Re: Windows 2003 VPN Default Gateway Issues
- From: "tomger221" <tomger221@xxxxxxxxxxx>
- Date: 3 Oct 2006 04:42:13 -0700
Thanks for all your assistance with this issue. I pulled an all nighter
last night and set up the VPN from the actual server I was trying to
reach, (Windows 2000 box) which is also a domain controller\DHCP box.
Issue resolved itself, they can connect. Being that the users are now
on the same subnet as the server leads me to believe it was a routing
issue. Now I just have to research static routes....
Thanks again,
Tom
Robert L [MVP - Networking] wrote:
Thank you for the information. Posting the RRAS routing table may help. Also post the result of the tracert remoteip from the VPN client.
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"tomger221" <tomger221@xxxxxxxxxxx> wrote in message news:1159800278.250027.150190@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Think I may have found it, looks like its an issue with my basic VPN
conifiguration....
Cause: A static IP address pool is configured but there are no routes
back to the remote access VPN clients.
Solution: If the VPN server is configured to use a static IP address
pool, verify that the routes to the ranges of addresses defined by the
static IP address pool are reachable by the hosts and routers of the
intranet. If not, then IP routes consisting of the address ranges of
the static IP address pool, as defined by the IP address and mask of
each range, must be added to the routers of the intranet, or the
routing protocol of your routed infrastructure on the VPN server must
be enabled. If the routes to the remote access VPN client subnets are
not present, remote access VPN clients cannot receive traffic from
locations on the intranet. A route for the network is implemented
either through static routing entries or through a routing protocol,
such as Open Shortest Path First (OSPF) or Routing Information Protocol
(RIP).
If the VPN server is configured to use DHCP for IP address allocation,
and no DHCP server is available, the VPN server allocates addresses
from the Automatic Private IP Addressing (APIPA) address range from
169.254.0.1 through 169.254.255.254. Allocating APIPA addresses for
remote access clients works only if the network to which the VPN server
is attached is also using APIPA addresses.
If the VPN server is using APIPA addresses when a DHCP server is
available, verify that the proper adapter is selected from which to
obtain DHCP-allocated IP addresses. By default, the VPN server randomly
chooses the adapter to use to obtain IP addresses through DHCP. If
there is more than one LAN adapter, then the Routing and Remote Access
service may choose a LAN adapter for which there is no DHCP server
available.
If the static IP address pool consists of ranges of IP addresses that
are a subset of the range of IP addresses for the network to which the
VPN server is attached, verify that the ranges of IP addresses of the
static IP address pool are not assigned to other TCP/IP nodes, either
through static configuration or through DHCP.
My NICS are set as follows.
Private 172.20.130.201- no gateway
Public 165.230.193.118- regular gateway for that subnet.
My static IP pool is set to 172.20.135.150 to 160, as that is my user
network here. If I am logged into my workstation from work, I can
access all from the VPN, whether I choose the dial up at login or run
the VPN after logging in. If I do it from a remote machine outside my
network, no good. Unfortunately I cant test the VPN for another hour,
someone else is on my test box.
Robert L [MVP - Networking] wrote:
> make sure no firewall blocks the file sharing and make you have enable sharing. On the remote computer, do net share and net view \\localIP. Post back with the result.
>
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
> "tomger221" <tomger221@xxxxxxxxxxx> wrote in message news:1159780665.991137.196700@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Also when I attempt the \\Net view ServerIP command on the server I'm
> connected to I get
> System error 53 has occurred.
> The network path was not found.
> I can ping the server by name and IP when connected.
>
> Bill Grant wrote:
> > As Bob said, the default gateway on the client is not the problem. The
> > default gateway will always be the "received" IP address. What that really
> > means is that the default gateway for the client is the VPN connection,
> > which is what you want it to be.
> > It will only change if you clear the "Use default gateway.." check box,
> > which I wouldn't recommend. The default setting is what you need.
> >
> > The client and the server are not in different subnets. If you click on
> > the connection icon on the client and look at the "details" tab, you will
> > see that the client and server both have IP addresses from your address
> > pool. If you can ping the server, your VPN connection is working. If you
> > can't see shares, it is probably a permission issue.
> >
> > The credentials used by the remote client are the ones from its
> > original logon, not the ones used to set up the VPN connection. To log in
> > using the credentials you enter at connection time, you have to use the
> > "login using a dialup connection" option in the login dialog box, not just
> > set up a VPN connection from an already logged-in computer.
> >
> > "Robert L [MVP - Networking]" <noreply@xxxxxxxxxxx> wrote in message
> > news:eWfZkUW5GHA.3960@xxxxxxxxxxxxxxxxxxxxxxx
> > If you can ping the server or remote resources, the route is not issue here.
> > What do you receive if using net view \\serverIP?
> >
> > Bob Lin, MS-MVP, MCSE & CNE
> > Networking, Internet, Routing, VPN Troubleshooting on
> > http://www.ChicagoTech.net
> > How to Setup Windows, Network, VPN & Remote Access on
> > http://www.HowToNetworking.com
> > "tomger221" <tomger221@xxxxxxxxxxx> wrote in message
> > news:1159704630.777039.310470@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> > To All:
> > Iv'e recently set up a Windows 2003 VPN server, client connecting are
> > XP.
> > I can connect with no problem but when I attempt to map or access any
> > other network resources it is no good. I cant even map to a share on
> > the Server I connect to, I get "Network not found". I can ping this
> > server by name and IP once connected. I have configured the VPN server
> > to assign an IP address based on a pool of 10 private addresses. Server
> > is multi-homed with cards pointing to 2 different subnets, one public,
> > one private.
> > What I did notice is that when I run an IPCONFIG /all the Ip and DNS
> > are good but the Gateway is the static IP that is assigned to the VPN
> > client by the Server. Since the server and the clients are on different
> > IP ranges do I need to create a static route for the clients? If not
> > what determines the how the gateway is assigned to the connecting
> > clients? As an aside, I also played with the "Use default gateway on
> > remote network", didnt make a difference if it was on or off as far as
> > connecting to shares.
> > Any help is appreciated.
> > Thanks,
> > Tom
>
> ------=_NextPart_000_0037_01C6E604.EC7276E0
> Content-Type: text/html; charset=iso-8859-1
> Content-Transfer-Encoding: quoted-printable
> X-Google-AttachSize: 5706
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML><HEAD>
> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
> <META content="MSHTML 6.00.2900.2963" name=GENERATOR>
> <STYLE></STYLE>
> </HEAD>
> <BODY bgColor=#ffffff>
> <DIV>make sure no firewall blocks the file sharing and make you have enable
> sharing. On the remote computer, do net share and net view <A
> href="file://\\localIP">\\localIP</A>. Post back with the result.</DIV>
> <DIV><BR>Bob Lin, MS-MVP, MCSE & CNE<BR>Networking, Internet, Routing, VPN
> Troubleshooting on <A
> href="http://www.ChicagoTech.net";>http://www.ChicagoTech.net</A> <BR>How to
> Setup Windows, Network, VPN & Remote Access on <A
> href="http://www.HowToNetworking.com";>http://www.HowToNetworking.com</A> </DIV>
> <BLOCKQUOTE
> style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
> <DIV>"tomger221" <<A
> href="mailto:tomger221@xxxxxxxxxxx";>tomger221@xxxxxxxxxxx</A>> wrote in
> message <A
> href="news:1159780665.991137.196700@xxxxxxxxxxxxxxxxxxxxxxxxxxxx";>news:1159780665.991137.196700@xxxxxxxxxxxxxxxxxxxxxxxxxxxx</A>...</DIV>Also
> when I attempt the <A href="file://\\Net">\\Net</A> view ServerIP command on
> the server I'm<BR>connected to I get<BR> System error 53 has
> occurred.<BR>The network path was not found.<BR>I can ping the server by name
> and IP when connected.<BR><BR>Bill Grant wrote:<BR>> As Bob said, the
> default gateway on the client is not the problem. The<BR>> default gateway
> will always be the "received" IP address. What that really<BR>> means is
> that the default gateway for the client is the VPN connection,<BR>> which
> is what you want it to be.<BR>> It will only change if you clear the "Use
> default gateway.." check box,<BR>> which I wouldn't recommend. The default
> setting is what you need.<BR>><BR>> The client
> and the server are not in different subnets. If you click on<BR>> the
> connection icon on the client and look at the "details" tab, you will<BR>>
> see that the client and server both have IP addresses from your
> address<BR>> pool. If you can ping the server, your VPN connection is
> working. If you<BR>> can't see shares, it is probably a permission
> issue.<BR>><BR>> The credentials used by
> the remote client are the ones from its<BR>> original logon, not the ones
> used to set up the VPN connection. To log in<BR>> using the credentials you
> enter at connection time, you have to use the<BR>> "login using a dialup
> connection" option in the login dialog box, not just<BR>> set up a VPN
> connection from an already logged-in computer.<BR>><BR>> "Robert L [MVP
> - Networking]" <<A
> href="mailto:noreply@xxxxxxxxxxx";>noreply@xxxxxxxxxxx</A>> wrote in
> message<BR>> <A
> href="news:eWfZkUW5GHA.3960@xxxxxxxxxxxxxxxxxxxx";>news:eWfZkUW5GHA.3960@xxxxxxxxxxxxxxxxxxxx</A>...<BR>>
> If you can ping the server or remote resources, the route is not issue
> here.<BR>> What do you receive if using net view <A
> href="file://\\serverIP">\\serverIP</A>?<BR>><BR>> Bob Lin, MS-MVP, MCSE
> & CNE<BR>> Networking, Internet, Routing, VPN Troubleshooting
> on<BR>> <A
> href="http://www.ChicagoTech.net";>http://www.ChicagoTech.net</A><BR>> How
> to Setup Windows, Network, VPN & Remote Access on<BR>> <A
> href="http://www.HowToNetworking.com";>http://www.HowToNetworking.com</A><BR>>
> "tomger221" <<A
> href="mailto:tomger221@xxxxxxxxxxx";>tomger221@xxxxxxxxxxx</A>> wrote in
> message<BR>> <A
> href="news:1159704630.777039.310470@xxxxxxxxxxxxxxxxxxxxxxxxxxxx";>news:1159704630.777039.310470@xxxxxxxxxxxxxxxxxxxxxxxxxxxx</A>...<BR>>
> To All:<BR>> Iv'e recently set up a Windows 2003 VPN server,
> client connecting are<BR>> XP.<BR>> I can
> connect with no problem but when I attempt to map or access
> any<BR>> other network resources it is no good. I cant even map
> to a share on<BR>> the Server I connect to, I get "Network not
> found". I can ping this<BR>> server by name and IP once
> connected. I have configured the VPN server<BR>> to assign an
> IP address based on a pool of 10 private addresses. Server<BR>>
> is multi-homed with cards pointing to 2 different subnets, one
> public,<BR>> one private.<BR>> What I did notice
> is that when I run an IPCONFIG /all the Ip and DNS<BR>> are
> good but the Gateway is the static IP that is assigned to the
> VPN<BR>> client by the Server. Since the server and the clients
> are on different<BR>> IP ranges do I need to create a static
> route for the clients? If not<BR>> what determines the how the
> gateway is assigned to the connecting<BR>> clients? As an
> aside, I also played with the "Use default gateway on<BR>>
> remote network", didnt make a difference if it was on or off as far
> as<BR>> connecting to shares.<BR>> Any help is
> appreciated.<BR>> Thanks,<BR>>
> Tom<BR></BLOCKQUOTE></BODY></HTML>
>
> ------=_NextPart_000_0037_01C6E604.EC7276E0--
------=_NextPart_000_0063_01C6E61B.678431A0
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-Google-AttachSize: 20725
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2963" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV>Thank you for the information. Posting the RRAS routing table may help.
Also post the result of the tracert remoteip from the VPN client.</DIV>
<DIV><BR>Bob Lin, MS-MVP, MCSE & CNE<BR>Networking, Internet, Routing, VPN
Troubleshooting on <A
href="http://www.ChicagoTech.net";>http://www.ChicagoTech.net</A> <BR>How to
Setup Windows, Network, VPN & Remote Access on <A
href="http://www.HowToNetworking.com";>http://www.HowToNetworking.com</A> </DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"tomger221" <<A
href="mailto:tomger221@xxxxxxxxxxx";>tomger221@xxxxxxxxxxx</A>> wrote in
message <A
href="news:1159800278.250027.150190@xxxxxxxxxxxxxxxxxxxxxxxxxxxx";>news:1159800278.250027.150190@xxxxxxxxxxxxxxxxxxxxxxxxxxxx</A>...</DIV>Think
I may have found it, looks like its an issue with my basic
VPN<BR>conifiguration....<BR>Cause: A static IP address pool is
configured but there are no routes<BR>back to the remote access VPN
clients.<BR><BR>Solution: If the VPN server is configured to use a
static IP address<BR>pool, verify that the routes to the ranges of addresses
defined by the<BR>static IP address pool are reachable by the hosts and
routers of the<BR>intranet. If not, then IP routes consisting of the address
ranges of<BR>the static IP address pool, as defined by the IP address and mask
of<BR>each range, must be added to the routers of the intranet, or
the<BR>routing protocol of your routed infrastructure on the VPN server
must<BR>be enabled. If the routes to the remote access VPN client subnets
are<BR>not present, remote access VPN clients cannot receive traffic
from<BR>locations on the intranet. A route for the network is
implemented<BR>either through static routing entries or through a routing
protocol,<BR>such as Open Shortest Path First (OSPF) or Routing Information
Protocol<BR>(RIP).<BR><BR>If the VPN server is configured to use DHCP for IP
address allocation,<BR>and no DHCP server is available, the VPN server
allocates addresses<BR>from the Automatic Private IP Addressing (APIPA)
address range from<BR>169.254.0.1 through 169.254.255.254. Allocating APIPA
addresses for<BR>remote access clients works only if the network to which the
VPN server<BR>is attached is also using APIPA addresses.<BR><BR>If the VPN
server is using APIPA addresses when a DHCP server is<BR>available, verify
that the proper adapter is selected from which to<BR>obtain DHCP-allocated IP
addresses. By default, the VPN server randomly<BR>chooses the adapter to use
to obtain IP addresses through DHCP. If<BR>there is more than one LAN adapter,
then the Routing and Remote Access<BR>service may choose a LAN adapter for
which there is no DHCP server<BR>available.<BR><BR>If the static IP address
pool consists of ranges of IP addresses that<BR>are a subset of the range of
IP addresses for the network to which the<BR>VPN server is attached, verify
that the ranges of IP addresses of the<BR>static IP address pool are not
assigned to other TCP/IP nodes, either<BR>through static configuration or
through DHCP.<BR><BR>My NICS are set as follows.<BR>Private 172.20.130.201- no
gateway<BR>Public 165.230.193.118- regular gateway for that subnet.<BR><BR>My
static IP pool is set to 172.20.135.150 to 160, as that is my user<BR>network
here. If I am logged into my workstation from work, I can<BR>access all from
the VPN, whether I choose the dial up at login or run<BR>the VPN after logging
in. If I do it from a remote machine outside my<BR>network, no good.
Unfortunately I cant test the VPN for another hour,<BR>someone else is on my
test box.<BR><BR><BR><BR><BR>Robert L [MVP - Networking] wrote:<BR>> make
sure no firewall blocks the file sharing and make you have enable sharing. On
the remote computer, do net share and net view <A
href="file://\\localIP">\\localIP</A>. Post back with the
result.<BR>><BR>> Bob Lin, MS-MVP, MCSE & CNE<BR>> Networking,
Internet, Routing, VPN Troubleshooting on <A
href="http://www.ChicagoTech.net";>http://www.ChicagoTech.net</A><BR>> How
to Setup Windows, Network, VPN & Remote Access on <A
href="http://www.HowToNetworking.com";>http://www.HowToNetworking.com</A><BR>>
"tomger221" <<A
href="mailto:tomger221@xxxxxxxxxxx";>tomger221@xxxxxxxxxxx</A>> wrote in
message <A
href="news:1159780665.991137.196700@xxxxxxxxxxxxxxxxxxxxxxxxxxxx";>news:1159780665.991137.196700@xxxxxxxxxxxxxxxxxxxxxxxxxxxx</A>...<BR>>
Also when I attempt the <A href="file://\\Net">\\Net</A> view ServerIP command
on the server I'm<BR>> connected to I
get<BR>> System error 53 has
occurred.<BR>> The network path was not
found.<BR>> I can ping the server by name and IP when
connected.<BR>><BR>> Bill Grant wrote:<BR>>
> As Bob said, the default gateway on the client is not the problem.
The<BR>> > default gateway will always be the "received" IP
address. What that really<BR>> > means is that the default
gateway for the client is the VPN connection,<BR>> > which
is what you want it to be.<BR>> > It will only change if you
clear the "Use default gateway.." check box,<BR>> > which I
wouldn't recommend. The default setting is what you need.<BR>>
><BR>> > The client and the
server are not in different subnets. If you click on<BR>> >
the connection icon on the client and look at the "details" tab, you
will<BR>> > see that the client and server both have IP
addresses from your address<BR>> > pool. If you can ping the
server, your VPN connection is working. If you<BR>> > can't
see shares, it is probably a permission issue.<BR>>
><BR>> > The credentials
used by the remote client are the ones from its<BR>> >
original logon, not the ones used to set up the VPN connection. To log
in<BR>> > using the credentials you enter at connection
time, you have to use the<BR>> > "login using a dialup
connection" option in the login dialog box, not just<BR>> >
set up a VPN connection from an already logged-in
computer.<BR>> ><BR>> > "Robert L [MVP -
Networking]" <<A
href="mailto:noreply@xxxxxxxxxxx";>noreply@xxxxxxxxxxx</A>> wrote in
message<BR>> > <A
href="news:eWfZkUW5GHA.3960@xxxxxxxxxxxxxxxxxxxx";>news:eWfZkUW5GHA.3960@xxxxxxxxxxxxxxxxxxxx</A>...<BR>>
> If you can ping the server or remote resources, the route is not issue
here.<BR>> > What do you receive if using net view <A
href="file://\\serverIP">\\serverIP</A>?<BR>>
><BR>> > Bob Lin, MS-MVP, MCSE &
CNE<BR>> > Networking, Internet, Routing, VPN
Troubleshooting on<BR>> > <A
href="http://www.ChicagoTech.net";>http://www.ChicagoTech.net</A><BR>>
> How to Setup Windows, Network, VPN & Remote Access
on<BR>> > <A
href="http://www.HowToNetworking.com";>http://www.HowToNetworking.com</A><BR>>
> "tomger221" <<A
href="mailto:tomger221@xxxxxxxxxxx";>tomger221@xxxxxxxxxxx</A>> wrote in
message<BR>> > <A
href="news:1159704630.777039.310470@xxxxxxxxxxxxxxxxxxxxxxxxxxxx";>news:1159704630.777039.310470@xxxxxxxxxxxxxxxxxxxxxxxxxxxx</A>...<BR>>
> To All:<BR>> > Iv'e recently
set up a Windows 2003 VPN server, client connecting are<BR>>
> XP.<BR>> > I can connect with
no problem but when I attempt to map or access any<BR>>
> other network resources it is no good. I cant even map to a
share on<BR>> > the Server I connect to, I get
"Network not found". I can ping this<BR>> >
server by name and IP once connected. I have configured the VPN
server<BR>> > to assign an IP address based on a
pool of 10 private addresses. Server<BR>> > is
multi-homed with cards pointing to 2 different subnets, one
public,<BR>> > one private.<BR>>
> What I did notice is that when I run an IPCONFIG /all the Ip
and DNS<BR>> > are good but the Gateway is
the static IP that is assigned to the VPN<BR>> >
client by the Server. Since the server and the clients are on
different<BR>> > IP ranges do I need to create a
static route for the clients? If not<BR>> > what
determines the how the gateway is assigned to the
connecting<BR>> > clients? As an aside, I also
played with the "Use default gateway on<BR>> >
remote network", didnt make a difference if it was on or off as far
as<BR>> > connecting to
shares.<BR>> > Any help is
appreciated.<BR>> > Thanks,<BR>>
> Tom<BR>><BR>>
------=_NextPart_000_0037_01C6E604.EC7276E0<BR>> Content-Type: text/html;
charset=iso-8859-1<BR>> Content-Transfer-Encoding: quoted-printable<BR>>
X-Google-AttachSize: 5706<BR>><BR>> <!DOCTYPE HTML PUBLIC
"-//W3C//DTD HTML 4.0 Transitional//EN"><BR>>
<HTML><HEAD><BR>> <META http-equiv=Content-Type
content="text/html; charset=iso-8859-1"><BR>> <META content="MSHTML
6.00.2900.2963" name=GENERATOR><BR>> <STYLE></STYLE><BR>>
</HEAD><BR>> <BODY bgColor=#ffffff><BR>> <DIV>make
sure no firewall blocks the file sharing and make you have enable<BR>>
sharing. On the remote computer, do net share and net view <A<BR>>
href="<A
href='file://\\localIP">\\localIP</A'>file://\\localIP">\\localIP</A</A>>.
Post back with the result.</DIV><BR>> <DIV><BR>Bob Lin,
MS-MVP, MCSE &amp; CNE<BR>Networking, Internet, Routing, VPN<BR>>
Troubleshooting on <A<BR>> href="<A
href='http://www.ChicagoTech.net";>http://www.ChicagoTech.net</A'>http://www.ChicagoTech.net">http://www.ChicagoTech.net</A</A>>
<BR>How to<BR>> Setup Windows, Network, VPN &amp; Remote Access
on <A<BR>> href="<A
href='http://www.HowToNetworking.com";>http://www.HowToNetworking.com</A'>http://www.HowToNetworking.com">http://www.HowToNetworking.com</A</A>>
</DIV><BR>> <BLOCKQUOTE<BR>> style="PADDING-RIGHT: 0px;
PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid;
MARGIN-RIGHT: 0px"><BR>> <DIV>"tomger221"
&lt;<A<BR>> href="<A
href='mailto:tomger221@xxxxxxxxxxx";>tomger221@xxxxxxxxxxx</A>&gt'>mailto:tomger221@xxxxxxxxxxx">tomger221@xxxxxxxxxxx</A>&gt</A>;
wrote in<BR>> message <A<BR>> href="<A
href='news:1159780665.991137.196700@xxxxxxxxxxxxxxxxxxxxxxxxxxxx";>news:1159780665.991137.196700@xxxxxxxxxxxxxxxxxxxxxxxxxxxx</A>...</DIV>Also'>news:1159780665.991137.196700@xxxxxxxxxxxxxxxxxxxxxxxxxxxx">news:1159780665.991137.196700@xxxxxxxxxxxxxxxxxxxxxxxxxxxx</A>...</DIV>Also</A><BR>>
when I attempt the <A href="<A
href='file://\\Net">\\Net</A'>file://\\Net">\\Net</A</A>> view
ServerIP command on<BR>> the server I'm<BR>connected to I
get<BR>&nbsp;System error 53 has<BR>>
occurred.<BR>The network path was not found.<BR>I can ping the
server by name<BR>> and IP when
connected.<BR><BR>Bill Grant wrote:<BR>&gt; As Bob said,
the<BR>> default gateway on the client is not the problem.
The<BR>&gt; default gateway<BR>> will always be the
"received" IP address. What that really<BR>&gt; means
is<BR>> that the default gateway for the client is the VPN
connection,<BR>&gt; which<BR>> is what you want it to
be.<BR>&gt; It will only change if you clear the
"Use<BR>> default gateway.." check box,<BR>&gt; which
I wouldn't recommend. The default<BR>> setting is what you
need.<BR>&gt;<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;
The client<BR>> and the server are not in different subnets. If
you click on<BR>&gt; the<BR>> connection icon on the
client and look at the "details" tab, you
will<BR>&gt;<BR>> see that the client and server both
have IP addresses from your<BR>> address<BR>&gt;
pool. If you can ping the server, your VPN connection is<BR>>
working. If you<BR>&gt; can't see shares, it is probably a
permission<BR>>
issue.<BR>&gt;<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
The credentials used by<BR>> the remote client are the ones
from its<BR>&gt; original logon, not the ones<BR>>
used to set up the VPN connection. To log in<BR>&gt; using the
credentials you<BR>> enter at connection time, you have to use
the<BR>&gt; "login using a dialup<BR>> connection"
option in the login dialog box, not just<BR>&gt; set up a
VPN<BR>> connection from an already logged-in
computer.<BR>&gt;<BR>&gt; "Robert L
[MVP<BR>> - Networking]" &lt;<A<BR>>
href="<A
href='mailto:noreply@xxxxxxxxxxx";>noreply@xxxxxxxxxxx</A>&gt'>mailto:noreply@xxxxxxxxxxx">noreply@xxxxxxxxxxx</A>&gt</A>;
wrote in<BR>> message<BR>&gt;
<A<BR>> href="<A
href='news:eWfZkUW5GHA.3960@xxxxxxxxxxxxxxxxxxxx";>news:eWfZkUW5GHA.3960@xxxxxxxxxxxxxxxxxxxx</A>...<BR>&gt'>news:eWfZkUW5GHA.3960@xxxxxxxxxxxxxxxxxxxx">news:eWfZkUW5GHA.3960@xxxxxxxxxxxxxxxxxxxx</A>...<BR>&gt</A>;<BR>>
If you can ping the server or remote resources, the route is not
issue<BR>> here.<BR>&gt; What do you receive if using
net view <A<BR>> href="<A
href='file://\\serverIP">\\serverIP</A>?<BR>&gt;<BR>&gt'>file://\\serverIP">\\serverIP</A>?<BR>&gt;<BR>&gt</A>;
Bob Lin, MS-MVP, MCSE<BR>> &amp; CNE<BR>&gt;
Networking, Internet, Routing, VPN Troubleshooting<BR>>
on<BR>&gt; <A<BR>> href="<A
href='http://www.ChicagoTech.net";>http://www.ChicagoTech.net</A><BR>&gt'>http://www.ChicagoTech.net">http://www.ChicagoTech.net</A><BR>&gt</A>;
How<BR>> to Setup Windows, Network, VPN &amp; Remote Access
on<BR>&gt; <A<BR>> href="<A
href='http://www.HowToNetworking.com";>http://www.HowToNetworking.com</A><BR>&gt;&nbsp;&nbsp'>http://www.HowToNetworking.com">http://www.HowToNetworking.com</A><BR>&gt;&nbsp;&nbsp</A>;<BR>>
"tomger221" &lt;<A<BR>> href="<A
href='mailto:tomger221@xxxxxxxxxxx";>tomger221@xxxxxxxxxxx</A>&gt'>mailto:tomger221@xxxxxxxxxxx">tomger221@xxxxxxxxxxx</A>&gt</A>;
wrote in<BR>> message<BR>&gt;
<A<BR>> href="<A
href='news:1159704630.777039.310470@xxxxxxxxxxxxxxxxxxxxxxxxxxxx";>news:1159704630.777039.310470@xxxxxxxxxxxxxxxxxxxxxxxxxxxx</A>...<BR>&gt;&nbsp;&nbsp'>news:1159704630.777039.310470@xxxxxxxxxxxxxxxxxxxxxxxxxxxx">news:1159704630.777039.310470@xxxxxxxxxxxxxxxxxxxxxxxxxxxx</A>...<BR>&gt;&nbsp;&nbsp</A>;<BR>>
To All:<BR>&gt;&nbsp;&nbsp; Iv'e recently set up a Windows
2003 VPN server,<BR>> client connecting
are<BR>&gt;&nbsp;&nbsp;
XP.<BR>&gt;&nbsp;&nbsp; I can<BR>> connect
with no problem but when I attempt to map or access<BR>>
any<BR>&gt;&nbsp;&nbsp; other network resources it is no
good. I cant even map<BR>> to a share
on<BR>&gt;&nbsp;&nbsp; the Server I connect to, I get
"Network not<BR>> found". I can ping
this<BR>&gt;&nbsp;&nbsp; server by name and IP
once<BR>> connected. I have configured the VPN
server<BR>&gt;&nbsp;&nbsp; to assign an<BR>>
IP address based on a pool of 10 private addresses.
Server<BR>&gt;&nbsp;&nbsp;<BR>> is
multi-homed with cards pointing to 2 different subnets,
one<BR>> public,<BR>&gt;&nbsp;&nbsp; one
private.<BR>&gt;&nbsp;&nbsp; What I did
notice<BR>> is that when I run an IPCONFIG /all the Ip and
DNS<BR>&gt;&nbsp;&nbsp; are<BR>> good but the
Gateway&nbsp; is the static IP that is assigned to the<BR>>
VPN<BR>&gt;&nbsp;&nbsp; client by the Server. Since the
server and the clients<BR>> are on
different<BR>&gt;&nbsp;&nbsp; IP ranges do I need to create
a static<BR>> route for the clients? If
not<BR>&gt;&nbsp;&nbsp; what determines the how
the<BR>> gateway is assigned to the
connecting<BR>&gt;&nbsp;&nbsp; clients? As
an<BR>> aside, I also played with the "Use default gateway
on<BR>&gt;&nbsp;&nbsp;<BR>> remote network",
didnt make a difference if it was on or off as far<BR>>
as<BR>&gt;&nbsp;&nbsp; connecting to
shares.<BR>&gt;&nbsp;&nbsp; Any help is<BR>>
appreciated.<BR>&gt;&nbsp;&nbsp;
Thanks,<BR>&gt;&nbsp;&nbsp;<BR>>
Tom<BR></BLOCKQUOTE></BODY></HTML><BR>> <BR>>
------=_NextPart_000_0037_01C6E604.EC7276E0--<BR></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_0063_01C6E61B.678431A0--
.
- Follow-Ups:
- Re: Windows 2003 VPN Default Gateway Issues
- From: Robert L [MVP - Networking]
- Re: Windows 2003 VPN Default Gateway Issues
- References:
- Windows 2003 VPN Default Gateway Issues
- From: tomger221
- Re: Windows 2003 VPN Default Gateway Issues
- From: Robert L [MVP - Networking]
- Re: Windows 2003 VPN Default Gateway Issues
- From: Bill Grant
- Re: Windows 2003 VPN Default Gateway Issues
- From: tomger221
- Re: Windows 2003 VPN Default Gateway Issues
- From: Robert L [MVP - Networking]
- Re: Windows 2003 VPN Default Gateway Issues
- From: tomger221
- Re: Windows 2003 VPN Default Gateway Issues
- From: Robert L [MVP - Networking]
- Windows 2003 VPN Default Gateway Issues
- Prev by Date: replacing old DHCP server
- Next by Date: Re: Windows 2003 VPN Default Gateway Issues
- Previous by thread: Re: Windows 2003 VPN Default Gateway Issues
- Next by thread: Re: Windows 2003 VPN Default Gateway Issues
- Index(es):
Relevant Pages
|
