VPN issue with XP SP2

[Steve Carr]

I have two internal networks, one with a 10.0.0.0 etc Subnet and one withe a
172.16.0.0 subnet. THere is a firewall between the two subnets the just
allows access on http and https to a few web sites (our 10.0.0.0 subnet is
open to students and the public and thus needs to be segmented from the rest
of our systems). Now, for faculty who want to access more then the few
websites from a publicly available port (on the 10.0.0.0 network), we have
set up a multi-homed Win2000 server (all the SP's and patches) with RRAS as
a VPN server (the NIC on 10.0.0.0 is filtered for PPTP and IPSec etc).
Problem is, when the machine used is a XP SP2 machine it sometimes works
fine and sometimes takes for ever to log in (the VPN connection always works
immediately) and when you do get in nothing really works (no mappings from
scripts no access to anything on the 172.6.0.0 network). Of course if I log
into the workstation under a local (or cahced) account and THEN connect to
the VPN RAS, I can connect to anything (manually map drives, browse to
internal websites). So it makes me think it is a timing issue or a
concurrent use of resources problem etc. Anyone have any ideas on how to
make the login play nicer?

 

[Steve Carr]

one extra thing to look at is that the reason it sometimes doesn't work is
that it "forgets" to add a route for the 172.16.0.0 network to go to the
172.16.0.0 interface (VPN connection)
ex:
172.16.0.0 255.255.0.0 172.16.2.31 172.16.2.31 (if .31 was the interface).

If it does add this route, it works perfectly but that is at best 1 in 4
times

 

[Robert L [MS-MVP]]

it sounds like DNS issue. where is your DNS?

--
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
Networking Solutions, http://www.chicagotech.net/networksolutions.htm
VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm
VPN Process and Error Analysis, http://www.chicagotech.net/VPN process.htm
VPN Troubleshooting, http://www.chicagotech.net/vpn.htm
This posting is provided "AS IS" with no warranties.

 

[Steve Carr]

thanks for the reply. There is a DNS server (or two) on both sides of the
firewall. DNS seems to work fine but the routes get screwy. I did figure out
a little more (enough to have a workaround but not a solution). It seems
that if the IP given for the VPN connection is in the same class C as the IP
for the RRAS then all is well (even though the subnet is not a class C but a
class B). Weird. Any other thoughts?