Re: Win 2003 VPN: Cannot reach LAN

From: Edo <Edo@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 14 Aug 2006 08:56:01 -0700

SAMIRJ,

I have no static filters I'm aware of. The basic firewall is not installed.

I'll try to give the network monitor a try and I'll start a new thread if I
find anything worth mentioning.

Thanks.

Ed.

"SAMIRJ [MS]" escribió:

Hmm - looks like your IP addressing + routing seems to be correct on VPN
client, VPN server as well as LAN client. Also I can see IP routing flag
(i.e. forwarding) is enabled on VPN server which is correct. But still you
are not able to access LAN machines from VPN client, but can access VPN
server resources from VPN client. Any body else have any clues here?

1) Is any kind of filtering is dropping the packets on RRAS server? like
RRAS static filters OR basic firewall?
2) Is it possible to get network packet capture by any chance
(http://support.microsoft.com/kb/243270/,
http://www.windowsnetworking.com/articles_tutorials/Analyzing-Traffic-Network-Monitor.html).
Install Netmon on RRAS server machine, start netmon on LAN adapter, connect
a VPN client, ping to LAN machine, stop netmon.

Regards,
Samirj
---------------------------------------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.

"Edo" <Edo@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:66507F5B-CC73-400D-8EDF-509698B662BF@xxxxxxxxxxxxxxxx

"SAMIRJ [MS]" escribió:

Lets not worry about name resolution for a moment and get things working
with IP address

Thank you again for your help.

1) Looking at your routing table of VPN client, it seems like you are
getting the default gateway address correctly. (Just a double-check -
ensure
"enable default gateway check" is checked on in the VPN client - as given
in
the firsts screen shot on
http://www.microsoft.com/technet/community/columns/cableguy/cg1003.mspx)

It is that way.

Try few things:
1.1) When you do tracert from VPN client machine to LAN NIC IP addresses
of
VPN server (i.e. 10.0.0.10), what do you see? Also try the same for some
LAN
machine IP address (10.0.0.x)

Sure:

tracert 10.0.0.10
Traza a 10.0.0.10 sobre caminos de 30 saltos como máximo.

1 76 ms * 72 ms 10.0.0.10

Traza completa.

tracert 10.0.0.13
Traza a 10.0.0.13 sobre caminos de 30 saltos como máximo.

1 * * * Tiempo de espera agotado para esta
solicitud.
2 * * * Tiempo de espera agotado para esta
solicitud.
3 * * * Tiempo de espera agotado para esta
solicitud.
and so on...

2) Have you enabled forwarding on VPN server? Can you do "ipconfig /all"
and
"route print" on VPN server and send the output?

Forwarding? Errrrh... No. How do I do that? (I enabled routing, thou)

Here's the output of 'ipconfig /all' and 'route print'

ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : tarzan
Primary Dns Suffix . . . . . . . : hq.navix.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : hq.navix.com
navix.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast
Ethernet
NIC
Physical Address. . . . . . . . . : 00-11-2F-BC-0A-A9
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.1
DNS Servers . . . . . . . . . . . : 127.0.0.1
10.0.0.1
Primary WINS Server . . . . . . . : 10.0.0.2

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.1.1
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :

route print

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 2f bc 0a a9 ...... Realtek RTL8139 Family PCI Fast Ethernet
NIC
- S
ecuRemote Miniport
0x10003 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface
Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.10 20
10.0.0.0 255.255.255.0 10.0.0.10 10.0.0.10 20
10.0.0.10 255.255.255.255 127.0.0.1 127.0.0.1 20
10.0.1.1 255.255.255.255 127.0.0.1 127.0.0.1 50
10.0.1.2 255.255.255.255 10.0.1.1 10.0.1.1 1
10.255.255.255 255.255.255.255 10.0.0.10 10.0.0.10 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
200.119.233.36 255.255.255.255 10.0.0.1 10.0.0.10 20
224.0.0.0 240.0.0.0 10.0.0.10 10.0.0.10 20
255.255.255.255 255.255.255.255 10.0.0.10 10.0.0.10 1
Default Gateway: 10.0.0.1
===========================================================================
Persistent Routes:
None

3) Can you ensure your LAN machines are getting the route you published
via
DHCP i.e. do "route print" on LAN machine

I'm sure. Here's the output of 'route print' in the LAN client:

===========================================================================
ILista de interfaces
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 20 51 d1 b4 ...... Intel(R) PRO/100 VE Network Connection -
SecuRemote Miniport
===========================================================================
===========================================================================
Rutas activas:
Destino de red M scara de red Puerta de acceso Interfaz
M‚trica
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.13 20
10.0.0.0 255.255.255.0 10.0.0.13 10.0.0.13 20
10.0.0.13 255.255.255.255 127.0.0.1 127.0.0.1 20
10.0.1.0 255.255.255.0 10.0.0.10 10.0.0.13 1
10.255.255.255 255.255.255.255 10.0.0.13 10.0.0.13 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.0.0.13 10.0.0.13 20
255.255.255.255 255.255.255.255 10.0.0.13 10.0.0.13 1
Puerta de enlace predeterminada: 10.0.0.1
===========================================================================
Rutas persistentes:
ninguno

Best Regards,

Ed.

References:
- Re: Win 2003 VPN: Cannot reach LAN
  - From: Robert L [MS-MVP]
- Re: Win 2003 VPN: Cannot reach LAN
  - From: SAMIRJ [MS]
- Re: Win 2003 VPN: Cannot reach LAN
  - From: Edo
- Re: Win 2003 VPN: Cannot reach LAN
  - From: SAMIRJ [MS]
- Re: Win 2003 VPN: Cannot reach LAN
  - From: Edo
- Re: Win 2003 VPN: Cannot reach LAN
  - From: SAMIRJ [MS]

Prev by Date: Re: Filter rule for web access
Next by Date: Win2k3 Ras Pptp question
Previous by thread: Re: Win 2003 VPN: Cannot reach LAN
Next by thread: Re: Win 2003 VPN: Cannot reach LAN
Index(es):
- Date
- Thread

Relevant Pages

Re: Win 2003 VPN: Cannot reach LAN
... Hmm - looks like your IP addressing + routing seems to be correct on VPN client, VPN server as well as LAN client. ... But still you are not able to access LAN machines from VPN client, but can access VPN server resources from VPN client. ... Here's the output of 'ipconfig /all' and 'route print' ...
(microsoft.public.win2000.ras_routing)
Re: Win 2003 VPN: Cannot reach LAN
... Looking at your routing table of VPN client, ... Also try the same for some LAN ... Here's the output of 'ipconfig /all' and 'route print' ... Can you ensure your LAN machines are getting the route you published via ...
(microsoft.public.win2000.ras_routing)
VPN Server
... I had installed Win2000 VPN Server in ISA 2004, ... connect to the system connected in LAN, ... VPN Client users are receiving the ip address ...
(microsoft.public.isa.vpn)
Re: vpn problem
... >>i have a winxp pro box acting as my vpn server. ... > You need the VPN Client outside the VPN Server's LAN to do the tests ... Otherwise you will need to put the VPN Client in a remote ...
(microsoft.public.windowsxp.work_remotely)
Re: vpn problem
... VPN Server. ... You need the VPN Client outside the VPN Server's LAN to do the tests ...
(microsoft.public.windowsxp.work_remotely)