Re: VERY frustrating 2000 server RRAS/VPN problem

From: Phillip Windell (_at_.)
Date: 04/02/04 

Date: Fri, 2 Apr 2004 10:59:11 -0600

The problem is there is more than one way to do this stuff. Now I have
never heard of only having one NIC in a VPN Server since the point is for it
to accept VPN users from the internet on one side and let them use resources
on the other side.

Keep your eye on Matt. I think he has a good grip on what you are trying to
do. 

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
<jjd228@NOSPAMoptonline.net> wrote in message
news:fNgbc.24602$Nu3.6569803@news4.srv.hcvlny.cv.net...
> ok, so please let me get this all straight.
>
> first, i only have one nic in the machine. so youre telling me that i dont
> have to configure a dhcp relay agent, NOR do i have to create a pool of ip
> addresses within RRAS... youre saying that i dont have to do either?
please
> verify that and i will test it.
>
>
> "Phillip Windell" <@.> wrote in message
> news:uODNekMGEHA.3540@TK2MSFTNGP09.phx.gbl...
> > Your client machine receives an address when connecting (or it should),
> > therefore it is already in the same subnet (or it should be), so there
is
> no
> > "routing",...you can not "route" to where you are already at to start
> with.
> > You need to verify which address your client is receiving and verify
> > specifically which machine you can ping and which you cannot, and the
> subnet
> > each is in if there are multiple subnets. Knowing *all* this makes a big
> > difference when trying to troublshoot this type of stuff.
> >
> >
> > --
> >
> > Phillip Windell [MCP, MVP, CCNA]
> > www.wandtv.com
> >
> >
> > <jjd228@NOSPAMoptonline.net> wrote in message
> > news:oyfbc.24175$Nu3.6348790@news4.srv.hcvlny.cv.net...
> > > great! i can connect now. however i cant ping any machines on the
> network.
> > i
> > > imagine i need to create a static route somewhere. i know that when
> using
> > > dialin access via a phone modem to act as in ISP a static route must
be
> > > created with 0.0.0.0... would this be the same case?
> > >
> > >
> > > "Matthew [MSFT]" <mfresoli@online.microsoft.com> wrote in message
> > > news:OO79DKMGEHA.1128@TK2MSFTNGP11.phx.gbl...
> > > > If you are using the domain name when logging one with the VPN
client,
> > > then
> > > > the server is mostlikely trying to use the domain admin account.
> > > >
> > > > When logging on, try using the context machinename\username, where
> > machine
> > > > name is the RRAS server name.
> > > >
> > > > Another thing to try would be creating a new user locally that does
> not
> > > have
> > > > a domain account and give it dial in permissions.
> > > >
> > > > On your VPN connection properties, leave the domain name blank when
> > > logging
> > > > on.
> > > >
> > > >
> > > >
> > > > --
> > > > [This posting is provided AS IS
> > > > with no warranties, and confers
> > > > no rights.]
> > > > <jjd228@NOSPAMoptonline.net> wrote in message
> > > > news:qMebc.23891$Nu3.6221665@news4.srv.hcvlny.cv.net...
> > > > > since the machine is a stand alone server i am using the local
> > > > administrator
> > > > > account. would the fact that there is also an account named
> > > administrator
> > > > in
> > > > > AD be causing a problem? there is on,y one DC. i have not changed
> the
> > > > policy
> > > > > to GRANT because my understanding of the default policy is that
> access
> > > > will
> > > > > be allowed IF dialin access is permitted at the user level as long
> as
> > > day
> > > > > and time restrictions do not match. please advise...
> > > > >
> > > > >
> > > > >
> > > > > "Matthew [MSFT]" <mfresoli@online.microsoft.com> wrote in message
> > > > > news:%23XMTP3LGEHA.3372@TK2MSFTNGP09.phx.gbl...
> > > > > > Hi,
> > > > > >
> > > > > > Are you using a local user account or domain account?  If domain
> > > > account,
> > > > > > make sure there is no local account with the same name on the
> > server.
> > > > > >
> > > > > > Also, is there more than one DC?  Check to see if the dial in
> > > > permissions
> > > > > > replicated to all DCs if using a domain account.
> > > > > >
> > > > > > If you change the RAS policy to Grant remote access permissions
> > based
> > > on
> > > > > the
> > > > > > conditions, does this work?
> > > > > >
> > > > > > -Matt
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > [This posting is provided AS IS
> > > > > > with no warranties, and confers
> > > > > > no rights.]
> > > > > > <jjd228@NOSPAMoptonline.net> wrote in message
> > > > > > news:i_dbc.23612$Nu3.6078728@news4.srv.hcvlny.cv.net...
> > > > > > > i setup rras as a remote access server. i leave the default
> remote
> > > > > access
> > > > > > > policy alone. i then open the properties for a user account
and
> on
> > > the
> > > > > > > dial-in tab i click to ALLOW remote access via dial in or vpn.
> > guess
> > > > > what?
> > > > > > a
> > > > > > > vpn connection attempt is denied and says the user does not
have
> > > > dialin
> > > > > > > rights! ive rebooted, logged in physically at the machine,
> logged
> > > off,
> > > > > > tried
> > > > > > > again... same thing! whats the problem? the server is a member
> of
> > a
> > > > > domain
> > > > > > > but is NOT a domain controller. would there be a setting on
the
> > > > default
> > > > > > > domain security policy that could be screwing me up?
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Site Assignment
    ... > Verify the properties of an unassigned client in the sms admin console, ... >> advanced client. ... >I checked the properties on two clients the one that is assigned has an entry for an IP address and an IP subnet. ...
    (microsoft.public.sms.admin)
  • Configure Routing to another subnet for VPN client
    ... 2004 act as VPN server and place on subnet 172.16.0.0/16. ... client cannot access resource on subnet 172.17.0.0/16. ...
    (microsoft.public.isa)
  • Re: Remote Access: Two different address pool
    ... address from the subnet that the LAN Nic of the VPN Server is a member of. ... > If I assign two different address pool say 192.168.x.x and 10.0.x.x> in my Vpn server, is there a way I can control assignment of these> addresses to vpn client when they connect to the server? ... I want to give the office remote location> users the 192 series and the remote home users the 10 series. ...
    (microsoft.public.windows.server.networking)
  • Re: Cannot ping within local LAN when outbound VPN is active
    ... Basically i connect to the VPN server through its Public IP address ... and then come in on a 192.168.0.X - this is the same subnet as the ... Should i create routes in the host or client. ...
    (microsoft.public.windows.server.networking)
  • Re: Easy RRAS VPN question
    ... i.e. client listens on 1701 every time so it must be fixed. ... The firewall rules are applied to the LAN ... same way as if I were coming in over the internet. ... >L2TP also uses computer certificates on the VPN server and client. ...
    (microsoft.public.windows.server.networking)