Re: Cannot access LAN computers when connecting from externally via VPN.
- From: Jim Willsher <jim@xxxxxxxxxx>
- Date: Tue, 14 Jun 2005 09:46:23 +0100
Hello Lee,
Many thanks for the information, and the link. Our "route" information
has only ever been created by the system, and never manually. The
routeprint output is as follows:
C:\Documents and Settings\Administrator>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x1000002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x1000003 ...00 0f 1f 65 04 9d ...... Broadcom NetXtreme Gigabit
Ethernet Driver
(Microsoft's Packet Scheduler)
0x1000004 ...00 0f 1f 65 04 9e ...... Broadcom NetXtreme Gigabit
Ethernet Driver
(Microsoft's Packet Scheduler)
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface
Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
172.16.2.0 255.255.255.0 192.168.1.43 192.168.1.43 1
192.168.0.0 255.255.255.0 192.168.0.2 192.168.0.2 1
192.168.0.2 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.0.255 255.255.255.255 192.168.0.2 192.168.0.2 1
192.168.1.0 255.255.255.0 192.168.1.43 192.168.1.43 1
192.168.1.43 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.1.241 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.1.255 255.255.255.255 192.168.1.43 192.168.1.43 1
224.0.0.0 224.0.0.0 192.168.0.2 192.168.0.2 1
224.0.0.0 224.0.0.0 192.168.1.43 192.168.1.43 1
255.255.255.255 255.255.255.255 192.168.0.2 192.168.0.2 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
C:\Documents and Settings\Administrator>
There is an entry for 172.16.2.0, would it be this entry which stops
the VPN from working if the VPN DHCP range is 172.16.2.x?
Jim
On Tue, 14 Jun 2005 03:52:01 GMT, leelili@xxxxxxxxxxxxxxxxxxxx ("Lee
Li[MSFT]") wrote:
>Dear Jim,
>
>Thank you for your update.
>
>I am glad to hear the issue had been resolved.
>As I had mentioned in the previous, the problem is related with you routing
>structurer.
>Which IP range that you had used is not the root cause of this issue.
>Let me explain the issue in more detail so you can understand it better.
>
>When you setup VPN on a Windows 2003/2000 server, the RRAS service will be
>started and accept the incoming VPN connections.
>The RRAS server will also act as a routing server in the same time.
>By default, the VPN client will point the VPN server as the default gateway.
>This means if a client computer cannot know where to send the packages, it
>will send to the VPN server and let it redistribute the package.
>The problem here is whether the VPN server can know the packages should be
>sent to Internal NIC on it while you trying to visit the internal subnet
>behind the server.
>This will be configured by the routing table on the VPN server. (To view
>the routing table settings, run the "route print" command on the server)
>By default, the ISA/RRAS will build the routing automatically based on the
>IP interface that you had configured.
>However if you had changed the routing table by yourselves, this will cause
>the issue like.
>
>If you configured the IP of the VPN client to 192.168.1.X, the VPN client
>will be considered as in the same subnet as the internal computer.
>At this time, the incorrect routing will not take much effect on this
>configuration so you can visit the internal computers correctly.
>
>You can take a look at the following URL for more information:
>321516 How to use the Windows 2000 Routing and Remote Access Service or ISA
>http://support.microsoft.com/?id=321516
>
>Hope the above informtion helps. Have a nice day!
>
>
>Sincerely,
>
>Lee Li
>Microsoft Online Partner Support
>
>When responding to posts, please "Reply to Group" via your newsreader so
>that others may learn and benefit from your issue.
>=====================================================
>Business-Critical Phone Support (BCPS) provides you with technical phone
>support at no charge during critical LAN outages or "business down"
>situations. This benefit is available 24 hours a day, 7 days a week to all
>Microsoft technology partners in the United States and Canada.
>
>This and other support options are available here:
>BCPS:
>https://partner.microsoft.com/US/technicalsupport/supportoverview/40010469
>Others: https://partner.microsoft.com/US/technicalsupport/supportoverview/
>
>If you are outside the United States, please visit our International
>Support page:
>http://support.microsoft.com/default.aspx?scid=%2finternational.aspx.
>
>=====================================================
>This posting is provided "AS IS" with no warranties, and confers no rights.
.
- References:
- Cannot access LAN computers when connecting from externally via VPN.
- From: Jim Willsher
- Re: Cannot access LAN computers when connecting from externally via VPN.
- From: "Lee Li[MSFT]"
- Re: Cannot access LAN computers when connecting from externally via VPN.
- From: Jim Willsher
- Re: Cannot access LAN computers when connecting from externally via VPN.
- From: "Lee Li[MSFT]"
- Cannot access LAN computers when connecting from externally via VPN.
- Prev by Date: Permissions error in ISA 2000
- Next by Date: Re: Permissions error in ISA 2000
- Previous by thread: Re: Cannot access LAN computers when connecting from externally via VPN.
- Next by thread: Re: Cannot access LAN computers when connecting from externally via VPN.
- Index(es):
Relevant Pages
|
