Re: RRAS, DNS, NAT, and Web Browsing

From: Robert L [MS-MVP] (noreply_at_hotmail.com)
Date: 12/30/04 

Date: Thu, 30 Dec 2004 15:22:37 -0600

can you ping a public ip like 4.2.2.1? 

-- 
For more and other information, go to  http://www.ChicagoTech.net
Don't send e-mail or reply to me except you need consulting services. 
Posting on MS newsgroup will benefit all readers and you may get more help.
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on 
http://www.ChicagoTech.net
Networking Solutions, http://www.chicagotech.net/networksolutions.htm
VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm
VPN Process and Error Analysis, http://www.chicagotech.net/VPN%20process.htm
VPN Troubleshooting, http://www.chicagotech.net/vpn.htm
This posting is provided "AS IS" with no warranties.
"Jim Davis" <no-spam-for-revhippie@frontiernet.net> wrote in message 
news:_lYAd.1517$Ju5.857@news01.roc.ny...
> Symptom:
>
> VPN client is still using its default internet connection's DNS for 
> resolving, *except* when specifically using nslookup.  Client can't 
> connect to anything outside of the server's network.  The server's 
> firewall seems to be configured properly and "[x] Use default gateway on 
> remote network" is checked.
>
> ----------------
> C:\>nslookup www.example.com
> *** Can't find server name for address 192.168.0.1: Non-existent domain
> Server:  cronus.example.com
> Address:  192.168.2.2
>
> Name:    athena.example.com
> Address:  192.168.1.3
> Aliases:  www.example.com
> (OK)
>
> C:\>ping 192.168.1.3
>
> Pinging 192.168.1.3 with 32 bytes of data:
>
> Reply from 192.168.1.3: bytes=32 time=90ms TTL=62
> (OK)
>
> C:\>ping www.example.com
>
> Pinging example.com [204.x.x.2] with 32 bytes of data:
>
> Request timed out.
> (NOT OK.  It's getting the external address of www.example.com from the 
> client's local DNS server instead of from cronus.example.com on the 
> server's network.  There is nothing bogus in the client's hosts or lmhosts 
> that could account for this.)
>
> C:\>ping www.google.com
>
> Pinging www.google.akadns.net [64.233.161.104] with 32 bytes of data:
>
> Request timed out.
> (NOT OK.  I expect this to go from [client]->[rras server]->[rras server's 
> firewall]->(real world) and to work just as it would from [other host on 
> rras server's network]->[rras server's firewall]->(real world), which 
> *does* work.)
> ----------------
>
> I would like clients connected to our RRAS server to conduct all traffic 
> as if they were directly connected to our LAN; including web browsing.
>
> Our RRAS server has one NIC on the inside of the LAN and one in our NATted 
> DMZ.  It looks something like this if you're using a fixed-width font:
>
> (lan:192.168.2.0/24)--[firewall]--(outside:204.x.x.x)
>          |                 |
>          |        (dmz:192.168.12.20/30)
>          |                 |
> [RRAS:192.168.2.13 and 192.168.1.22]
>
> The client is also behind a DSL modem's NAT:
>
> [client:192.168.0.2]--[dsl modem 192.168.0.1]--(outside)
>
> My client can VPN into the RRAS box and receives DHCP/DNS/WINS information 
> properly from the appropriate server on the LAN.  Here's the output of 
> "ipconfig/all" from the client while connected:
>
> ----------------
> Windows 2000 IP Configuration
>
> Host Name . . . . . . . . . . . . : feline
> Primary DNS Suffix  . . . . . . . :
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : example.com
>
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix  . :
> Description . . . . . . . . . . . : NETGEAR FA310TX Fast Ethernet Adapter 
> (NGRPCI)
> Physical Address. . . . . . . . . : 00-A0-CC-5D-A4-D6
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.0.2
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.0.1
> DNS Servers . . . . . . . . . . . : 192.168.0.1
>
> PPP adapter VPN via Uranus:
>
> Connection-specific DNS Suffix  . : example.com
> Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
> Physical Address. . . . . . . . . : 00-53-45-00-00-00
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.2.145
> Subnet Mask . . . . . . . . . . . : 255.255.255.255
> Default Gateway . . . . . . . . . :
> DNS Servers . . . . . . . . . . . : 192.168.2.2
>                                     192.168.2.2
>                                     192.168.3.2
> Primary WINS Server . . . . . . . : 192.168.2.2
> Secondary WINS Server . . . . . . : 192.168.3.2
> ----------------
>
> Here's the output of "route print" on the client while connected:
>
> ----------------
> ===========================================================================
> Interface List
> 0x1 ........................... MS TCP Loopback interface
> 0x1000003 ...00 a0 cc 5d a4 d6 ...... NETGEAR FA310TX Fast Ethernet PCI 
> Adapter
> 0x12000004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
> ===========================================================================
> ===========================================================================
> Active Routes:
> Network Destination        Netmask          Gateway       Interface 
> Metric
>           0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.2   2
>           0.0.0.0          0.0.0.0    192.168.2.145   192.168.2.145   1
>         127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1   1
>       192.168.0.0    255.255.255.0      192.168.0.2     192.168.0.2   1
>       192.168.0.2  255.255.255.255        127.0.0.1       127.0.0.1   1
>     192.168.0.255  255.255.255.255      192.168.0.2     192.168.0.2   1
>     192.168.2.145  255.255.255.255        127.0.0.1       127.0.0.1   1
>     192.168.2.255  255.255.255.255    192.168.2.145   192.168.2.145   1
>        204.x.x.13  255.255.255.255      192.168.0.1     192.168.0.2   1
>         224.0.0.0        224.0.0.0      192.168.0.2     192.168.0.2   1
>         224.0.0.0        224.0.0.0    192.168.2.145   192.168.2.145   1
>   255.255.255.255  255.255.255.255      192.168.0.2     192.168.0.2   1
> Default Gateway:     192.168.2.145
> ===========================================================================
> Persistent Routes:
>   None
> ----------------
>
> What have I done wrong?  I've been wrestling with this for two days and 
> about to lose my mind.
>
> -- 
> Jim Davis

Relevant Pages

  • RE: VPN connection
    ... I understand that when you try to establish a VPN ... connection from a remote client, the connection terminated in the process ... Please temporarily place a client directly connected to the external NIC ... of the SBS Server. ...
    (microsoft.public.windows.server.sbs)
  • Re: Routing and Remote Access - Authentication Failure
    ... connectivity so the VPN server does not need to offer that to the client. ... Some ISPs block inbound VPN connection capabilities. ...
    (microsoft.public.windows.server.networking)
  • RE: Connecting to resources over a SBS 2003 VPN
    ... SBS 2003 Standard so ISA server is not installed. ... Client when the VPN is enabled is as follows:- ... when they are i the LAN, the problem only occurs over the VPN ... Ethernet adapter Wireless Network Connection: ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS2003, Sharepoint, VPN (and dialup) question
    ... As a default Microsoft VPN connection, after the client establish the connection with SBS server, the default ... I think you need to set the remote SBS server DNS as main DNS server. ...
    (microsoft.public.windows.server.sbs)
  • RE: VPN issue on SBS2003
    ... I understand that you encountered VPN connection issue when you use VPN to ... Internet clients or VPN to external VPN Server from SBS Client computers? ... Configure E-mail and Internet Connection Wizard ... Total GRE packets sent = 1 ...
    (microsoft.public.windows.server.sbs)