M
Massimo
After a while of struggling with Win2K3's RRAS, I think some help is needed.
I'm the network administrator of an IT company, and I'm trying to set up a
VPN between our main office and some servers housed by an ISP. Our office's
LAN uses addresses 192.168.42.0/255.255.255.0, with 192.168.42.11 and
192.168.42.12 being DCs and DNSs (it's a Windows 2003 native-mode domain). A
Windows 2003 computer manages routing and RAS; it has two NICs, one private
(IP address 192.168.42.1, used as the default gateway by every compute rof
the LAN) and one public. The public NIC uses the address X.Y.Z.66, and is
connected to a small hub where our ISP's router (X.Y.Z.65) is also
connected. So, it works like this:
LAN ----- (192.168.42.1) RRAS (X.Y.Z.66) ----- HUB ----- (X.Y.Z.65)
ROUTER ----- Internet
The RRAS server manages NAT for the private LAN (doing also some port
forwarding for our web and mail server) and VPN access for remote users.
Now, I'm trying to set up a VPN between our remote servers' LAN and ours;
before actually taking the servers to the ISP, I'm doing some tests in the
lab... and I'm having quite peculiar troubles. Here's my test environment:
TESTSERVER (192.168.50.11) ----- (192.168.50.1) TESTRRAS (X.Y.Z.67) -----
HUB
As can be seen, I'm setting up another private LAN, with a test RRAS server
which will create the VPN with the main office. For testing purposes, I gave
another of our public IPs to the test RRAS's public interface, and connected
it to our public LAN's hub (the same as the main router and RRAS). I already
got the NAT up and running on the test LAN, and I'm now trying to set up the
VPN I need.
Here start the troubles.
I created two accounts in Active Directory to be used for RRAS
authentication, and then created two dial-up interfaces (with the same
names) on the two RRAS. I assigned IP addresses 192.168.49.1 and
192.168.49.2 to them (is this right? What addresses should I use for ths
kind of connection? Is it in any way relevant? I also tried with addresses
from both LANs anyway, same problems), and connected the interface from the
test RRAS (I can't connect from the main RRAS because there (still) isn't
any DC in the test site). Everything works fine.
For a while.
After a few minutes, the main RRAS stop working. It loses connectivity on
the public interface (X.Y.Z.66), can't ping the router (X.Y.Z.65) and
generally stops doing its work. Even disconnecting the VPN interface doesn't
help, the only way out of this is to restart the RRAS service.
I tried modifying the addresses, deleting and recreating the inerfaces,
doing anything I could guess of, but I'm stuck with this.
Can someone please help?
Thanks
Massimo
P.S.
I also have another active VPN with another remote LAN, and it works
perfectly! This one uses only two addresses (it's only one computer):
192.168.43.1 for the local interface, and 192.168.43.11 for the remote one.
I really don't know why this one works and the new one doesn't. Anyway, I
didn't talk about this before because it doesn't seem to be in any way
related to the problem I'm having.
I'm the network administrator of an IT company, and I'm trying to set up a
VPN between our main office and some servers housed by an ISP. Our office's
LAN uses addresses 192.168.42.0/255.255.255.0, with 192.168.42.11 and
192.168.42.12 being DCs and DNSs (it's a Windows 2003 native-mode domain). A
Windows 2003 computer manages routing and RAS; it has two NICs, one private
(IP address 192.168.42.1, used as the default gateway by every compute rof
the LAN) and one public. The public NIC uses the address X.Y.Z.66, and is
connected to a small hub where our ISP's router (X.Y.Z.65) is also
connected. So, it works like this:
LAN ----- (192.168.42.1) RRAS (X.Y.Z.66) ----- HUB ----- (X.Y.Z.65)
ROUTER ----- Internet
The RRAS server manages NAT for the private LAN (doing also some port
forwarding for our web and mail server) and VPN access for remote users.
Now, I'm trying to set up a VPN between our remote servers' LAN and ours;
before actually taking the servers to the ISP, I'm doing some tests in the
lab... and I'm having quite peculiar troubles. Here's my test environment:
TESTSERVER (192.168.50.11) ----- (192.168.50.1) TESTRRAS (X.Y.Z.67) -----
HUB
As can be seen, I'm setting up another private LAN, with a test RRAS server
which will create the VPN with the main office. For testing purposes, I gave
another of our public IPs to the test RRAS's public interface, and connected
it to our public LAN's hub (the same as the main router and RRAS). I already
got the NAT up and running on the test LAN, and I'm now trying to set up the
VPN I need.
Here start the troubles.
I created two accounts in Active Directory to be used for RRAS
authentication, and then created two dial-up interfaces (with the same
names) on the two RRAS. I assigned IP addresses 192.168.49.1 and
192.168.49.2 to them (is this right? What addresses should I use for ths
kind of connection? Is it in any way relevant? I also tried with addresses
from both LANs anyway, same problems), and connected the interface from the
test RRAS (I can't connect from the main RRAS because there (still) isn't
any DC in the test site). Everything works fine.
For a while.
After a few minutes, the main RRAS stop working. It loses connectivity on
the public interface (X.Y.Z.66), can't ping the router (X.Y.Z.65) and
generally stops doing its work. Even disconnecting the VPN interface doesn't
help, the only way out of this is to restart the RRAS service.
I tried modifying the addresses, deleting and recreating the inerfaces,
doing anything I could guess of, but I'm stuck with this.
Can someone please help?
Thanks
Massimo
P.S.
I also have another active VPN with another remote LAN, and it works
perfectly! This one uses only two addresses (it's only one computer):
192.168.43.1 for the local interface, and 192.168.43.11 for the remote one.
I really don't know why this one works and the new one doesn't. Anyway, I
didn't talk about this before because it doesn't seem to be in any way
related to the problem I'm having.