I am not sure how to fix it, but I think I know why this happens.
When the remote user connects, it sets up the correct route. It sets up
a subnet route based on the received IP. So you have a route to 172.16.0.0
255.255.0.0 . This route is set up by the client itself (see KB254231). At
this stage the client can't see the DHCP server and it gets its IP address
from the RRAS server as part of the PPP transaction. (The RRAS server leases
IPs from DHCP for this purpose).
After the connection is up, the remote client can get further info from
DHCP by sending a dhcpdiscover message. This is probably when it gets the
more restrictive route. The other possibility is that it comes from a
routing protocol like RIP.
(E-Mail Removed) wrote:
> Neteng,
>
> I can't change the subnetting; I have hundreds of computers set up
> using this scheme.
>
> Is there any way to force the RAS server to obtain IP addresses from a
> particular scope, maybe on a second NIC?
>
> Davis.
>
>
> Neteng wrote:
>> The best thing to do is fix your subnetting and IP addressing scheme.
>>
>> <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed) ps.com...
>>> I have a Windows 2003 RAS server configured for VPN. The server has
>>> one NIC with address 172.16.85.164 mask 255.255.128.0. RAS is
>>> configured to get client IP addresses from a DHCP serve. The DHCP
>>> server issues addresses in the range 172.16.100.1-172.16.100.254
>>> with a mask of 255.255.255.128. This has all been working fine for
>>> months.
>>>
>>> Recently I moved an application server into a subnet and now VPN
>>> clients cannot reach it. The app server has IP address
>>> 172.16.201.170 mask 255.255.255.0.
>>>
>>> When a Win XP VPN client first connects to the RAS server, the
>>> 'route print' command shows an entry like this
>>>
>>> Net Dest Netmask Gateway Interface
>>> Metric 172.16.0.0 255.255.0.0 172.16.100.13 172.16.100.13 1
>>>
>>> where 172.16.100.13 is the IP address of the PPP adapter.
>>> Connections to the app server at 172.16.201.170 are correctly
>>> routed out through the PPP adapter to the RAS server, sent through
>>> the RAS server's default gateway to the app server.
>>>
>>> After a few seconds, the routing entry changes its Netmask to look
>>> like this
>>>
>>> Net Dest Netmask Gateway Interface
>>> Metric
>>> 172.16.0.0 255.255.128.0 172.16.100.13 172.16.100.13 1
>>>
>>> Now packets from the VPN client to the app server are excluded from
>>> this route, get sent to the XP machine's default router which is
>>> outside the internal network and so fail to reach the app server.
>>>
>>> I have found two solutions but both are less than satisfactory.
>>>
>>> Solution 1. Check the "Use default gateway on remote network" box in
>>> the client VPN properties. This works, but now *all* traffic,
>>> including AIM messages, HTTP requests , etc. is routed through the
>>> RAS server when it doesn't need to be. This slows everything down
>>>
>>> Solution 2. Manually add a routing entry to the Win XP client like
>>> this route add 172.16.201.0 mask 255.255.255.0 172.16.100.13 metric
>>> 1
>>> which forces packets to the app server to use the PPP interface.
>>> This works, but is very inconvenient for the user and not simple to
>>> script since the PPP adapter address is different each time.
>>>
>>> What I want is for all and only traffic destined for 172.16.0.0 mask
>>> 255.255.0.0 to use the PPP adapter but don't know how to achieve
>>> that. I thought of having the RAS server use its own static address
>>> pool of client addresses (rather than using DHCP) but don't see how
>>> to set the network mask for that pool.
>>>
>>> Ideas?
>>>
>>> Thanks for your help.
>>> --
>>> Davis
Similar Threads
Linear Mode
