Unable to get clients machines to communicate over VPN tunnel

  • Thread starter Thread starter Curtis Fray
  • Start date Start date
C

Curtis Fray

First of all I'll apologise in advance for cross-posting. I've put a similar
post in a <win2000.general> group but have not had a reply so I'm hoping
this designated RRAS group may be able to help me.

Ok, I've set up a two-way VPN connection between between siteA
<192.168.184.0> and siteB <192.168.204.0>. Both sites have Windows 2003
servers and XP Professional clients only.

I can establish the tunnel without a problem. From the siteA server I can
ping the siteB server and all the siteB workstations by their internal
range. From siteB server I can do the same for siteA. However, what I can't
do is get the workstations from either site to contact the corresponding
site. If I do a TRACERT from a workstation at siteA I can see it's routing
to the siteA server, but it doesn't go anywhere from there. SiteB
workstations don't get any further than the siteB server.

I've gone over the Microsoft article called "Vitual Private Networking with
Windows Server 2003: An Example Deployment" and although I've set it up as
per their recommendations (using PPTP encryption) this has not resolved my
problem.

If anyone can offer me any help it would be greatly appreciated.

Thanks in advance,

Curtis.
 
We need more information to help. Do these servers have two NICs? if yes, have you enable IP routing? Also posting the results of the ipconfig /all and touring table here may help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
First of all I'll apologise in advance for cross-posting. I've put a similar
post in a <win2000.general> group but have not had a reply so I'm hoping
this designated RRAS group may be able to help me.

Ok, I've set up a two-way VPN connection between between siteA
<192.168.184.0> and siteB <192.168.204.0>. Both sites have Windows 2003
servers and XP Professional clients only.

I can establish the tunnel without a problem. From the siteA server I can
ping the siteB server and all the siteB workstations by their internal
range. From siteB server I can do the same for siteA. However, what I can't
do is get the workstations from either site to contact the corresponding
site. If I do a TRACERT from a workstation at siteA I can see it's routing
to the siteA server, but it doesn't go anywhere from there. SiteB
workstations don't get any further than the siteB server.

I've gone over the Microsoft article called "Vitual Private Networking with
Windows Server 2003: An Example Deployment" and although I've set it up as
per their recommendations (using PPTP encryption) this has not resolved my
problem.

If anyone can offer me any help it would be greatly appreciated.

Thanks in advance,

Curtis.
 
Is the VPN router the default gateway for each site? If it is, the VPN
link should work like a simple (slow) IP router. If the VPN router is not
the default gateway, you will need extra routing to get the traffic to the
VPN router.

Does each VPN router have a route to the subnet of the "other" site
through the tunnel? Check the routing table when the connection is up.
 
Hi Bob,

I'm sorry for the slow reply. The physical line between the sites went down last week and it's only just come back up. Hopefully you'll still see this reply.

In answer to you questions, yes both servers have two NICs. IP Routing is enabled in RRAS under the IP tab of the RRAS Server's properties. Is that correct?

Below are the Routing Tables and IP Configuration info from each site. (NB I've altered the domain names). I've checked again this morning and it's still as it was last week. From each site's RRAS server I can ping everything on the corresponding network but if I try and ping from the clients, the ping gets as far as the RRAS server but doesn't go any further. I have put the results of a TRACERT from a SiteA client and the SiteA RRAS Server at the bottom so you can see this for yourself.

In the tables for the SiteB RRAS Server you'll notice some entries for 192.168.184.1. This is a cisco router at our site. This has had a route added so any traffic for the 192.168.204.x addresses will get routed back to the RRAS server.

If you need further info please let me know. My reply should be a bit quicker this time!

********************* "SITE A" INFO *********************

Windows IP Configuration

Host Name . . . . . . . . . . . . : chesham
Primary Dns Suffix . . . . . . . : domain2.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : domain2.com

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.204.100.1
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :

Ethernet adapter To the Chiltern Intranet:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-14-22-0B-3F-56
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.204.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1

Ethernet adapter To the Internet:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100+ Management Adapter
Physical Address. . . . . . . . . : 00-90-27-87-3C-4F
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.190.127.10
Subnet Mask . . . . . . . . . . . : 255.255.255.128
Default Gateway . . . . . . . . . : 10.190.127.1
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Disabled

PPP adapter VPN_Verney:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.184.29
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.184.51
NetBIOS over Tcpip. . . . . . . . : Disabled


C:\>route print

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x10003 ...00 14 22 0b 3f 56 ...... Intel(R) PRO/1000 MT Network Connection
0x10004 ...00 90 27 87 3c 4f ...... Intel(R) PRO/100+ Management Adapter
0x90005 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.190.127.1 10.190.127.10 20
10.190.127.0 255.255.255.128 10.190.127.10 10.190.127.10 20
10.190.127.10 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.190.127.10 10.190.127.10 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.184.0 255.255.255.0 192.168.184.28 192.168.184.29 1
192.168.184.28 255.255.255.255 192.168.184.29 192.168.184.29 1
192.168.184.29 255.255.255.255 127.0.0.1 127.0.0.1 50
192.168.184.255 255.255.255.255 192.168.184.29 192.168.184.29 50
192.168.200.0 255.255.255.0 192.168.184.28 192.168.184.29 1
192.168.204.0 255.255.255.0 192.168.204.10 192.168.204.10 20
192.168.204.10 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.204.255 255.255.255.255 192.168.204.10 192.168.204.10 20
192.204.100.1 255.255.255.255 127.0.0.1 127.0.0.1 50
194.227.80.64 255.255.255.255 10.190.127.1 10.190.127.10 20
224.0.0.0 240.0.0.0 10.190.127.10 10.190.127.10 20
224.0.0.0 240.0.0.0 192.168.184.29 192.168.184.29 50
224.0.0.0 240.0.0.0 192.168.204.10 192.168.204.10 20
255.255.255.255 255.255.255.255 10.190.127.10 10.190.127.10 1
255.255.255.255 255.255.255.255 192.168.184.29 192.168.184.29 1
255.255.255.255 255.255.255.255 192.168.204.10 192.168.204.10 1
Default Gateway: 10.190.127.1
===========================================================================
Persistent Routes:
None

********************* "SITE B" INFO *********************

C:\>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : domain1dc4
Primary Dns Suffix . . . . . . . : domain1.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : domain1.com

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.184.28
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :

Ethernet adapter To the Verney Intranet:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection #
2
Physical Address. . . . . . . . . : 00-11-43-E4-1F-84
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.184.72
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.184.51

Ethernet adapter To the Internet:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-11-43-E4-1F-83
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.184.71
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : 192.168.184.71
DNS Servers . . . . . . . . . . . : 192.168.184.51
NetBIOS over Tcpip. . . . . . . . : Disabled

PPP adapter VPN_ChilternCourt:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.204.100.2
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.204.10
NetBIOS over Tcpip. . . . . . . . : Disabled

C:\>


C:\>route print

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x10003 ...00 11 43 e4 1f 84 ...... Intel(R) PRO/1000 MT Network Connection #2
0x10004 ...00 11 43 e4 1f 83 ...... Intel(R) PRO/1000 MT Network Connection
0x70005 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.184.71 192.168.184.71 10
10.190.127.10 255.255.255.255 192.168.184.1 192.168.184.71 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
129.1.0.0 255.255.0.0 192.168.184.1 192.168.184.72 1
192.168.184.0 255.255.254.0 192.168.184.71 192.168.184.71 10
192.168.184.0 255.255.254.0 192.168.184.72 192.168.184.72 10
192.168.184.28 255.255.255.255 127.0.0.1 127.0.0.1 50
192.168.184.29 255.255.255.255 192.168.184.28 192.168.184.28 1
192.168.184.71 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.184.72 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.184.255 255.255.255.255 192.168.184.71 192.168.184.71 10
192.168.184.255 255.255.255.255 192.168.184.72 192.168.184.72 10
192.168.200.0 255.255.255.0 192.168.184.1 192.168.184.72 1
192.168.204.0 255.255.255.0 0.0.0.0 192.204.100.2 1
192.168.204.0 255.255.255.0 192.204.100.1 192.204.100.2 1
192.204.100.1 255.255.255.255 192.204.100.2 192.204.100.2 1
192.204.100.2 255.255.255.255 127.0.0.1 127.0.0.1 50
192.204.100.255 255.255.255.255 192.204.100.2 192.204.100.2 50
224.0.0.0 240.0.0.0 192.168.184.71 192.168.184.71 10
224.0.0.0 240.0.0.0 192.168.184.72 192.168.184.72 10
224.0.0.0 240.0.0.0 192.204.100.2 192.204.100.2 50
255.255.255.255 255.255.255.255 192.168.184.71 192.168.184.71 1
255.255.255.255 255.255.255.255 192.168.184.72 192.168.184.72 1
255.255.255.255 255.255.255.255 192.204.100.2 192.204.100.2 1
Default Gateway: 192.168.184.71
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
129.1.0.0 255.255.0.0 192.168.184.1 1
192.168.200.0 255.255.255.0 192.168.184.1 1

C:\>


********************* TRACERT FROM SITE A CLIENT *********************

C:>tracert 192.168.184.73

Tracing route to 192.168.184.73 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms 192.168.204.10
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * ^C
C:\>

********************* THE SAME TRACERT FROM SITE A SERVER *********************

C:\>tracert 192.168.184.73

Tracing route to 192.168.184.73
over a maximum of 30 hops:

1 15 ms 15 ms 14 ms 192.168.184.28
2 14 ms 14 ms 14 ms 192.168.184.73

Trace complete.

C:\>


We need more information to help. Do these servers have two NICs? if yes, have you enable IP routing? Also posting the results of the ipconfig /all and touring table here may help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
First of all I'll apologise in advance for cross-posting. I've put a similar
post in a <win2000.general> group but have not had a reply so I'm hoping
this designated RRAS group may be able to help me.

Ok, I've set up a two-way VPN connection between between siteA
<192.168.184.0> and siteB <192.168.204.0>. Both sites have Windows 2003
servers and XP Professional clients only.

I can establish the tunnel without a problem. From the siteA server I can
ping the siteB server and all the siteB workstations by their internal
range. From siteB server I can do the same for siteA. However, what I can't
do is get the workstations from either site to contact the corresponding
site. If I do a TRACERT from a workstation at siteA I can see it's routing
to the siteA server, but it doesn't go anywhere from there. SiteB
workstations don't get any further than the siteB server.

I've gone over the Microsoft article called "Vitual Private Networking with
Windows Server 2003: An Example Deployment" and although I've set it up as
per their recommendations (using PPTP encryption) this has not resolved my
problem.

If anyone can offer me any help it would be greatly appreciated.

Thanks in advance,

Curtis.
 
Hi Bill,

I've sent quite a detailed reply to Bob's message. It should contain the
answers to your questions. Please have a read through and let me know your
thoughts.

Thanks for your input.

Curtis.

--
 
Back
Top