Re: VPN routing with W2K RRAS

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: InBan (InBan_at_discussions.microsoft.com)
Date: 07/13/04 

Date: Tue, 13 Jul 2004 06:34:02 -0700

Thats correct Bill, without a static route on each router the traffic will not be able to reach its destination. A route on the corporate RRAS server is required for return traffic to reach its destination.

If I'm reading your drawing correctly (I am assuming your using 24 bit netmasks?);

On the home RRAS server you'll need a route;
destination: 172.20.10.0/24
Metric: 1
I don't think you'll need a gateway here... What do you think Bill?

On the Corp server:
Destination: 172.30.16.0/24
Metric: 1
You shouldn't need a gateway defined here.

If you recieve an address from a static address pool or a DHCP server that is in a seperate range on the corp side you should have a route to that subnet aswell IF it is a seperate range.

Ian

"Bill Grant" wrote:

> A connection like this will not route between the two sites. The
> corporate server will only route traffic back to its client (ie your home
> server). To route to traffic behind that machine, you need to set up a
> router to router VPN link.
>
> With a router to router link, each router has the routing info it needs
> to send traffic for the "other" site through the VPN link. The link works
> like a slow IP router between the two sites, because each router has a route
> to the other site's IP subnet through the connection.
>
> "Robert Moody" <moody47@comnospamcast.net> wrote in message
> news:6UyIc.571022$ef4.68790@news.easynews.com...
> > I have tried looking through this newsgroup to no avail. I am trying
> > to set up a W2k server to act as a router for a home office and connect to
> > corporate office. Most of it work right but some does not .
> >
> > I can connect from the W2K server to the internet and the corp network and
> > all servers OK
> >
> > The laptop in the 172.30.16.0 network connects to the internet OK
> >
> > The laptop cannot ping anything on the corp network. I can ping
> > 172.20.10.143 the address
> > assigned by the PPTP server the the VPN connection. I cannot ping
> > 172.20.10.29 the
> > PPTP server LAN nic.
> >
> > Any help will be appreciated
> >
> > Here is my configuration
> >
> >
> > 172.20.10.3 172.20.10.4
> > Server A | | Server B
> > | |
> > -------------------------
> > |
> > | 172.20.10.0 network
> > |
> > ------------------------------
> > | 172.20.10.29 NIC1 | ---------------
> > | PPTP server |--------- | 172.20.10.243 |
> > | 69.x.x.x NIC2 | | |
> > ------------------------------ | |
> > | | |
> > | Internet | |
> > | | |
> > ----------------- | Demand Dial |
> > | 24.X.X.X | | VPN |
> > | Cable modem | | Configured |
> > | 10.1.1.1| | On W2K server|
> > ----------------- | |
> > | | |
> > | 10.1.1.0 Network | |
> > | | |
> > ---------------------- | |
> > | 10.1.1.45 NIC1 | | |
> > | W2K Server |----------------| 172.30.16.200 |
> > | 172.30.16.1 Nic2 | ---------------
> > ----------------------
> > |
> > | 172.30.16.0 network
> > |
> > 172.30.16.10
> > Laptop
> >
> >
> >
> >
> >
> > Network Destination Netmask Gateway Interface
> Metric
> > 0.0.0.0 0.0.0.0 10.1.1.1 10.1.1.45
> 1
> > 10.1.1.0 255.255.255.0 10.1.1.45 10.1.1.45
> 1
> > 10.1.1.45 255.255.255.255 127.0.0.1 127.0.0.1
> 1
> > 10.255.255.255 255.255.255.255 10.1.1.45 10.1.1.45
> 1
> > 69.xx.xx.xxx 255.255.255.255 10.1.1.1 10.1.1.45
> 1
> > 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
> 1
> > 172.20.10.0 255.255.255.0 172.20.10.29 172.20.10.243
> 1
> > 172.20.10.29 255.255.255.255 172.20.10.243 172.20.10.243
> 1
> > 172.20.10.243 255.255.255.255 127.0.0.1 127.0.0.1
> 1
> > 172.20.255.255 255.255.255.255 172.20.10.243 172.20.10.243
> 1
> > 172.30.16.0 255.255.255.0 172.30.16.1 172.30.16.1
> 1
> > 172.30.16.1 255.255.255.255 127.0.0.1 127.0.0.1
> 1
> > 172.30.16.200 255.255.255.255 127.0.0.1 127.0.0.1
> 1
> > 172.30.255.255 255.255.255.255 172.30.16.1 172.30.16.1
> 1
> > 224.0.0.0 224.0.0.0 10.1.1.45 10.1.1.45
> 1
> > 224.0.0.0 224.0.0.0 172.20.10.243 172.20.10.243
> 1
> > 224.0.0.0 224.0.0.0 172.30.16.1 172.30.16.1
> 1
> > 255.255.255.255 255.255.255.255 10.1.1.45 10.1.1.45
> 1
> > Default Gateway: 10.1.1.1
> >
> ===========================================================================
> > Persistent Routes:
> > None
> >
> >
>
>
>

Relevant Pages

  • Re: Setup of Router machine with FreeBSD
    ... I experienced connection problem from server machineto ... router interface. ... the IP of network cards correctly and connect them with cable. ... It seems to me your problem is in your route configuration. ...
    (freebsd-questions)
  • Re: Windows 2k arp table problem
    ... >When a Cisco router has the best route to some ... >destination, in can proxy-arp for that destination, that is, reply ... a 192.168.2.x host sending a packet to the wrong router will ... >>the gateway since we are not allow every user has the internet access rights. ...
    (microsoft.public.win2000.networking)
  • Re: How to force looparound and not loopback?
    ... OTOH be aware that only one IP (adapter) used to send data to destination ... and connect them to a Linksys router. ... However, winsock and the table route seem to force a loopback, ...
    (microsoft.public.win32.programmer.networks)
  • Re: A DHCP setting question.
    ... "route add" command in login script need the user has the privilege of changing network configuration. ... >> I have a question about DHCP server option '033 static route option'. ... My ISP provided a router to my company for internet connection. ... One of our client required us to logon their internetapplication ...
    (microsoft.public.windows.server.networking)
  • Re: deny access
    ... Don't mess with the router. ... the config off to a TFTP server. ... You could also add a static route to that ip using the route command, ... You may also want to consider host based firewalls ...
    (Security-Basics)