rras routing gateway of last resort

  • Thread starter Thread starter Bill Gibson
  • Start date Start date
B

Bill Gibson

We are using 2000 server with rras for dail in and vpn access. The

problem
can
Click to expand...





I am still having trouble with this Issue.

I have tried all combinations I can think of including

Using and not using the gateway on remote machine check box you suggested.

Redistributing the routes from the Cisco EIGRP protocol to RIP and defining

the cisco routers as neighbors.

I also tried declaring a static route to the outside interface through the

loop back interface at the same time declaring the gateway of last resort

still no good.

It seems that if the client is actively connected through VPN and you add

the gateway of last resort he can surf then however if he disconnects he

will not be able to connect again until the static route to the gateway of

last resort is removed.

Where should I go from here??
 
There are really only two options. You either set the client to use
the gateway on the remote system or you don't.

If the "use default gateway.." switch is set, the client uses the remote
server as its default gateway (via the point-to-point link). All non-local
traffic goes over the point-to-point. So it will try to access the Internet
via that server.


If you clear the checkbox, the client keeps its default route to the
Internet connection. You have a split tunnel. Now Internet access remains
active locally, but traffic for your LAN (unless it is in the same subnet as
the "received" address) will not be routed through the link. As you say, you
need to add extra routing on the client.

See KB 254231 for a description of client behavior with regard to this.
 
I understand the use gateway on remote option.
Here is my problem the rras server has an 8 port modem bank plus a direct
internet interface to recieve VPN traffic. The dialin users are usualy
travling execs that use an 800 number to dial in and get mail and such and
would like to be able to surf some from this connection however it will not
show them the "outside world" unless I setup a static route to the(Gateway
of last resort) gateway address on the internal subnet that the inside card
is hooked to. When I do that then no one can connect to the internet address
for VPN use the client gets." Error 678 There was no answer" as soon as the
gateway of last resort is removed you can connect again but the client
cannot go where necessary.
 
This is basically a config problem because you have two Internet
gateways. For the remotes to get to the Internet, the RRAS server's default
gateway needs to be to your Internet router. But for the VPN to work, the
server's default route must be directly out to the Internet.

Your best bet is to give the remotes Internet access through the RRAS
server's Internet connection. Run NAT on it and do the netsh command
described in KB 310888 to allow the remotes to get to the Internet using NAT
on the local machine.
 
Back
Top