Internal NIC weird after reconfig of RRAS server. Desperate!!

• Previous message: Dean Macinskas: "Re: No Internet access with RRAS enabled"
• Messages sorted by: [ date ] [ thread ]

Date: Wed, 08 Dec 2004 21:38:58 GMT

Hi all!

This is the weirdest thing I've encountered, and I need someone elses
perspective to tell me if I'm nuts or not. Here's the setup:

Two Server 2003 std on a DMZ configured as L2TP VPN servers. Checkpoint 1 FW
let's VPN traffic through to the external nics of the VPN servers. The
servers are configured to pass authentication through to RADIUS server (MS
IAS) on the internal LAN, and the checkpoint lets this through from the
internal nic of the VPN servers to the LAN no problem. It also permits the
servers and the VPN clients RDP, http, dns and file and printer sharing to
the LAN. Everything has been working absolutely perfect for a week.

Now, I wanted to pass some DHCP options to the clients, so I opted to
reconfigure the VPN servers. They each had an assigned pool of addresses to
give to clients. I checked the 'use dhcp' box instead and then configured
the dhcp relay with the address of the dhcp server which is on the internal
LAN (same machine that is running IAS incidently). When I restarted the RRAS
service, it failed giving me the error that it could not find any RADIUS
servers. So I check the set up, and the RADIUS is entered by it's dns name.
I start up nslookup and see that the server can't contact the dns server
(which is on the internal LAN), so the RRAS service fails. I soon discover
that the VPN server has no access whatsoever to the internal LAN. It's
absolutely isolated. Now I realize that the setup isn't gonna work anyhow,
since I don't have control of the FW, and it doesn't permit dhcp from the
DMZ to the LAN, so I configure it back to the old settings, with a fixed
pool of addresses. Still no luck. The server can't reach the LAN at all, and
the RRAS service won't start.

The second server hasn't been restarted sice the reconfiguration and is
still purring on, so I reconfigure it back to the static pool settings again
and restart it. Same thing! No access to the LAN. I'm so screwed!

Now, I realize troubleshooting something like this is hopeless without
access to the FW and the switch, but I really need to figure out if I've
missed something really obvious. Am I insane?? I remove RRAS on one of the
servers, restart it and configure RRAS again from scratch. No luck. The FW
won't let me ping anywhere which makes troubleshooting even harder, but if I
try to ping the FW interface that connects me to the LAN I get an arp entry,
so that works. The RRAS servers can ping each other fine from the internal
nics, so they seem happy, it's just that that's as far as they come. I see
nothing in the logs apart from the error message saying RRAS can't start
because it can't find the RADIUS server.

Any ideas anyone? ANY input on this extremely appreciated!!

TIA,
Örjan

• Previous message: Dean Macinskas: "Re: No Internet access with RRAS enabled"
• Messages sorted by: [ date ] [ thread ]