3 Subnets and 1 VPN Server

  • Thread starter Thread starter Leif
  • Start date Start date
L

Leif

I have 3 subnets that I am trying to access through my VPN.

Subnet 1# 10.2.0.0 This is where the VPN is located
and users connect into. They can see any computer on this
subnet.

Subnet #2 + 3 10.0.0.0 & 10.3.0.0 after connected to
the VPN on 10.2.0.0 .If you try and ping any ip address on
either of these subnets they just time out. If you type
in the name of the computer it does resolve the name to
the correct IP address but still times out.

What I want to do is have users connect to the VPN on the
10.2.0.0 subnet .then be able to get to the other subnets
using remote desktop.

If I am sitting at a computer on the 10.2.0.0 subnet and
ping a computer on the other subnets I can.I just can't
through the VPN.

Running:
Windows 2000 server sp4 running RRAS with 2 Nic's in the
server. One Nic is to my internal network 10.2.0.0 and
the other is to the outside world.

How can I get this to work?

Thanks,

-Leif
 
Leif said:
I have 3 subnets that I am trying to access through my VPN.

Subnet 1# 10.2.0.0 This is where the VPN is located and users connect
into. They can see any computer on this subnet.

Subnet #2 + 3 10.0.0.0 & 10.3.0.0 after connected to the VPN on
10.2.0.0 .If you try and ping any ip address on either of these subnets
they just time out. If you type in the name of the computer it does
resolve the name to the correct IP address but still times out.

What I want to do is have users connect to the VPN on the 10.2.0.0 subnet
.then be able to get to the other subnets using remote desktop.

If I am sitting at a computer on the 10.2.0.0 subnet and ping a computer
on the other subnets I can.I just can't through the VPN.
Click to expand...

Hi Leif,

The basic answer on Windows 2000 is to enable the "use default gateway on
remote network" checkbox on the client. That way, when the VPN is
established, the client's default gateway becomes the VPN route. The
side-effect of this is that many people complain that they can no longer
browse the web when the VPN is connected, since all non-local traffic is
now being routed through the VPN connection. Disabling the "use default
gateway on remote network" option is otherwise known as "split tunneling."

On Server 2003 and later, I believe that you can specify some more routes
when a remote VPN user connects.

HTH,

Bill
 
-----Original Message-----


Hi Leif,

The basic answer on Windows 2000 is to enable the "use default gateway on
remote network" checkbox on the client. That way, when the VPN is
established, the client's default gateway becomes the VPN route. The
side-effect of this is that many people complain that they can no longer
browse the web when the VPN is connected, since all non- local traffic is
now being routed through the VPN connection. Disabling the "use default
gateway on remote network" option is otherwise known as "split tunneling."

On Server 2003 and later, I believe that you can specify some more routes
when a remote VPN user connects.

HTH,

Bill
Click to expand...

First thank you for your responce.

I don't care if users can surf through the VPN. But I do
want them to be able to get to all computers on the
network. :)

With that said. I removed the check mark from "use
default gateway" and still no go. I did a IPCONFIG /ALL
after removing the check mark and No default gateway shows
up. I know this is a routing issue...I am just not sure
how to fix it.

Thanks,

-Leif
 
Currently I have 50 ip's set aside for the VPN all on the
10.2.x.x subnet.

So the easy fix would be? :)

thanks again for all your help.

-Leif
 
What IP addresses do the clients get? 10.2.x.x ? This should work, but
sometimes doesn't cope in a routed network. It depends on using proxy ARP on
the RRAS server to intercept traffic for the remotes (since they are in the
same IP subnet).

In a routed network, it is best to put the remotes in their own subnet.
Then adjust your LAN routing so that all routers know how to reach the "new"
subnet via the RRAS router.
 
So I tried changing the ip address from the 10.2.x.x to
10.5.x.x ...same problem. Let me try and explain my setup
so that maybe you might be able to help me better.

VPN Server has 2 nic's in it.
Nic #1 is to the outside world.
IP Address: IP address that my ISP gave me
Subnet 255.255.255.0
GW gateway that my ISP Gave me
DNS: DNS servers address that my ISP gave me

Nic #2 Internal Network
IP Address 10.2.0.20
Subnet 255.255.255.0
GW I have tried nothing and with 10.2.0.2 which is the
default for every computer on the network no matter what
subnet you are in.
DNS: have tried nothing and 10.2.0.5 which is the DNS
server for all computers on the network no matter what
subenet you are in.

After connecting to the VPN from a client my setting are
as follows:
IP: assigned by VPN Server 10.2.0.26-49
subnet 255.255.255.255
GW same as IP address assigned during connection
DNS 10.2.0.5
WINS 10.2.0.5

If I uncheck the "use default gateway" on the client
side...no GW shows up when I do a ipconfig /all

I can ping all computers that are on the same subnet as
the VPN server but I time out on all computers that are on
the 10.3.x.x and 10.0.x.x subnets.

If I am sitting in front of the VPN server and ping any
computer on any of the subnets it works.

So...what can I do to try and make this work?

Again Bill...thank you for all your time and help with my
problem.

Thanks,

-Leif
 
If you really want to stick with 10.2 addresses, you will just have to
monitor the traffic on the LAN and see where it fails. But it will be a lot
of work, and may not solve the problem anyway. Some switches just don't
handle proxy ARP well!

If you put the remote clients in their own subnet, it is a straight
forward routing situation. Enable LAN routing on the RRAS server, and use
normal routing techniques to get the traffic through. Make sure that all
your internal routers forward traffic for the remote subnet so that it
reaches the RRAS server. Also remember that there must be a route in both
directions. Traffic from the remotes must reach the other IP subnets and
there must be a route back again.
 
Well after some more playing I figured out my problem.

I went into the Routing and Remote Access screen. Under
IP Routing went to Static Routes and added my ohter
subnets. In my cast it was:
Destination
10.0.0.0 255.255.255.0 /10.2.0.2
 
Well after some more playing I figured out my problem.

I went into the Routing and Remote Access screen. Under
IP Routing went to Static Routes and added my ohter
subnets. In my cast it was:
Destination
10.0.0.0 255.255.255.0 /10.2.0.2
 
Back
Top