Re: VPN routing - single NIC - SOLVED

Problem solved.
It was the antivirus FW who caused the problem, even if the rule was
any-any.
After disabling the FW, connections to other resources works.

Thanks for helping!

Jordan

On Thu, 30 Nov 2006 12:46:13 +1100, "Bill Grant"
<not.available@online> wrote:

If you are using IP addresses in the same IP subnet for both the LAN and
the remote machines, there is no real routing taking place, so there is no
point in adding any static routes. What should happen is that the server
acts as a proxy for the remote client. It does proxy ARP on the LAN. Other
machines on the LAN communicate directly with the remote client as if it was
on the LAN using its hardware MAC address. The server acts for it and relays
the data across the VPN link.

The only thing I am aware of that fouls this up is that some switches do
not properly handle proxy ARP well. If you are in that position, the best
idea is to put the remotes in their own IP subnet and route this subnet
through the RRAS server. (ie use a static address pool, not DHCP). This is
the best approach to take in all cases except a simple one segment-one
subnet LAN. The same subnet technique (called on-subnet addressing) was
developed to allow people with simple networks to get remote access working
without having to understand routing. In a routed network it is safer to use
off-subnet addressing (ie put the remotes in their own subnet) and handle
the routing yourself.

<Jordan> wrote in message news:80kqm29sqv92hf3ffsklhaj6evv32jpi2t@xxxxxxxxxx
Can't ping other servers on same LAN by IP, must be routing problem.
Client recieve IP in the same subnet, from server DHCP.
Server configured with DHCP, WINS, DNS and VPN RAS.

Nothing is configured in RAS Admin - No policy and no Static Route.

Route print listed - client IP masked xy.

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x10003 ...00 0b cd 4e f6 9e ...... HP NC7760 Gigabit Server Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface
Metric
0.0.0.0 0.0.0.0 192.168.100.1 192.168.100.10
20
xy.xy.xy.xy 255.255.255.255 192.168.100.1 192.168.100.10 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
172.16.0.0 255.255.252.0 192.168.100.250 192.168.100.10 1
192.168.100.0 255.255.255.0 192.168.100.10 192.168.100.10
20
192.168.100.10 255.255.255.255 127.0.0.1 127.0.0.1
20
192.168.100.107 255.255.255.255 192.168.100.110 192.168.100.110 1
192.168.100.110 255.255.255.255 127.0.0.1 127.0.0.1
50
192.168.100.255 255.255.255.255 192.168.100.10 192.168.100.10
20
224.0.0.0 240.0.0.0 192.168.100.10 192.168.100.10
20
255.255.255.255 255.255.255.255 192.168.100.10 192.168.100.10 1
Default Gateway: 192.168.100.1
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
172.16.0.0 255.255.252.0 192.168.100.250 1


Jordan


On Wed, 29 Nov 2006 11:00:40 +1100, "Bill Grant"
<not.available@online> wrote:

There are two distinct things to look at here. They are routing and name
resolution.

Check to see if you can ping a LAN machine by its IP address. If you
can, routing is working, so adding static routes won't change anything.
You
need to look at name resolution. If you are using DNS, check that the
client
has the correct DNS server address and also the correct DNS suffix. If you
are relying on Netbios for name resolution, check that the client has the
correct WINS address.

If you cannot ping by IP it may be a routing problem. What IP subnet
are
you using on the LAN? Does the remote client receive an IP address in this
subnet?

<Jordan> wrote in message
news:kudpm2dm2r9802c39lteonknn02v7894s7@xxxxxxxxxx
Hi

Have used the RAS wizzard (custom choice, had to use this one because
of one NIC) to configure a RAS VPN connection.
This is a single NIC w2k3sp1 server.

The VPN client can map local drives at the server.

But can't map drives and shares on other servers on the local network,
which I want.

Do I have to "route -add" something?

Any clue?

Regards
Jordan


.

Relevant Pages

  • RE: SBS client updates over WAN remote sites
    ... User Wizard for the remote users on the SBS 2003 server, ... client applications such as Internet Explorer 6.0, Microsoft Office Outlook ... You can apply the following software on the subnet 10.0.2.0 using Group ...
    (microsoft.public.windows.server.sbs)
  • RE: Route added by RRAS that overrides local LAN route on NIC
    ... your ISP DNS server IP should be ... On the client workstation, ... Assigned by DHCP on SBS or your hardware router ... Route added by RRAS that overrides local LAN route on NIC ...
    (microsoft.public.windows.server.sbs)
  • Re: 2 NICs in same system routing question
    ... >the traffic except the connection to the other server. ... and eth1 is the inteface for the default route. ... subnet, as we'll see below. ...
    (comp.os.linux.networking)
  • Re: Legacy Clients not installing on NT 4.0 during push
    ... You can also setup IP subnet ranges so that you do not have to enter every ... I select the Legacy Client. ... Type server, and then press ENTER. ... What account are you using for the client ...
    (microsoft.public.sms.setup)
  • Re: Can ping but cannot browse network shares from new subnet
    ... the new 18 subnet, I can ping our servers on the 16 subnet ok, by name ... on the 16 subnet from the client on the 18 subnet. ... I get the error "No network provider accepted the given ... You've installed and set up WINS on the server and made the necessary _client_ entries so that they will register themselves? ...
    (microsoft.public.win2000.networking)