Ghost IP assignmnet

[Egbert Nierop \(MVP for IIS\)]

Does anybody have an idea, why Ras on 2003 assigns a 'ghost' IP address on
'internal' after some runtime hours?

This is very nasty since it causes the DNS server to 'think' there are two
IP addresses on the same NIC (ethernet).

My 2003 server, has a static IP address of 192.168.0.7.

After some time, it will have (for instance) 192.168.0.22 as well and this
causes clients to initiate traffic on that address as well.

I use RAS only for VPN connections through the internet.

 

[Bill Grant]

The internal interface acquires an IP address as soon as a remote user
connects. This interface is the server end of the RAS/VPN connection.

The problems this can cause are discussed in KB 292822 and 830063 .

 

[Egbert Nierop \(MVP for IIS\)]

The internal interface acquires an IP address as soon as a remote user
connects. This interface is the server end of the RAS/VPN connection.

The problems this can cause are discussed in KB 292822 and 830063 .

Thanks.

Suppying a static address pool with another subnetmask as the kb suggested,
solved the issue.

It's rather lame that Windows 2003 does not warn against this when you use
DCHP it should assign a specific DHCP address lease pool on another
subnetwork.

 

[Bill Grant]

Why? Lots of people with simple one segment LANs prefer to use the same
IP subnet for their remotes and let RRAS get a pool of addresses from DHCP.
This has been the default setup since the early days of RAS in NT. The
remote users then have access to all machines on the LAN by default (because
the server acts as a proxy for the remotes). It is only a problem if the
RRAS server is a DC.

If you put the remote users in their own subnet (which I usually do, I
admit) you need to enable IP routing on the RRAS server. You may also need
to modify your LAN routing to allow the remotes full access to the LAN
machines on a routed LAN.

If you read the documentation you will see there is a lot said about the
advantages and disadvantages of using on-subnet or off-subnet addresses for
remotes.

 

[Egbert Nierop \(MVP for IIS\)]

Why? Lots of people with simple one segment LANs prefer to use the same
IP subnet for their remotes and let RRAS get a pool of addresses from
DHCP. This has been the default setup since the early days of RAS in NT.
The remote users then have access to all machines on the LAN by default
(because the server acts as a proxy for the remotes). It is only a problem
if the RRAS server is a DC.

If you put the remote users in their own subnet (which I usually do, I
admit) you need to enable IP routing on the RRAS server. You may also need
to modify your LAN routing to allow the remotes full access to the LAN
machines on a routed LAN.

If you read the documentation you will see there is a lot said about
the advantages and disadvantages of using on-subnet or off-subnet
addresses for remotes.

ah ha,

In fact, I finally started to use VPN because my DSL router, supports the
correct VPN pass-through protocoals (other than passing TCP port 1723).

Happy to meet you as an expert on this. Reading all the docs for all
services on Windows server does not make sense...