Re: RRAS on W2K3

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

That doesn't really sound like a RRAS problem. If you can ping a site,
the routing is working!

Running RRAS on a DC is certainly a bad idea, and PPPoE probably makes
it worse, because there are now three interfaces involved. See this KB for
the sort of problems running RRAS on a DC causes.

http://support.microsoft.com/kb/292822

"Gustav Roder" <GustavRoder@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6A41D770-7E05-4B09-BC48-A4FA721C033E@xxxxxxxxxxxxxxxx
Hi Bill,


That's exactly what I thought - it just doesn't work :-(
From the server and the LAN clients I am only able to ping servers around
the world - not to access them ;-( Maybe it's because I'm doing DC and
RRAS
at the same time?


BR,
Gustav





"Bill Grant" wrote:

Not really. As far as RRAS is concerned, the outside or public
interface
is the interface which has a connection to the Internet. It can sometimes
have a private IP if it is PPPoE, because it connects to the public
network
at your ISP. But with PPPoE it is the actual PPPoE interface, not the
external NIC of the server.

The private interface in RRAS/NAT is your local LAN which needs NAT
to
access the Internet.

"Gustav Roder" <GustavRoder@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DEA7B85C-3A0C-411A-B893-4234F83BD9EF@xxxxxxxxxxxxxxxx
Hi Bill,

Thank you for answering. OK, so I have already configured the PPPoE
interface as public (with/without firewall - it didn't do any
difference).
What I have not tried is to configure the actual WAN NIC as
non-public -
i.e.
private. That is what you suggest, right? I will try that this evening,
when
I get back to the server.


BR,
Gustav



"Bill Grant" wrote:

You need to be careful with PPPoE and RRAS/NAT. The PPPoE interface
needs
to be configured as the "public" interface, not the external NIC.

"Gustav Roder" <GustavRoder@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:3FF6FB44-0FEB-46F3-A4E0-D685BFD03EA1@xxxxxxxxxxxxxxxx
Dear Robert,


Again thank you for your response. I went to the link below and
tried
out
the case study. In addition, I also followed other related links
from
that
web site. Unfortunately, nothing seemed to solve my problems. It now
occurs
to me, however, that I cannot access the internet when connected
using
the
dial-demand adapter created from within the RRAS manager. However,
if I
create a PPPoE connection under Network Connections and connect
using
this
'adapter', then I am able to connect to the internet from the
server,
but
still not the from client(s). If I connect to the ISP using the RRAS
demand-dial adapter, then I am able to ping all the pingable hosts
in
the
world, but I just cannot connect to them (time-out). I did a tracert
to
yahoo.com, and it looked like:

C:\Documents and Settings\Administrator>tracert yahoo.com

Tracing route to yahoo.com [66.94.234.13]
over a maximum of 30 hops:

1 * * * Request timed out.
2 1 ms <1 ms <1 ms geth0-100.gtx00-ves.broadcom.dk
[212.99.255.33]

3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 ^C
C:\Documents and Settings\Administrator>


Not much connection here. Maybe its just not possible to have DC and
RRAS
on
the same server? Any suggestions fro here?


BR,
Gustav



"Robert L [MVP - Networking]" wrote:

It is not recommended to enable RRAS on a DC with DNS. If you do,
you
may
have a connectivity or name resolution issue. If this is your only
option, this link may help.

name resolution and connectivity issues on RRASCase Study - Name
resolution and connectivity issues on a RRAS that also runs DC, DNS
or
WINS. A computer that is running Windows Server may have name ...

http://www.howtonetworking.com/casestudy/rraswithdcdnswins1.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"Gustav Roder" <GustavRoder@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:0071800F-EE3C-4BBC-8372-22F77D419C20@xxxxxxxxxxxxxxxx
Hi Robert,

Thank you for your quick reply. OK, so I went through the list in
the
link
that you provided. Unfortunately, none of the points could solve
my
problem.
As goes for the filters - no filters (inbound/outgoing) are
listed
in
my RRAS
configuration. Therefore I assume, that there are none - maybe
they
are
listed elsewhere? Furthermore, I have also tried to setup the
W2k3
server
doing 'just' NAT without VPN (using the same wizard). It does not
make
any
difference. When I disable RRAS and to ICS then it actually works
fine.
I
should also mention, that this particular server runs the DC
service
along
with the DHCP and DNS services. Does this prohibit the RRAS
service?
What am
I missing here?


BR,
Gustav


"Robert L [MVP - Networking]" wrote:

> Make sure no VPN filters block the internet access. This how to
may
help,
>
> VPN SetupHow to configure VPN Packet Filters How do I set up a
modem
to dial into a remote compute How to configure W2K server as VPN
server
....
> http://www.chicagotech.net/vpnsetup.htm
>
>
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
> "Gustav Roder" <Gustav Roder@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in
message news:D5E0DD7A-23B8-4E7C-A5D3-E324B8E71A50@xxxxxxxxxxxxxxxx
> Dear all,
>
> I have setup a W2K3.SP2 server having two NICs. NIC-1 is
connected
directly
> to the ISP using a PPPoE connection (thus giving this NIC two
IP
addresses).
> NIC-2 is then connected to the LAN having a static IP of
192.168.0.1. I have
> used the RRAS wizard to allow the Windows server to act as a
NAT
and VPN
> server at the same time. Furthermore, I have established a
demand-dial NIC
> connection inside the RRAS service and connected
successfully.
>
> The problem is now, that neither the Windows server nor any
of
my
Windows XP
> clients on the LAN are able to connect to the internet using
any
browser.
> However, they are able to ping public web servers.
>
> What can I do about this?
>
>
> Thank you in advance.
>
> Gustav Roder








.

Relevant Pages

  • RE: VPN issue on SBS2003
    ... I understand that you encountered VPN connection issue when you use VPN to ... Internet clients or VPN to external VPN Server from SBS Client computers? ... Configure E-mail and Internet Connection Wizard ... Total GRE packets sent = 1 ...
    (microsoft.public.windows.server.sbs)
  • RE: PPTP VPN connection problems
    ... The problem is that the VPN does not disconnect. ... However after some idle period I can not send packets across the connection. ... A ping to the server would result in "Request timed out". ... If I connect with the VPN client locally to the internet ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN Ports to Open
    ... the VPN connection after you change the firewall before SBS. ... On the server, please stop the Routing and Remote Access service. ... Total GRE packets sent = 1 ...
    (microsoft.public.windows.server.sbs)
  • Re: Windows 2003 VPN Default Gateway Issues
    ... Ethernet adapter Local Area Connection: ... If the VPN server is configured to use a static IP address ... the default gateway on the client is not the problem. ...
    (microsoft.public.windows.server.networking)
  • RE: VPN Connectivity issues through LAN
    ... I understand that you cannot ping SBS after ... you can establish VPN connection from the remote LAN. ... You have to rerun the CEICW to make sure your SBS 2003 server have right ...
    (microsoft.public.windows.server.sbs)