Re: static routing

OK, good news and bad news. Did what you said and now workstations on the
remote side can access the corporate network. Here is the catch, sitting
from my laptop, or any workstation on the remote side, can't access anything
other than the RRAS server, also my pdc that the remote connection was
answered by. I can't access any other computers and servers in the same lan
on the corporate side from the workstations. Of course, it works just fine
from the remote server, but not clients. Any suggestions?

Robert

"Bill Grant" <not.available@online> wrote in message
news:emFNwftvHHA.484@xxxxxxxxxxxxxxxxxxxxxxx
You only need to set up the connection from one end. You do not have two
separate connections. It is just one connection between the two routers.
From the RRAS server at the branch office, start the connection using the
name of the dd interface on the corporate RRAS router. When it connects,
the dd interfaces on both routers should bind to the connection, and the
static routes linked to them appear in the routing tables.

Each router now has a static route to the subnet at the other site
bound to the connection. I suspect your problem is having additional
routers in the setup. It will only work staight off if the RRAS routers
are the default gateways for the sites. If this is not the case you will
need extra routing on the LAN to get the traffic from the default gateway
of the LAN to the RRAS router.

A router to router link just works like a slow IP router. All traffic
which is addressed to a private IP ot the "other" site is directed through
the tunnel. Like any other router it can only redirect traffic which
actually gets to it. If the private addressed traffic hits an Internet
router before it gets to the VPN router it fails, because the private
traffic is sent to the Internet unencapsulated.

"Robert" <user@xxxxxxx> wrote in message
news:%23ojmb$rvHHA.312@xxxxxxxxxxxxxxxxxxxxxxx
Connections work going out from inside the router, but connection coming
from outside to in don't work. I have the remote server in the dmz zone,
so ports won't affect it. Its just that piece of **** router. I guess
for now I'll have to remove the router and connect the server directly to
the cable modem. It will get me buy. OK, so I get this name thing
straight. Username is already setup on the corporate server, named
"t-town". What do I name the connection that starts from the remote
side? Then, what username should I set up in the wizard for the corporate
connection to login with? Also, do I name the connection that the
corporate server makes the same as the username it is logging in with?
If this helps, email me and we can talk outside of this forum.
craigrobert@xxxxxxxxxxxxxxxxxx

Robert

"Bill Grant" <not.available@online> wrote in message
news:OKXEX9pvHHA.1164@xxxxxxxxxxxxxxxxxxxxxxx
That is puzzling. You said that the connection was up and stable. Was
that running through this same router?

If you are using PPTP, failure to connect through a router is usually
caused by the router blocking GRE (Generic Routing Protocol) which is IP
protocol 47. This usually causes a 721 error. Have you tried connecting
from the branch end? Don't forget that the username must match the name
of the demand-dial inerface on the answering router.

"Robert" <user@xxxxxxx> wrote in message
news:eIpz69lvHHA.3500@xxxxxxxxxxxxxxxxxxxxxxx
OK, I am creating a deman dial interface on the corporate server and
connects to the branch office server. This way, I will have a demand
dial connection going from each end, with appropriate static routes.
My only problem is, I knew this was going to happen, the router that I
use at the remote office is a Linksys router that used to be used my a
phone company (kind of link Vonage, but someone else). Of course, the
voip function no longer works, but its still a decent router. What I
noticed when I had it at the corporate office for a little while, is
when someone from outside tries to establish a VPN connection to the
server on the inside, the users connection just hangs at "Verifying
Username and Password", then eventually times out. I think my only
options are to either buy a new router or connect the remote office's
cable modem directly to the server. Not really wanting to do the second
option, and would prefer not to spend the money on a new router at the
moment. Any ideas to get around this?

Robert

"Bill Grant" <not.available@online> wrote in message
news:e1ynsXgvHHA.1208@xxxxxxxxxxxxxxxxxxxxxxx
I wasn't talking about the remote branch router. I was talking about
the corporate router. Both routers must have a demand-dial interface
and a corresponding static route. If the branch office makes a
connection without connecting to a demand-dial interface, routing will
not work. Instead of connecting as a router it connects as a simple
remote access client. Instead of a subnet route, you just get a host
route back to the client. So the server can route to the corporate LAN
but machines behind it cannot.

"Robert" <user@xxxxxxx> wrote in message
news:ebhUQHfvHHA.1168@xxxxxxxxxxxxxxxxxxxxxxx
Ok, thats already been done on the remote branch side. On the remote
branch server, the deman dial connection is already made and is
connected 24/7. A static route has been added that matches the
subnet of the corporate network. My problem is, users on the remote
branch office network can't access the corporate network (ie; use the
tunnel that has been made), but the server that has made the
connection can. There is a missing link there. The server that made
the connection can use the tunnel, but the users on the same network
of this server can't? The users on this network (were talking about
the remote site here) use RRAS (same server and software that has
established the tunnel) to access the internet. There is something I
missed.

Robert

"Bill Grant" <not.available@online> wrote in message
news:OxvVI%23dvHHA.1340@xxxxxxxxxxxxxxxxxxxxxxx
You can't do it manually because the interface doesn't exist until
the connection is made.Is this server running RRAS? If so, you
configure a demand dial interface. You then use the static route
wizard to configure a static route for the subnet of the remote site
and select the demand dial interface from the dropdown list as the
interface.

When you make a connction to the server you use the name of the
demand-dial interface as the username. RRAS then connects you to the
correct interface for the calling site (so that you get the correct
subnet for the site. Multiple sites can connect using different dd
interfaces and creating different tunnels.) When the dd interface
becomes active, RRAS adds the static route (which has been stored in
the registry) to the routing table.

"Robert" <user@xxxxxxx> wrote in message
news:e2WKlJZvHHA.3356@xxxxxxxxxxxxxxxxxxxxxxx
OK, I understand, for the most part. On the corporate server, what
do I put in for the gateway on the static route? Here is what I
have so far:

Static Route:
Interface (Local Area Connection 2) --this is the only interface
available on the corporate server
Destination: 192.168.17.0
Subnet: 255.255.255.0
Gateway: ?????

Robert

"Bill Grant" <not.available@online> wrote in message
news:OM%23JB7TvHHA.4796@xxxxxxxxxxxxxxxxxxxxxxx
The reson it doesn't work is, as I said previously, routing is a
two-way process. A static route will get the traffic from one site
to the other, but what happens to the traffic in the other
direction?

As an example, assume that a workstation in one site tries to
ping a workstsation at the other site. The packet goes to the
default router which has a static route pointing to the "other"
site via the point to point link. Everything is fine. What happens
when the target machine tries to reply? As before, the packet goes
to the default router for that site. This router does not have a
route for the private IP subnet of the first site. It tries to
send a reply using its default route (which is probably out to the
Internet). The packet is discarded because private IPs cannot
cross the Internet.

Routing between sites will only work if each router has a
static route for the subnet of the "other" site via the point to
point connection. In this case, the privately addressed packet is
encrypted and encapsulated before it is sent out to the Internet.
(That is, the private traffic between the two private subnets is
tunnelled through the public Internet). The traffic in both
directions must use the tunnel.

"Robert" <user@xxxxxxx> wrote in message
news:%23Mfg8oRvHHA.2068@xxxxxxxxxxxxxxxxxxxxxxx
OK, so if I understand you, I need to create a demand dial
connection on both sides and connect them? I still don't
understand how the lan users on the side that already has the dd
connection made can't access the network, but the machine that
made the connection can.

Robert

"Bill Grant" <not.available@online> wrote in message
news:uJAe2yPvHHA.3356@xxxxxxxxxxxxxxxxxxxxxxx
To get routing working between the two sites you will need
to set up a site to site (also called router to router)
connection. Routing is a two-way process. You must have routes
on the routers at both ends to be able to get from a host in on
site to a host in the other.

To do it using RRAS routers you need one in each site. The
connection is made between the routers. Each router has a static
route to the other site linked to a demand dial interface. The
"calling" router connects to the dd interface on the answering
router. The static route thehn become effective, routing traffic
through the link.

"Robert" <user@xxxxxxx> wrote in message
news:ue3m2aPvHHA.3356@xxxxxxxxxxxxxxxxxxxxxxx
Yes, your right. Here is the setup:

Branch Office
Server "WAN"
IP: 192.168.16.11
Subnet: 255.255.255.0
Gateway: 192.168.16.1

Server "LAN"
IP: 192.168.17.2
Subnet: 255.255.255.0
Gateway: "None"

Client IP Setup:
IP: 192.168.17.25
Subnet: 255.255.255.0
Gateway: 192.168.17.2

I used static ip addressing on the clients to make it easier.
The clients can connect to the internet just fine, but can't
browse the remote network. The server already has the demand
dial interface connected and I can browse the remote network
from the server, but not from the clients. I can also browse
the branch office server from the corporate office network
(clients or servers). Hope this helps.

Robert

"DanJ" <DanJ@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:86B7F4B6-6171-4EC1-97F6-77EF1FE487E7@xxxxxxxxxxxxxxxx
Hi,

Am I right in assuming that the Branch office server itself
has the demand
dial interface?
Also, if that is the case, I assume the client PCs have their
default
gateway set to the LAN IP Address of the Branch Office
Server... is that the
case?

It may be worth doing a Tracert to ensure that the Client PCs
are going the
correct route.

The Static route needs to specify the Demand Dial Interface as
the
'Interface' for the Static Route. Specify destination IP
Address and Subnet
Mask for the remote network.

If you can provide a little more info, I may be able to help
more, sorry
this response is slightly vague.

Dan
MCSA MCSE 2000/2003



"Robert" wrote:

I have a branch office of which I am setup a demand dial
interfact for the
network to the corporate office. I can browse resources on
the coporate
network from the branch server, but users on the branch lan
cannot. They
can access the internet, but nothing on the corporate web. I
have done a
million different combinations of static routes so the lan
users can access
the corporate network, but nothing seems to be working. Can
anyone help me
out here? I'm at a loss.

Robert





























.

Relevant Pages

  • Re: static routing
    ... Connections work going out from inside the router, ... I'll have to remove the router and connect the server directly to the cable ... A static route has been added that matches the subnet ...
    (microsoft.public.windows.server.networking)
  • Re: Connection from remote computer to network SQL Server
    ... There is no firewall on the W2K machine acting as the SQL server. ... I tried making the SQL machine a "trusted" on the router. ... connection works. ... To find the IP address of your computer inside the network, ...
    (microsoft.public.access.adp.sqlserver)
  • Re: Networking Question - VLANs on SBS 2003 Premium SP1
    ... port on the old router so I now have a segregated WLAN. ... be sure you do not enable any DHCP server in internal network. ... On the Connection Type page, click Broadband, and then click Next. ... On the Network Connection, You must enable and configure the network ...
    (microsoft.public.windows.server.sbs)
  • Re: Urgent! New router and big disaster
    ... seleting full time broadband connection. ... Les Connor [SBS Community Member - SBS MVP] ... check the router as well and unless I missed a firewall setting on it, ... Anyway the Server Ipconfig /all is this... ...
    (microsoft.public.windows.server.sbs)
  • Re: Still cant connect to RWW or OWA remotely
    ... As for error messages when I fail to access RWW with the laptop, ... the server) when you fail to access RWW with the laptop? ... I tried accessing RWW from my laptop connected to a router ... match the broadband connection, the two NIC firewall, the remote ...
    (microsoft.public.windows.server.sbs)