Re: Windows 2003 VPN Default Gateway Issues

From: "Robert L [MVP - Networking]" <noreply@xxxxxxxxxxx>
Date: Mon, 2 Oct 2006 12:08:00 -0500

Thank you for the information. Posting the RRAS routing table may help. Also post the result of the tracert remoteip from the VPN client.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"tomger221" <tomger221@xxxxxxxxxxx> wrote in message news:1159800278.250027.150190@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Think I may have found it, looks like its an issue with my basic VPN
conifiguration....
Cause: A static IP address pool is configured but there are no routes
back to the remote access VPN clients.

Solution: If the VPN server is configured to use a static IP address
pool, verify that the routes to the ranges of addresses defined by the
static IP address pool are reachable by the hosts and routers of the
intranet. If not, then IP routes consisting of the address ranges of
the static IP address pool, as defined by the IP address and mask of
each range, must be added to the routers of the intranet, or the
routing protocol of your routed infrastructure on the VPN server must
be enabled. If the routes to the remote access VPN client subnets are
not present, remote access VPN clients cannot receive traffic from
locations on the intranet. A route for the network is implemented
either through static routing entries or through a routing protocol,
such as Open Shortest Path First (OSPF) or Routing Information Protocol
(RIP).

If the VPN server is configured to use DHCP for IP address allocation,
and no DHCP server is available, the VPN server allocates addresses
from the Automatic Private IP Addressing (APIPA) address range from
169.254.0.1 through 169.254.255.254. Allocating APIPA addresses for
remote access clients works only if the network to which the VPN server
is attached is also using APIPA addresses.

If the VPN server is using APIPA addresses when a DHCP server is
available, verify that the proper adapter is selected from which to
obtain DHCP-allocated IP addresses. By default, the VPN server randomly
chooses the adapter to use to obtain IP addresses through DHCP. If
there is more than one LAN adapter, then the Routing and Remote Access
service may choose a LAN adapter for which there is no DHCP server
available.

If the static IP address pool consists of ranges of IP addresses that
are a subset of the range of IP addresses for the network to which the
VPN server is attached, verify that the ranges of IP addresses of the
static IP address pool are not assigned to other TCP/IP nodes, either
through static configuration or through DHCP.

My NICS are set as follows.
Private 172.20.130.201- no gateway
Public 165.230.193.118- regular gateway for that subnet.

My static IP pool is set to 172.20.135.150 to 160, as that is my user
network here. If I am logged into my workstation from work, I can
access all from the VPN, whether I choose the dial up at login or run
the VPN after logging in. If I do it from a remote machine outside my
network, no good. Unfortunately I cant test the VPN for another hour,
someone else is on my test box.

Robert L [MVP - Networking] wrote:
> make sure no firewall blocks the file sharing and make you have enable sharing. On the remote computer, do net share and net view \\localIP. Post back with the result.
>
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
> "tomger221" <tomger221@xxxxxxxxxxx> wrote in message news:1159780665.991137.196700@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Also when I attempt the \\Net view ServerIP command on the server I'm
> connected to I get
> System error 53 has occurred.
> The network path was not found.
> I can ping the server by name and IP when connected.
>
> Bill Grant wrote:
> > As Bob said, the default gateway on the client is not the problem. The
> > default gateway will always be the "received" IP address. What that really
> > means is that the default gateway for the client is the VPN connection,
> > which is what you want it to be.
> > It will only change if you clear the "Use default gateway.." check box,
> > which I wouldn't recommend. The default setting is what you need.
> >
> > The client and the server are not in different subnets. If you click on
> > the connection icon on the client and look at the "details" tab, you will
> > see that the client and server both have IP addresses from your address
> > pool. If you can ping the server, your VPN connection is working. If you
> > can't see shares, it is probably a permission issue.
> >
> > The credentials used by the remote client are the ones from its
> > original logon, not the ones used to set up the VPN connection. To log in
> > using the credentials you enter at connection time, you have to use the
> > "login using a dialup connection" option in the login dialog box, not just
> > set up a VPN connection from an already logged-in computer.
> >
> > "Robert L [MVP - Networking]" <noreply@xxxxxxxxxxx> wrote in message
> > news:eWfZkUW5GHA.3960@xxxxxxxxxxxxxxxxxxxxxxx
> > If you can ping the server or remote resources, the route is not issue here.
> > What do you receive if using net view \\serverIP?
> >
> > Bob Lin, MS-MVP, MCSE & CNE
> > Networking, Internet, Routing, VPN Troubleshooting on
> > http://www.ChicagoTech.net
> > How to Setup Windows, Network, VPN & Remote Access on
> > http://www.HowToNetworking.com
> > "tomger221" <tomger221@xxxxxxxxxxx> wrote in message
> > news:1159704630.777039.310470@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> > To All:
> > Iv'e recently set up a Windows 2003 VPN server, client connecting are
> > XP.
> > I can connect with no problem but when I attempt to map or access any
> > other network resources it is no good. I cant even map to a share on
> > the Server I connect to, I get "Network not found". I can ping this
> > server by name and IP once connected. I have configured the VPN server
> > to assign an IP address based on a pool of 10 private addresses. Server
> > is multi-homed with cards pointing to 2 different subnets, one public,
> > one private.
> > What I did notice is that when I run an IPCONFIG /all the Ip and DNS
> > are good but the Gateway is the static IP that is assigned to the VPN
> > client by the Server. Since the server and the clients are on different
> > IP ranges do I need to create a static route for the clients? If not
> > what determines the how the gateway is assigned to the connecting
> > clients? As an aside, I also played with the "Use default gateway on
> > remote network", didnt make a difference if it was on or off as far as
> > connecting to shares.
> > Any help is appreciated.
> > Thanks,
> > Tom
>
> ------=_NextPart_000_0037_01C6E604.EC7276E0
> Content-Type: text/html; charset=iso-8859-1
> Content-Transfer-Encoding: quoted-printable
> X-Google-AttachSize: 5706
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML><HEAD>
> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
> <META content="MSHTML 6.00.2900.2963" name=GENERATOR>
> <STYLE></STYLE>
> </HEAD>
> <BODY bgColor=#ffffff>
> <DIV>make sure no firewall blocks the file sharing and make you have enable
> sharing. On the remote computer, do net share and net view <A
> href="file://\\localIP">\\localIP</A>. Post back with the result.</DIV>
> <DIV> Bob Lin, MS-MVP, MCSE & CNE Networking, Internet, Routing, VPN
> Troubleshooting on <A
> href="http://www.ChicagoTech.net";>http://www.ChicagoTech.net</A> How to
> Setup Windows, Network, VPN & Remote Access on <A
> href="http://www.HowToNetworking.com";>http://www.HowToNetworking.com</A> </DIV>
> <BLOCKQUOTE
> style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
> <DIV>"tomger221" <<A
> href="mailto:tomger221@xxxxxxxxxxx";>tomger221@xxxxxxxxxxx</A>> wrote in
> message <A
> href="news:1159780665.991137.196700@xxxxxxxxxxxxxxxxxxxxxxxxxxxx";>news:1159780665.991137.196700@xxxxxxxxxxxxxxxxxxxxxxxxxxxx</A>...</DIV>Also
> when I attempt the <A href="file://\\Net">\\Net</A> view ServerIP command on
> the server I'm connected to I get  System error 53 has
> occurred. The network path was not found. I can ping the server by name
> and IP when connected. Bill Grant wrote: > As Bob said, the
> default gateway on the client is not the problem. The > default gateway
> will always be the "received" IP address. What that really > means is
> that the default gateway for the client is the VPN connection, > which
> is what you want it to be. > It will only change if you clear the "Use
> default gateway.." check box, > which I wouldn't recommend. The default
> setting is what you need. > >     The client
> and the server are not in different subnets. If you click on > the
> connection icon on the client and look at the "details" tab, you will >
> see that the client and server both have IP addresses from your
> address > pool. If you can ping the server, your VPN connection is
> working. If you > can't see shares, it is probably a permission
> issue. > >      The credentials used by
> the remote client are the ones from its > original logon, not the ones
> used to set up the VPN connection. To log in > using the credentials you
> enter at connection time, you have to use the > "login using a dialup
> connection" option in the login dialog box, not just > set up a VPN
> connection from an already logged-in computer. > > "Robert L [MVP
> - Networking]" <<A
> href="mailto:noreply@xxxxxxxxxxx";>noreply@xxxxxxxxxxx</A>> wrote in
> message > <A
> href="news:eWfZkUW5GHA.3960@xxxxxxxxxxxxxxxxxxxx";>news:eWfZkUW5GHA.3960@xxxxxxxxxxxxxxxxxxxx</A>... >
> If you can ping the server or remote resources, the route is not issue
> here. > What do you receive if using net view <A
> href="file://\\serverIP">\\serverIP</A>? > > Bob Lin, MS-MVP, MCSE
> & CNE > Networking, Internet, Routing, VPN Troubleshooting
> on > <A
> href="http://www.ChicagoTech.net";>http://www.ChicagoTech.net</A> > How
> to Setup Windows, Network, VPN & Remote Access on > <A
> href="http://www.HowToNetworking.com";>http://www.HowToNetworking.com</A> >  
> "tomger221" <<A
> href="mailto:tomger221@xxxxxxxxxxx";>tomger221@xxxxxxxxxxx</A>> wrote in
> message > <A
> href="news:1159704630.777039.310470@xxxxxxxxxxxxxxxxxxxxxxxxxxxx";>news:1159704630.777039.310470@xxxxxxxxxxxxxxxxxxxxxxxxxxxx</A>... >  
> To All: >   Iv'e recently set up a Windows 2003 VPN server,
> client connecting are >   XP. >   I can
> connect with no problem but when I attempt to map or access
> any >   other network resources it is no good. I cant even map
> to a share on >   the Server I connect to, I get "Network not
> found". I can ping this >   server by name and IP once
> connected. I have configured the VPN server >   to assign an
> IP address based on a pool of 10 private addresses. Server >  
> is multi-homed with cards pointing to 2 different subnets, one
> public, >   one private. >   What I did notice
> is that when I run an IPCONFIG /all the Ip and DNS >   are
> good but the Gateway  is the static IP that is assigned to the
> VPN >   client by the Server. Since the server and the clients
> are on different >   IP ranges do I need to create a static
> route for the clients? If not >   what determines the how the
> gateway is assigned to the connecting >   clients? As an
> aside, I also played with the "Use default gateway on >  
> remote network", didnt make a difference if it was on or off as far
> as >   connecting to shares. >   Any help is
> appreciated. >   Thanks, >  
> Tom </BLOCKQUOTE></BODY></HTML>
>
> ------=_NextPart_000_0037_01C6E604.EC7276E0--

Follow-Ups:
- Re: Windows 2003 VPN Default Gateway Issues
  - From: tomger221

References:
- Windows 2003 VPN Default Gateway Issues
  - From: tomger221
- Re: Windows 2003 VPN Default Gateway Issues
  - From: Robert L [MVP - Networking]
- Re: Windows 2003 VPN Default Gateway Issues
  - From: Bill Grant
- Re: Windows 2003 VPN Default Gateway Issues
  - From: tomger221
- Re: Windows 2003 VPN Default Gateway Issues
  - From: Robert L [MVP - Networking]
- Re: Windows 2003 VPN Default Gateway Issues
  - From: tomger221

Prev by Date: Re: Windows 2003 VPN Default Gateway Issues
Next by Date: Re: Network Slowdown
Previous by thread: Re: Windows 2003 VPN Default Gateway Issues
Next by thread: Re: Windows 2003 VPN Default Gateway Issues
Index(es):
- Date
- Thread

Relevant Pages

Re: VPN Client Incorrect Netmask (Vista -> Win2K3)
... The remote client gets its network config from the remote access server as part of the ppp negotiation. ... Microsoft programmers SEVERLY damaged the VPN Client in Vista and Server 2008. ...
(microsoft.public.windows.server.networking)
RE: VPN error with sbs2003 and isa 2000 installed
... connection from a remote client, the connection terminated in the process ... You receive an "Error 721" error message when you try to establish a VPN ... Open Server Management console and navigate to 'To Do ... Please temporarily place a client directly connected to the external NIC ...
(microsoft.public.windows.server.sbs)
Re: VPN PPTP problem
... external NIC IP is in the same subnet with the remote client. ... Please try to establish the VPN connection from the internal clients. ... |> How to configure Internet access in Windows Small Business Server ...
(microsoft.public.windows.server.sbs)
RE: Problems with connectcomputer and active directory
... I understand that you would like to join a remote client to the domain. ... If you have hardware VPN tunnel setup using Linksys or others, ... In this scenario you have to configure the SBS Server computer to enable ...
(microsoft.public.windows.server.sbs)
[Full-Disclosure] R: Full-Disclosure Digest, Vol 3, Issue 42
... Full-Disclosure Digest, Vol 3, Issue 42 ... SD Server 4.0.70 Directory Traversal Bug ... Arkeia Network Backup Client Remote Access ...
(Full-Disclosure)