Re: RRAS VPN IP conflict

Yes, you are probably right. The remote client will still try to deliver
any traffic for a 192.168.1 address locally rather than sending it across
the VPN.

I wouldn't go down the path of giving the servers two NICs. That would
cause more problems than it would solve (especially if any of them were
DCs).

Putting all your servers in a different IP subnet would work. You could
put all of your servers including the RRAS server in 192.168.217.0 and have
your workstations remain in 192.168.1.0 .The remotes would be able to
contact your servers but not the workstations. But if you are prepared to go
to that much trouble it is probably simpler to just change the IP addresses
on your LAN to 192.168.217.0 . It is only the servers with static IPs which
need changing. The workstation will just get their new config from DHCP and
work as before.

"Danny F" <DannyF@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2C9AAC35-3592-4863-B934-0FF2170102F7@xxxxxxxxxxxxxxxx
I tried that but it doesn't work for me if they're coming from a .1
address.
Here is the scenario:

VPN Server:
Physical IP on the interface: 192.168.1.11
Internal IP of logical interface for VPN: 192.168.99.241
VPN IP Pool: 192.168.99.241 - 254

Remote PC 1:
LAN IP: 192.168.1.100
VPN IP: 192.168.99.242

Remote PC 2:
LAN IP: 192.168.25.100
VPN IP: 192.168.99.243

Remote PC 1 can ping 192.168.99.241 but cannot ping 192.168.1.11. I think
because it is still dealing with the issue of being on a .1 LAN IP.

Remote PC 2 can ping both 192.168.99.241 and 192.168.1.11

"Bill Grant" wrote:

That would just complicate the situation. You would then have two
local
subnets and you would need to set it up so thet they could both see each
other and the Internet. Much more complicated than putting the remotes in
their own subnet.

"Danny F" <DannyF@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F27BD46C-37F8-4F09-A7B3-4F58EC9EE90A@xxxxxxxxxxxxxxxx
Bill, thanks for your reply.

I thouhgt of that and tried it but they still can't get to the .1
subnet
because (I think) there still on a .1 local subnet. I tried it with
remote
computers on other subnets and they could get to the .1 address of the
VPN
server but nothing else. Probalby a routing issue.

Arggghh. I inherited this IP. Would have never used it myself had i
built
it.

One though I had was to build out another network 192.168.217.0 and put
the
few servers the vpn users need to access on both networks with two
NIC's
on
each server. one on the .1 subnet on one on the .217 subnet. Any
thoughts?

Thanks again.

"Bill Grant" wrote:

There is no easy way around that problem. A remote machine will not
send
traffic across a VPN link if the target IP is the same IP subnet as
the
local LAN. It will try to deliver the traffic "on the wire", not send
it
to
a router. That is how IP routing works!

The only real solution is to put your remote users in their own IP
subnet, such as 192.168.99.0/24 using a static address pool. You then
have
to enable IP routing on the VPN server and make sure that your LAN
machines
can route to the remote subnet. This will only work automatically if
the
VPN
server is the default gateway for the LAN machines.



"Danny F" <DannyF@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:378EBE4F-4957-4078-8DCE-3DF7B3AD9BB4@xxxxxxxxxxxxxxxx
I am having an issue with VPN and IP settings. I am running Windows
Server
2003 RRAS. We have a 1 subnet internal network on the
192.168.1.0/24
subnet.
The VPN server assigns IP's in the 192.168.1.241 - 254 range. The
problem
I
am having is if the remote computer is connected to a remote network
that
is
also on the 192.168.1.0/24 subnet the remote computer cannot access
anything
on our network. I understand why this happens but need a workaround
or
other
solution. Many wireless routers and DSL configurations run by
default
on
the
192.168.1.0/24 subnet.

Thank you in advance.









.

Relevant Pages

  • Re: Remote Access and ISA Server in SBS 2003?
    ... I am glad to hear the Remote Access Wizard is working fine now. ... there is no difference in VPN between SBS 4.5 and SBS ... Error Message: VPN Connection Error 800: Unable to Establish Connection ... the external NIC of the SBS Server. ...
    (microsoft.public.windows.server.sbs)
  • RE: SBS 2003 sudden services problem over router based vpn
    ... I understand that your remote cannot receive POP3 emails through VPN ... SBS Server through routers. ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN clients unable to connect to other resources.
    ... gateway matches the IP of the remote client, and DNS and WINS point to the ... remote (although it takes close to a minute to connect, ... This is just regular Windows VPN, ... VPN server, remote routing and access running on the SBS 2003 server ...
    (microsoft.public.windows.server.sbs)
  • Re: More on Remote Desktop
    ... You can access both remote and local drives/print locally and remotely/etc, ... Yes a VPN will work just fine. ... >>> and point it to the Static IP of the internal server. ... On the otherside, when you dial up to earthlink, your laptop also gets a ...
    (microsoft.public.windowsxp.network_web)
  • RE: Remote connectivity problems
    ... do you mean you have added a remote client to SBS ... If you have hardware VPN tunnel setup using Linksys or others, ... In this scenario you have to configure the SBS Server computer to enable ...
    (microsoft.public.windows.server.sbs)