Re: Server 2003 RRAS Routing

Enabling routing is simple. You simply enable IP routing in RRAS.

That doesn't automatically solve all your problems. That just enables the router. You need to have the routing in each subnet set up correctly. Remember that getting traffic from point A to point B is only half the solution. There has to be a return route as well.

"Myxx" <Myxx@xxxxxxx> wrote in message news:Q5Nlk.5924$3l5.2778@xxxxxxxxxxxxxxx
Thanks Bill. I appreciate your input and feedback.

All clients are remote, in that they are all home users. I did indeed disable the "use default gateway" switch, mostly for bandwidth reasons at the main site. I didn't want all Internet traffic going through the VPN and then back out the corporate Internet. At the time, it seemed the lesser of two evils.

As it stands, my only solution has been to assign static IPs through AD dial-in permissions, then write a script for each user that adds the remote route based on the assigned IP. Not a wonderful solution, but since I also have to have them map drives, I guess it's not such a terrible hassle to add that in.

Out of curiosity, how do I enable Internet routing through RRAS? I know that's a newbie question, but I'm somewhat of a newbie to RRAS. Unless I disable that switch, users get no internet at all, only access to the corporate systems.

Thanks,

Myxx


"Bill Grant" <not.available@online> wrote in message news:u2sflqE9IHA.2332@xxxxxxxxxxxxxxxxxxxxxxx


"Myxx" <Myxx@xxxxxxx> wrote in message news:0NLkk.2436$3l5.1811@xxxxxxxxxxxxxxx
Hey Windows Server community,

Got a quick one to run by you all. Thanks for taking the time to read through it, and for any responses.

I've got a 2-site organization. Each site has independent Internet T1, as well as an MPLS T1 joined by 2 Cisco routers. All devices inside the network use the MPLS routers as their default gateways. So, no problem with talking back and forth. All that is fine.

Where I have a problem is with static routes through RRAS.

The RRAS server (for PPTP VPN connections) is in one office at hypothetical IP 10.0.0.3, and it's gatway is the MPLS router at hypothetical 10.0.0.5. So no problems with routing there.

The remote office server is on IP192.0.0.2, with a gateway of 192.0.0.5, the MPLS router.

Users in each office can connect to local and MPLS connected systems without a problem. However, when any user attempts to connect to the VPN, they only get routes for the subnet local to the RRAS server. Though I have created static routes in the RRAS configuration area, those routes aren't propogated out to the client.

I can do manual 'route add' to get the routes to the clients, using the PPP interface as the gateway, but that's a lame solution, that doesn't really scale, especially to a non-technical audients. And I don't want to create post-vpn connection batch files they have to run each time. However, when I add the routes manually, all traffic can get through, and all servers are accessible. So it's not a routing problem per se, it's a static route problem.

Any thoughts out there as to why this might be happening, and what I can do to get it working?

Thanks!


Where are the remote clients? Are they connecting from outside (ie not in either site)?

You should not need any routes on the client. By default it will send all traffic through the VPN connection (unless you disable the "use default gateway...." switch). If you disable that it will only send subnet traffic through the tunnel for the subnet matching the received IP.

If you have disabled that switch you are on your own. You cannot pre-configure routes because there is no address you can use as the gateway address (since this isn't allocated until the VPN connection is made). In RRAS you can use a demand-dial interface, but that doesn't exist in the client OS.

The only viable solution is to have a script which runs when the client connects. The script would need to get the IP address of the connection and plug it into the route commands.


.

Relevant Pages

  • Re: Confusing Route issue.
    ... It seems you have indeed isolated the issue to an XP routing issue. ... The best workaround I can suggest is removing the static routes from all the ... create static routes on the corporate router to the other ... They are opening and saving CAD files from our customer. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Connecting 2 seperate subnets - 2 NICS
    ... Routing is a two-way process. ... that it can get to 192.168.0.0 via the Cisco router. ... Routing will fail if the remote site doesn't how to reach your subnet ... To get traffic for 192.168 to the RRAS router, add a static route to this ...
    (microsoft.public.windows.server.networking)
  • Re: getting routes from internet facing routers
    ... Attacker can get the routing info by exploiting routing protocol in ... Just have a proper ACL on the router, ... seeing what private IP routes ... Securing Apache Web Server with thawte Digital Certificate ...
    (Security-Basics)
  • Re: Two Routers VPN Community Wireless
    ... The routing table is standard with the primary gateway at 192.168.12.138. ... I think I have a understanding of how routes work from the PC but combine ... tables in the Router even come into play when the VPN tunnel is established? ... If it would help I can bring the actual routing table in tomorrow from home. ...
    (microsoft.public.windowsxp.network_web)
  • Re: RIP on RRAS to ISA VPN
    ... You shouldn't need RIP. ... simply with static routes (and not clutter up your slow link with router ... Each RRAS router just needs to know where to send traffic ...
    (microsoft.public.isa.vpn)