Win2003 Routing/VPN Issue

[Chris Bond]

Got an interesting one here cant seem to get a working
solution
round it.

Got a Windows 2003 Server which is the AD Controller
acting as VPN
Server.

The machine has two networks cards in say 192.168.2.2
being the
primary network with no default gateway. The second
network card is
192.168.1.2 with a default gateway of 192.168.1.254.

The VPN Server is bound to the 192.168.2.2 interface and
uses dhcp
to allocate the addresses.

What we effectively need to do is allow VPN users on
192.168.2.x
segment allowed access to 192.168.1.x segment. From the
server
itself you can ping both segments and connect to both
networks its
only when you vpn in it stops access to the other
segement.

Any ideas? this is driving me nuts!

 

[Bill Grant]

Do you want the two subnets to see each other and also use 192.168.1.254
as their gateway router?

You will need to add extra routing info to the gateway router so that it
knows it can reach 192.168.2 addresses via the RRAS router. eg

192.168.1.254
|
workstations
192.168.1.x dg 192.168.1.254
|
192.168.1.2 dg 192.168.1.254
RRAS
192.168.2.2 dg blank
|
workstations
192.168.2.x dg 192.168.2.2

The gateway router needs a route to send traffic for 192.168.2 to the
RRAS router. eg

192.168.2.0 255.255.255.0 192.168.1.2

It is not a great idea to have a DC acting as a router and/or a VPN
server, especially if it is the only DC. This can cause all sorts of
problems with name resolution and browsing. I would look at making some
other device the LAN router and making the DC singlehomed. You may still get
name/browsing problems when a remote client connects. See KB 292822.