhough VPN"
• In reply to: Sharoon Shetty K [MSFT]: "Re: VPN Client can't access internal network -- Help?!?!"
• Messages sorted by: [ date ] [ thread ]

---

Date: 7 Apr 2004 09:32:49 -0700

Hi Sharoon,

I don't see anything... maybe you will. Here is the info:

Server #1:
  NIC 1 IP Address: 66.xxx.yy.51 (Internet)
  NIC 2 IP Address: 32.71.250.156 (Internalnet(
  VPN IP Address: 32.82.186.244

===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface
Metric
          0.0.0.0 0.0.0.0 66.xxx.yy.49 66.xxx.yy.51
1
    32.71.250.128 255.255.255.224 32.71.250.156 32.71.250.156
1
    32.71.250.156 255.255.255.255 127.0.0.1 127.0.0.1
1
    32.82.186.244 255.255.255.255 127.0.0.1 127.0.0.1
1
   32.255.255.255 255.255.255.255 32.71.250.156 32.71.250.156
1
     66.153.70.48 255.255.255.240 66.xxx.yy.51 66.xxx.yy.51
1
     66.153.70.51 255.255.255.255 127.0.0.1 127.0.0.1
1
   66.255.255.255 255.255.255.255 66.xxx.yy.51 66.xxx.yy.51
1
        127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
1
        224.0.0.0 224.0.0.0 32.71.250.156 32.71.250.156
1
        224.0.0.0 224.0.0.0 66.xxx.yy.51 66.xxx.yy.51
1
  255.255.255.255 255.255.255.255 66.xxx.yy.51 66.xxx.yy.51
1
Default Gateway: 66.xxx.yy.49
===========================================================================
Persistent Routes:
  None

Server #2
  NIC 1 IP Address: 32.71.250.154 (Internalnet)
  NIC 2 IP Address: 66.xxx.yy.55 (Internet)
  VPN IP Address: 32.82.186.230

===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface
Metric
          0.0.0.0 0.0.0.0 66.xxx.yy.49 66.xxx.yy.55
1
    32.71.250.128 255.255.255.224 32.71.250.154 32.71.250.154
1
    32.71.250.154 255.255.255.255 127.0.0.1 127.0.0.1
1
    32.82.186.230 255.255.255.255 127.0.0.1 127.0.0.1
1
   32.255.255.255 255.255.255.255 32.71.250.154 32.71.250.154
1
     66.153.70.48 255.255.255.240 66.xxx.yy.55 66.xxx.yy.55
1
     66.153.70.55 255.255.255.255 127.0.0.1 127.0.0.1
1
   66.255.255.255 255.255.255.255 66.xxx.yy.55 66.xxx.yy.55
1
        127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
1
        224.0.0.0 224.0.0.0 32.71.250.154 32.71.250.154
1
        224.0.0.0 224.0.0.0 66.xxx.yy.55 66.xxx.yy.55
1
  255.255.255.255 255.255.255.255 32.71.250.154 32.71.250.154
1
Default Gateway: 66.xxx.yy.49
===========================================================================
Persistent Routes:
  None

The LAT on both is:
>From To
 32.71.250.128 32.71.250.159
 32.82.186.224 32.82.186.255
 32.255.255.255 32.255.255.255

One note, I can ping from both Server #1 and Server #2 to anywhere I
want on the internal network.

Hopefully you will see something

Eric

"Sharoon Shetty K [MSFT]" <sharoons@online.microsoft.com> wrote in message news:<OVYOneHHEHA.3772@TK2MSFTNGP12.phx.gbl>...
> Could you check the routing table entries for both machine 1 and 2 any imp
> difference between them?
>
> --
>
> Thanks
> Sharoon
> sharoons@online.microsoft.com
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> "Eric" <estam@scsiweb.com> wrote in message
> news:c84aa573.0404061122.9ca0c95@posting.google.com...
> > Hello All,
> >
> > The current configuration consists of 3 machines:
> > 1. ISA Server original
> > 2. ISA Server new
> > 3. PC (w2k) on the web
> >
> > To the best of my knowledge machine #1 and #2 are the same. They both
> > have:
> > ISA 2000 + sp1
> > RRAS
> > W2k + sp3 + windows updates
> >
> > Obviously, they are not the same machine, so there are hardware
> > differences, but they both have 2 NIC cards (1 for Internet + 1 for
> > Internalnet)
> >
> > The PC has a network connection for VPN defined for machine #1. Then
> > I copied it and changed the IP address to point to #2.
> >
> > Both connections go active and I can "logon" to both connections.
> >
> > When I am connected to #2, I can ping the ISA server using the VPN
> > address and the internal network address, but nowhere else on the
> > Internal network. I can ping from #2 to the internal network. When I
> > tracert from the PC through #2, tracert shows the ISA server (the VPN
> > address), and then the normal request timeout message.
> >
> > All the above are successfull on #1.
> >
> > There must be something simple that I am missing... but I can't see
> > it.
> >
> > The internal network has 2 ranges. The first is primarily used by the
> > machines in the network. The second is used by ancillary machines and
> > the VPN. The PDC is multihomed. The ISA/LAT is the same for both
> > machines and has both ranges defined as internal.
> >
> > Please keep the questions coming... Hopefully, this will turn out to
> > be an easy problem.
> >
> > Eric
> >
> > "Sharoon Shetty K [MSFT]" <sharoons@online.microsoft.com> wrote in message
> news:<#GyeRG9GEHA.2408@TK2MSFTNGP12.phx.gbl>...
> > > Can you check the tracert output ?
> > >
> > > --
> > >
> > > Thanks
> > > Sharoon
> > > sharoons@online.microsoft.com
> > >
> > > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> > >
> > > "Eric" <estam@scsiweb.com> wrote in message
> > > news:c84aa573.0404020816.168878bf@posting.google.com...
> > > > Hello,
> > > >
> > > > I am trying to swap out my ISA computer to a new
> > > > bigger/faster/stronger machine. I need to be able to test my new
> > > > machine without disrupting the current configuration.
> > > >
> > > > Problem:
> > > >
> > > > VPN client CAN connect to ISA/RRAS machine. CAN ping ISA/RRAS
> > > > machine. Can NOT access(VNC)/ping any machine on the internal
> > > > network.
> > > >
> > > >
> > > > Environment:
> > > >
> > > > NT Domain
> > > > W2K Server (stand alone)
> > > > ISA 2000 (Firewall mode)
> > > > RRAS
> > > > 2 NIC cards (Internet & Internal)
> > > >
> > > > I have a test machine here... I have 2 VPN Clients configured (1 for
> > > > each server) The original client works perfectly. The second one
> > > > fails. I can see no significant differences in the Route table.
> > > >
> > > > What did I miss?
> > > >
> > > > Eric

---

• Next message: Mykhaylo Khodorev: "AD problems on VPN connection"
• Previous message: Mitch: "RE: Internet trhough VPN"
• In reply to: Sharoon Shetty K [MSFT]: "Re: VPN Client can't access internal network -- Help?!?!"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: VPN Client cant access internal network -- Help?!?! ... The current configuration consists of 3 machines: ... ISA Server original ... When I am connected to #2, I can ping the ISA server using the VPN ... address and the internal network address, ... (microsoft.public.isa.vpn) VPN / DNS - Part 2 ... connect to hostnames of machines but I can using IP - obviously it is DNS ... I am using the same range of IP as my internal network for my VPN; ... I do not have the correct subnet mask, DNS, gateway. ... (microsoft.public.win2000.ras_routing) Re: problem with 2 nics and cable internet ... > Could you show me the routing table on the 2000 server and tell me which ip ... > is for your internal network and which is for your cable modem. ... Active Routes: ... (microsoft.public.win2000.networking)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > ISA  > microsoft.public.isa.vpn  > 2004-04