Re: 2nd route to LAN added when client connects

Robert,

I can't access the machine at the moment as it is at another location and
with the VPN not functioning then I can get in to pull the commands you
requested.

However, let me clarify what's happening with hopes you have seen this before:

The server has a LAN address of 10.0.0.1 and is on a network 10.0.0.0/24.
The route I am speaking of is the route to local LAN that is put in the
routing table when you configure the NIC. In my case this route looks like
this:

Network Dest Netmask Gateway Interface Metric
10.0.0.0 255.255.255.0 10.0.0.1 10.0.0.1 20

10.0.0.1 is the LAN address.

After the RAS client connects there is another route added so the two
entries of interest look like this:

Network Dest Netmask Gateway Interface Metric
10.0.0.0 255.255.255.0 10.0.0.1 10.0.0.1 20
10.0.0.0 255.255.255.0 10.0.0.118 10.0.0.121 1 <-this
route added when client connects (in addtion to the host route that is also
added like you usually see for each client)

10.0.0.118 is the address assigned to the RAS client (using DHCP).
10.0.0.121 is the Internal Interface on the server used by RAS. As you can
see after this route is added the server is routing to 10.0.0.0 via the RAS
tunnel vs. the LAN Interface so the PCs on the 10.0.0.0/24 local subnet are
"disconnected" from the server. The only thing I could think of what that
this was related to something that is configured automatically since there
are two NICs in the server, but I ran the the Internet Connection wizard and
set-up up the server to use one NIC for Internet and LAN.

Have you ever heard of this before. What would be making RRAS add this route?

Thanks,
John

"Robert L [MVP - Networking]" wrote:

RRAS may modify the routing table but should not create another default gateway. Posting the routing table and ipconfig /all here may help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"John Philips" <JohnPhilips@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:8CDFD49B-D1E7-4431-BBBC-9EA2C7838E40@xxxxxxxxxxxxxxxx
I have a SBS 2003 with dual NICs, but I am running the machine in a single
NIC configuration. I have set-up RRAS for remote access, which I have done
many times before on other machines. For this particular machine, when a RAS
clent connection, the RRAS on the server adds a 2nd route for the local LAN
to the routing stack. With the same destination, but with the vpn client's
assigned IP address as the gateway.

To illustrate:

Before the VPN client connects, the routing table contains 10.0.0.0/24 with
a gateway of 10.0.0.1 (Server Local Area Connection address). This entry has
a metric of 10.

After the VPN client connects, the routing table contains a 2nd entry of
10.0.0.0/24 with a gateway of 10.0.0.118 (the address assigned to the RAS
client). This entry has a metric of 1. Since this route has a lower metric
it becomes the preferred route for the LAN and not of the PCs on the LAN can
communicate with the server.

When the RAS client disconnects the route is removed, and the PC on the LAN
can reach the server again.

I have dug through the RRAS configs many times and can't explain this. Does
anyone know what could be causing this? Or, can you provide some pointers on
how you control the routes that get added to the server when a RAS client
connects?

Thanks,
John
.

Relevant Pages

  • Re: VPN routing - single NIC - SOLVED
    ... What should happen is that the server ... acts as a proxy for the remote client. ... idea is to put the remotes in their own IP subnet and route this subnet ... Nothing is configured in RAS Admin - No policy and no Static Route. ...
    (microsoft.public.windows.server.networking)
  • RE: Route added by RRAS that overrides local LAN route on NIC
    ... your ISP DNS server IP should be ... On the client workstation, ... Assigned by DHCP on SBS or your hardware router ... Route added by RRAS that overrides local LAN route on NIC ...
    (microsoft.public.windows.server.sbs)
  • Network Admin-Myrtle Beach, SC
    ... SofTec I.T. has a terrific permanent opportunity with a premier client ... for a Senior Network Administrator. ... Configures and maintains the organizations LAN server and LAN ...
    (comp.dcom.sys.cisco)
  • Re: Cant browse the network over VPN?!
    ... running WINS on the LAN, WINS will have an entry for the Domain Master ... If the client has the correct WINS address, ... > server, and you attempt to connect to a computer using a PPTP/VPN client, ... > opening Network Knighthood. ...
    (microsoft.public.windows.server.networking)
  • XP VPN - Force nslookup to use DNS servers supplied by RRAS?
    ... client connecting to office LAN via Windows VPN connection, ... the client will attempt to connect to a server on the LAN by ... who frequently use the Windows VPN connection to ...
    (microsoft.public.windowsxp.work_remotely)