Re: RRAS as VPN Server Configuration Questions...
- From: "Mike B." <mikebobowski@xxxxxxxxx>
- Date: Fri, 6 Jan 2006 07:37:19 -0600
Robert,
Thanks for the reply. Here is a dump before any manual modifications
I've tried (MAC Addresses have been removed for security reasons). More
info on the network setup I forgot to mention in the original post is in the
reply to Bill Grant.
Thanks for any help,
Mike B.
I.D.M. Technologies
Milwaukee, WI, USA
c:\ipconfig /all
Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : server
Primary DNS Suffix . . . . . . . : abc.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : abc.local
Ethernet adapter LAN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI TX NIC
(3C905B-TX) #1
Physical Address. . . . . . . . . : *Removed from post for security
reasons*
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.20.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.20.1
DNS Servers . . . . . . . . . . . : 192.168.20.2
Primary WINS Server . . . . . . . : 192.168.20.2
Ethernet adapter VPN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI TX NIC
(3C905B-TX) #2
Physical Address. . . . . . . . . : *Removed from post for security
reasons*
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.10.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1
c:\route print *
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...*Removed MAC from post for security reasons* ...... 3Com EtherLink
PCI (Microsoft's Packet Scheduler)
0x3 ...*Removed MAC from post for security reasons* ...... 3Com EtherLink
PCI (Microsoft's Packet Scheduler)
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.20.1 192.168.20.2 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.10.0 255.255.255.0 192.168.10.2 192.168.10.2 1
192.168.10.2 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.10.255 255.255.255.255 192.168.10.2 192.168.10.2 1
192.168.20.0 255.255.255.0 192.168.20.2 192.168.20.2 1
192.168.20.2 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.20.255 255.255.255.255 192.168.20.2 192.168.20.2 1
224.0.0.0 224.0.0.0 192.168.10.2 192.168.10.2 1
224.0.0.0 224.0.0.0 192.168.20.2 192.168.20.2 1
255.255.255.255 255.255.255.255 192.168.10.2 192.168.10.2 1
Default Gateway: 192.168.20.1
===========================================================================
Persistent Routes:
None
"Robert L [MS-MVP]" <noreply@xxxxxxxxxxx> wrote in message
news:e3cgvUkEGHA.1028@xxxxxxxxxxxxxxxxxxxxxxx
It is not recommended to enable RRAS on a DC. However, if you configure it
correctly, it should work. It seems to me this is routing issue. Have you
enable IP routing on the server? or posting the routing table here may help.
Name resulotion on VPN Connection issues on DC, ISA, DNS and WINS server as
VPN server How to assign DNS and WINS on VPN client manually Name resolution
Issue in a VPN client ...
www.chicagotech.net/nameresolutionpnvpn.htm
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"Mike B." <mikebobowski@xxxxxxxxx> wrote in message
news:euNORYhEGHA.648@xxxxxxxxxxxxxxxxxxxxxxx
Hi all,
I have a client with a single Windows 2000 Advanced Server controlling a
local domain (abc.local). This very small company (1 Server, 4 Workstations
and 2 Laptops) CANNOT afford a second server. However, they wish to enable
remote access (VPN). I have configured the network in the following way:
Cable/DSL Modem
|
Router #1
| \
| \
| \
Router #2 Server
| /
| /
| /
Switch
|
Rest of network
Router #1:
WAN IP: Dynamic (Set by ISP - FOR NOW, client will get static IP after
RRAS working)
(IP, Mask, Gateway and DNS configured through ISPs DHCP)
LAN IP: 192.168.10.1
LAN Mask: 255.255.255.0
DNS Relay: Enabled
Everything blocked Except:
IPSec Passthrough Enabled
PPPoE Passthrough Enabled
PPTP Passthrough Enabled
Ext.Port TCP 1723 Forwarded to
Int.Port TCP 1723 on Server NIC #2: 192.168.10.2
Router #2:
WAN IP: 192.168.10.10
WAN Mask: 255.255.255.0
WAN Gateway: 192.168.10.1
LAN IP: 192.168.20.1
LAN Mask: 255.255.255.0
DNS Relay: Enabled
Everything blocked
Server:
NIC #1: configured and connected to internal network via Switch (intranet)
NIC #1 IP: 192.168.20.2
NIC #1 Mask: 255.255.255.0
NIC #1 Gateway: 192.168.20.1
NIC #2: configured and connected to external network via Router #1
(internet)
NIC #2 IP: 192.168.10.2
NIC #2 Mask: 255.255.255.0
OS: Windows 2000 Advanced Server (All updates applied)
PDC - abc.local
Active Directory
DHCP - Scope (192.168.20.10 - 192.168.20.250)
DNS - Standard Files; NOT Active Directory Stored
WINS
Routing And Remote Access - * currently disabled *
At this point everything is working beautifully! Then I configure RRAS.
During setup I choose Remote Access NOT VPN Server, because I read VPN
Server mode is for a stand-alone server not a PDC. With just that
configured everything is still working fine (internal workstations have
access to the internet and can browse locally) and remote clients can
connect. However, remote clients cannot even ping internal workstations,
all they see is the server. When attempting to ping an internal workstation
from the remote client by name, the name is resolved to an IP address. So,
I'm assuming that the clients are resolving (seeing) the DNS and this is a
route problem? I know I can NOT put a default gateway on NIC #2 to point at
NIC #1, so I've tried adding a route from NIC #2 to the loopback
(127.0.0.1)?
The BIG QUESTION, is everything I need to configure to get this working in
RRAS GUI or do I need to configure routes manually through "route add -p"???
The smaller BIG QUESTION is can anybody please help with specifics not
generics?
Thanks in advance for any assistance,
Mike B.
I.D.M. Technologies
Milwaukee, WI, USA
.
- Follow-Ups:
- Re: RRAS as VPN Server Configuration Questions...
- From: Robert L [MS-MVP]
- Re: RRAS as VPN Server Configuration Questions...
- References:
- RRAS as VPN Server Configuration Questions...
- From: Mike B.
- RRAS as VPN Server Configuration Questions...
- Prev by Date: Re: RRAS as VPN Server Configuration Questions...
- Next by Date: Re: RRAS as VPN Server Configuration Questions...
- Previous by thread: Re: RRAS as VPN Server Configuration Questions...
- Next by thread: Re: RRAS as VPN Server Configuration Questions...
- Index(es):
Relevant Pages
|
