VPN client can't find Server#2

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have a Windows 2000 Server with RRAS (Server#1). XP VPN clients connect to #1 successfully
Pinging or connecting to Server #2 gets no response

Do I need a static route to #2

Or is this a firewall issue

Thanks for your help
 
This may be because of address assignment to VPN clients from VPN Server#1.

The client will have some private address which server#2 will not know how
to reach. To confirm this look at the routing table fo server#2 to see if
there is a proper route to reach connected VPN client. You can do a
"tracert -d <client ip address>" to see what path the packet takes.
To solve this problem:
1) Change your address assignment to give addresses which are part of the
public subnet (ie public to your network).
2) Have static routes on server#2.
3) Have NAT on server#1 to translate all private address to public one.

In general:
Doing tracert from both ends ie VPN client and server#2 will help you narrow
down the machine which is dropping the packets.
Once you have found out who is dropping the packets (ie Server#2 or Server#1
because of firewall) then you can analyze further.

Hope it helps
-Pawan

--
 
Is Server#2 is in the same network (i.e. same subnet mask) as Server#1. If
not, you might need to add stactic route to reach to server#2 from server#1.
(Are you able to connect to server#2 from server#1?)

As far as client is concened, when it gets connected to VPN network, Ras
will change the default gateway.
User can change the settings by changing "use default gateway on remote
network" check box at properties of the connectiod ->Networking->TCP/IP
properties.

If user unchecks this option, then at client side user needs to add static
routes to connect to server#2.

--
Thanks
Ashok
(e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Hard to say on that much info!

If you can make a connection, it is unlikely to be the firewall on the
RRAS server. Once the VPN connection is made, the VPN traffic comes through
the firewall encrypted and encapsulated, so the firewall doesn't see the
contents.

Are you sure it isn't just a name resolution problem? Can you ping it by
IP address? If not, a bit more info on your setup is rquired to see what is
happening to the routing.
 
Server #1 & #2 are in the same subnet 192.168.100.X. The firewall acts as the DHCP server
The VPN connection receives a 192.168.100.X address
RRAS is only on server #1

Tracert -d from Server #2 returns request timed out
By putting a WINS entry on the XP VPN client I can resolve the server name. But can't ping by name or address

Do I need to turn on RRAS on server #2?
 
It should work as it is. The RRAS server does proxy ARP for the remote
client, so it should redirect traffic over the VPN link (unless you have
specifically set it up for access to the RRAS server only).

When the RRAS server receives the packet for server2 from the client,
it puts it on the wire using server2's MAC address. The server replies to
the remote client's MAC address. The RRAS server does proxy ARP for the
client, get the frame and relays it over the VPN link. No real routing takes
place (because they are all in the same IP subnet).

Proxy ARP sometimes fails in a switched network. If that is your
problem, you will need to give the VPN client an address in a different
subnet and use IP routing through the RRAS server.

Steve S said:
Server #1 & #2 are in the same subnet 192.168.100.X. The firewall acts as the DHCP server.
The VPN connection receives a 192.168.100.X address.
RRAS is only on server #1.

Tracert -d from Server #2 returns request timed out.
By putting a WINS entry on the XP VPN client I can resolve the server
Click to expand...
name. But can't ping by name or address.
 
In the setup of RRAS the wizard asks if you want VPN clients to see only this computer or the network
I chose this computer. Things change and now they need to see Server #2 on the network

Open RRA
Right click "Server Name
Select propertie
select IP ta
Check off Enable IP routin

Now VPN clients can ping Server #2 successfully
 
Back
Top