Can't see internal machines over VPN

After going through "Virtual Private Networking with Windows Server
2003: Deploying Remote Access VPNs"
(http://www.microsoft.com/technet/pro.../vpndeplr.mspx)
I thought I had all the tools necessary to deploy a VPN solution here
at home, but apparently I'm still missing something.

I've got a Windows Server 2003 Standard Edition box with two static-IP
NICs that I'm using for my VPN server, and I've configured it for PPTP
access (no RADIUS), opting out of the automatic port filtering
configuration. I've got the port forwarding and PPTP Pass Through
configured on my Linksys BEFSR41 router (firmware version 1.46.02).

And indeed, everything connection/authentication-related seems to be
working fine. I can connect to my VPN server without any problems.
Once connected, I can ping both of the local network interfaces of the
VPN server. But I can't ping any other machines on the network (and I
skipped name resolution and went straight for IP addresses; no dice).

It almost seems like some sort of permissions configuration that I'm
missing. That, or something to do with misconfigured gateways maybe.
Anyway, I've been scouring the 'net without much success for a
solution. Any help would be greatly appreciated at this point!

Thanks,
Kevin

quoted from http://www.chicagotech.net/routingissuesonvpn.htm

Can ping VPN server only but not other resources
Symptom: after establishing VPN, you can ping and access the VPN server, but not other servers and the network resources.

Cause: 1. incorrect NAT/Firewall settings.
2. ISA/Proxy blocking.
3. Disable IP routing/forwarding.

For more and other information, go to http://howtonetworking.com.

Don't send e-mail or reply to me except you need consulting services. Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.

<(E-Mail Removed)> wrote in message news:(E-Mail Removed) oups.com...
After going through "Virtual Private Networking with Windows Server
2003: Deploying Remote Access VPNs"
(http://www.microsoft.com/technet/pro.../vpndeplr.mspx)
I thought I had all the tools necessary to deploy a VPN solution here
at home, but apparently I'm still missing something.

I've got a Windows Server 2003 Standard Edition box with two static-IP
NICs that I'm using for my VPN server, and I've configured it for PPTP
access (no RADIUS), opting out of the automatic port filtering
configuration. I've got the port forwarding and PPTP Pass Through
configured on my Linksys BEFSR41 router (firmware version 1.46.02).

And indeed, everything connection/authentication-related seems to be
working fine. I can connect to my VPN server without any problems.
Once connected, I can ping both of the local network interfaces of the
VPN server. But I can't ping any other machines on the network (and I
skipped name resolution and went straight for IP addresses; no dice).

It almost seems like some sort of permissions configuration that I'm
missing. That, or something to do with misconfigured gateways maybe.
Anyway, I've been scouring the 'net without much success for a
solution. Any help would be greatly appreciated at this point!

Thanks,
Kevin

Sweet relief, I *finally* figured out what was going on here (after two
days of not-so-fun troubleshooting).

First, I had to turn off DHCP on the Linksys router, and configure it
on my DC, then point to the DC's IP address in the DHCP Relay Agent
settings of the RRAS.

Second, I had to remove the Internal interface from the DHCP Relay
Agent interfaces, even after I added my Intranet NIC to the interfaces,
because the Internal interface was getting the DHCP requests, and
dropping them.

I should point out that for my NIC configurations, I have the WAN NIC
configured with no default gateway, and the LAN NIC configured with the
default gateway of my intranet. I only mention this because it's the
one area I never found adequately explained; in fact, it was explained
in contradicting ways between different web sites. I even found a page
on Microsoft's site which said to not set default gateways on either
interface, and set static routes in the RRAS configuration for both. I
followed their routing suggestions, and could no longer connect to the
VPN server at all (a step backwards).

So anyway, I finally have a VPN setup for a home solution. I'm
surprised there isn't a definitive source of information for a home
setup like this. Eveything I found was either a little too basic
("Protocol 47 != Port 47" -- yeah, I get it), or too complex ("Here's
how to set it up with RADIUS *and* certificates *and*
router-router-to-router *and*...."). Microsoft's guide was pretty
darned good; I just felt like it was missing at the very least some
related links to some of the routing/networking fundamentals involved.
That "Internal" interface really messed me up for a while.

Kevin