Windows 200 VPN Problem

  • Thread starter Thread starter The Ranger
  • Start date Start date
T

The Ranger

Hi,

Problem:
-------
Clients can successfully connect to the Windows 2000 VPN server but
can't ping/access any of the machines on the LAN in the office. For
now, I am only interested in accessing a machine with a static IP
192.168.1.2.


Setup:
-----
I setup a VPN/RAS server on a machine running Windows 2000 Server.
This server is behind a Linksys BEFW11S4 router.

- I have enabled "PPTP Pass Through", "IPSec Pass Through" and added
Port 47, 1723, and 500 to "Port Triggering" as described on the
Linksys's support section.
- DHCP is enabled on the router

Router IP: 192.168.1.1
VPN Server IP (static): 192.168.1.3, Subnet: 255.255.255.0

-------------------------------------------
CLIENT -- AFTER THE VPN CONNECTION IS MADE:
-------------------------------------------

C:\>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : PC1
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Orinoco Wireless:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : ORiNOCO Wireless LAN PC
Card (5 volt
)
Physical Address. . . . . . . . . : 00-03-91-3E-12-C2
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 199.45.32.43
199.45.32.38
Primary WINS Server . . . . . . . : 172.28.0.11
Lease Obtained. . . . . . . . . . : Sunday, August 24, 2003
11:05:44 PM
Lease Expires . . . . . . . . . . : Monday, August 25, 2003
11:05:44 PM

PPP adapter VPN:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.200
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 192.168.1.200
DNS Servers . . . . . . . . . . . : 209.116.241.10
199.45.32.43
Primary WINS Server . . . . . . . : 192.168.1.1

C:\>

-------------------------------------------

One thing I am puzzled about is that the DHCP assigned a subnet of
255.255.255.255 (see above) to the client. Since the office PC's
running on 255.255.255.0, is this a problem? Also, the gateway of
192.168.1.200 is assigned which doesn't seem right.

I am pulling my hair our trying to figure out what is going on. Any
help will be greatly appreciated.

Thanks
 
Based on the info you supplied, both the client and the server are using
the same IP subnet. The RRAS server is in a LAN using 192.168.1.0 , and the
client is in a wireless subnet also using 192.168.1.0 . The client will
never send any data over the VPN link. Any data for an address in the
192.168.1.0 subnet is local, and will be sent to 192.168.1.100 for direct
delivery.

You will need to change your home LAN to use a different IP subnet, so
that traffic for the remote network will be routed to the VPN connection.

The default gateway setting is fine - it should be the "received" IP.
That just means it is sent to the VPN link. See MS KB 254231 for the
significance of the 32bit subnet. (It only refers to a host route to the
server).
 
It´s more simple if you paste the routing table

on command prompt type "route print".

You have make vpn server RAS to assign the same netmask 255.255.255.0 and
the default gateway is wrong.
The gateway is your vpn server


Ricardo Aviz

Portugal
----------------------------------------------------------------------
 
I have what seems like the same issue ... after applying the 'MSBLAST'
patch, the VPN started to not allow incoming connections via the
Internet. I removed the patch and then we were able to connect via
the VPN, but could not see anything over the VPN, ie, could not ping
our Exchange server or any inside IP.

Still looking for some help with this one ...
 
by the way, I just spend a few hours on the phone with Microsoft, they
said my issue has to do with the fact that I have a single network
card in my Win2k VPN server. I told them I have been running fine
with the single NIC for months, while we were at Win2k SP3, and only
thing we did was update to SP4, and apple the MSBLAST updates, and
then no traffic would route from the VPN client to anything beyond the
VPN server, we can see the VPN server, shares, ping no problem, but
nothing passed that server, ie Exchange. Is this the only answer,
install a second NIC and now use Windows 2000 as our router and VPN
server?

Gotta be a way around this one .... been seeing a bunch of posts about
similar issues, but nothing on how to get passed this.

Any ideas? -thanks
 
Thanks..

I assigned 192.168.2.x IP to the client machines (VPN server's IP is
192.168.1.x), I was able to connect to VPN server and ping machines
without any problem. Only thing is that I couldn't ping by machine
names. I guess that's a WINS issue.

Thanks for the help.
 
If you can ping by IP address, IP routing is working. To ping by name,
you need something to resolve names to IP addresses. For a small number of
machines, you can use host files (dns-style names) or lmhosts files (Netbios
names). To automate it, you need DNS or WINS.
 
Since I am using the Linksys router for DHCP, can the router IP be
used as WINS or DNS?

Thanks
 
Back
Top