RRAS on Win2K3 and routing

  • Thread starter Thread starter John
  • Start date Start date
J

John

I have seen many RRAS routing issues here, but can't find anything
specific to my problem.

I recently upgraded an NT4 PDC with RAS to Win2003 with RRAS. I did
this by installing a new machine with NT4 as a BDC, synchronized the
domain, took it offline, promoted it to a PDC, performed the Win2003
upgrade, took the original NT4 PDC offline, and put the new Win2003
box online.

Everything seems to be working fine. I can successfully establish a
VPN connection and browse the local network as well as the Internet
using the default gateway on the remote network in the client
settings.

However, I cannot access anything over our corporate WAN. The VPN
clients are receiving addresses on the same subnet as the server and
the rest of the local clients. I can trace as far as our router, but
nothing gets passed back.

On a stranger note, I put the original NT4 PDC back online, after
disabling the services it was previously running (DHCP, DNS, WINS,
RAS), and demoted it to a BDC. Routing now works fine over the VPN. No
communication between the VPN client and the NT4 box shows up in a
packet capture.

This seems to be a simple routing issue, and I'm just missing a check
box or something somewhere. Any ideas would be appreciated. Also, why
does putting the old NT4 box online make it work?
 
The situation is a bit odd. If the remote clients receive IP
addresses which are in the same subnet as the LAN machines, no real routing
takes place at the RRAS server. The server just forwards the traffic onto
the LAN as normal frames using MAC addressing. If another machine has a
reply packet, the server replies to the ARP request (ie does proxy ARP),
gets the packet and forwards it over the point-to-point link. So on the rest
of the corporate network, the traffic from remotes is no different from
other machines in the same subnet.

Can the RRAS server itself see the rest of the corporate network? Does
it know what router to use for internal subnets?
 
Dear John,

Thank you for your posting.

According to your post, you cannot WAN resource during VPN session.

If I have misunderstood your concern please don't hesitate to let me know.

1. Could you please describe how the WAN resource fail to be accessed, when
local resource is accessed normally? If there is any error message, please
provide me with its complete content for further research.

2. To narrow down the problem scope, I suggest that you add static routes
to access the WAN network, and then provide the test result. Please refer
to the following article for its complete implementation steps:

178993 How to Use Static Routes with Routing and Remote Access Service
http://support.microsoft.com/?id=178993

Hope it help!

Sincerely,

Seaver Ren

Product Support Services
Microsoft Corporation

Get Secure! - www.microsoft.com/security
 
Dear John,

Thank you for your reply.

1. To clarify the symptom, please provide me with the complete error
message when you access WAN resource.

2. In the meantime, perform the following steps:

a. Please turn on the NT4 machine, perform the following command on the
command mode of VPN Client PC:

tracert 172.17.1.249 > C:\tracert.txt

b. On the NT machine, run "ipconfig /all > C:\NT4IP.txt" (without quoting
marks) command.
c. After that, send the attachments (C:\tracert.txt and C:\Nt4IP.txt files)
to my inbox: mailto:[email protected].

Thank you for the cooperation.

Sincerely,

Seaver
 
Dear John,

I am sorry to hear the delivery problem since it's correct that my e-mail
address is (e-mail address removed). Could you please resend the attachment
again? I appreciate your time and efforts.

Sincerely,

Seaver
 
It appears the problem has been solved. One of our routers did not clear its
arp table properly. The IP entries for the VPN pool were still pointing to
the MAC address of the original NT server. We flushed the table and all
seems to be well again.
 
Dear John,

Thank you for the message. I am glad to know that the problem has been
resolved.

Once again, thank you for choosing Microsoft.

Best Regards,

Seaver Ren
 
Back
Top