ROUTING PROBLEM WITH VPN

Hello,

I am wanting to setup a VPN connection to a domain accross the internet. I
have two domains on different subnets for which I want to connect through
this VPN.

Domain1, and Domain2.
On the Domain1 server I have setup RRAS to accept VPN connections. On
Domain2 server I setup RRAS to initiate a VPN dial to Domain1 server. The
network interface on Domain2 for the VPN dialout is called Romote Router.

The problem is my Domain2 server which is running RRAS will initiate a the
dialout and make a connection as normal. On this server, I can ping and
reach the computers on Domain1 through the VPN connection, however on the
workstations of Domain2, they can't ping or connect to any of the computers
on domain1.

Now, the Subnet for Domain1 is 10.12.3.0 and the subnet for Domain2 is
10.12.4.0. I tried creating a static route on Domain2 RRAS server to
forward all 10.12.3.0 requests to the Remote Router interface. The
workstations default gateway point to the RRAS, which is also the DNS and
PDC for this network.

Why can I reach the Domain1 network when on the RRAS server, but none of the
client computers connected to Domain2 can't access Domain1 computers. Is
there something else I need to do in RRAS on Domain2 server?

Thanks,

James

>
> I am wanting to setup a VPN connection to a domain accross the internet.
> I have two domains on different subnets for which I want to connect
> through this VPN.
>
> Domain1, and Domain2.
> On the Domain1 server I have setup RRAS to accept VPN connections. On
> Domain2 server I setup RRAS to initiate a VPN dial to Domain1 server. The
> network interface on Domain2 for the VPN dialout is called Romote Router.
>
> The problem is my Domain2 server which is running RRAS will initiate a the
> dialout and make a connection as normal. On this server, I can ping and
> reach the computers on Domain1 through the VPN connection, however on the
> workstations of Domain2, they can't ping or connect to any of the
> computers on domain1.
>
> Now, the Subnet for Domain1 is 10.12.3.0 and the subnet for Domain2 is
> 10.12.4.0. I tried creating a static route on Domain2 RRAS server to
> forward all 10.12.3.0 requests to the Remote Router interface. The
> workstations default gateway point to the RRAS, which is also the DNS and
> PDC for this network.
>
> Why can I reach the Domain1 network when on the RRAS server, but none of
> the client computers connected to Domain2 can't access Domain1 computers.
> Is there something else I need to do in RRAS on Domain2 server?
>
> Thanks,


First question: Do you have firewalls in front of these DCs (one at each
site)?

Oliver


>
> James
>

No, there are no firewalls in front of the DC.

The firewall is at the internet connection points, which is through a route
located elsewhere on the LANs. The thing is, that I can ping and reach the
computers on Domain1 on the server that is running RRAS, but no other
computer on the network can.

"Oliver O'Boyle" <(E-Mail Removed)> wrote in message
news:elLh$(E-Mail Removed)...
> >
>> I am wanting to setup a VPN connection to a domain accross the internet.
>> I have two domains on different subnets for which I want to connect
>> through this VPN.
>>
>> Domain1, and Domain2.
>> On the Domain1 server I have setup RRAS to accept VPN connections. On
>> Domain2 server I setup RRAS to initiate a VPN dial to Domain1 server.
>> The network interface on Domain2 for the VPN dialout is called Romote
>> Router.
>>
>> The problem is my Domain2 server which is running RRAS will initiate a
>> the dialout and make a connection as normal. On this server, I can ping
>> and reach the computers on Domain1 through the VPN connection, however on
>> the workstations of Domain2, they can't ping or connect to any of the
>> computers on domain1.
>>
>> Now, the Subnet for Domain1 is 10.12.3.0 and the subnet for Domain2 is
>> 10.12.4.0. I tried creating a static route on Domain2 RRAS server to
>> forward all 10.12.3.0 requests to the Remote Router interface. The
>> workstations default gateway point to the RRAS, which is also the DNS and
>> PDC for this network.
>>
>> Why can I reach the Domain1 network when on the RRAS server, but none of
>> the client computers connected to Domain2 can't access Domain1 computers.
>> Is there something else I need to do in RRAS on Domain2 server?
>>
>> Thanks,
>
>
> First question: Do you have firewalls in front of these DCs (one at each
> site)?
>
> Oliver
>
>
>>
>> James
>>
>
>

> No, there are no firewalls in front of the DC.
>
> The firewall is at the internet connection points, which is through a
> route located elsewhere on the LANs. The thing is, that I can ping and
> reach the computers on Domain1 on the server that is running RRAS, but no
> other computer on the network can.

ok, so long as you actually HAVE firewalls somewhere between your servers
and the internet, we are good to continue .

what you really need is a site-to-site VPN.

http://www.chicagotech.net/site%20to%20site%20vpn.htm

read through this. It should answer a bunch of your questions.

if you are using ISA servers, it's pretty easy to set up a proper, and safe,
s-2-s VPN. But I don't know what you are using.

Oliver

Oliver

>
> "Oliver O'Boyle" <(E-Mail Removed)> wrote in message
> news:elLh$(E-Mail Removed)...
>> >
>>> I am wanting to setup a VPN connection to a domain accross the internet.
>>> I have two domains on different subnets for which I want to connect
>>> through this VPN.
>>>
>>> Domain1, and Domain2.
>>> On the Domain1 server I have setup RRAS to accept VPN connections. On
>>> Domain2 server I setup RRAS to initiate a VPN dial to Domain1 server.
>>> The network interface on Domain2 for the VPN dialout is called Romote
>>> Router.
>>>
>>> The problem is my Domain2 server which is running RRAS will initiate a
>>> the dialout and make a connection as normal. On this server, I can ping
>>> and reach the computers on Domain1 through the VPN connection, however
>>> on the workstations of Domain2, they can't ping or connect to any of the
>>> computers on domain1.
>>>
>>> Now, the Subnet for Domain1 is 10.12.3.0 and the subnet for Domain2 is
>>> 10.12.4.0. I tried creating a static route on Domain2 RRAS server to
>>> forward all 10.12.3.0 requests to the Remote Router interface. The
>>> workstations default gateway point to the RRAS, which is also the DNS
>>> and PDC for this network.
>>>
>>> Why can I reach the Domain1 network when on the RRAS server, but none of
>>> the client computers connected to Domain2 can't access Domain1
>>> computers. Is there something else I need to do in RRAS on Domain2
>>> server?
>>>
>>> Thanks,
>>
>>
>> First question: Do you have firewalls in front of these DCs (one at each
>> site)?
>>
>> Oliver
>>
>>
>>>
>>> James
>>>
>>
>>
>
>

I am only running Windows 2003 servers both configured with RRAS. Because I
am only concerned with one-way VPN, does the interface name of the answering
machine have to be the same as the user account name for the connection?

Regards,


James

"Oliver O'Boyle" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>> No, there are no firewalls in front of the DC.
>>
>> The firewall is at the internet connection points, which is through a
>> route located elsewhere on the LANs. The thing is, that I can ping and
>> reach the computers on Domain1 on the server that is running RRAS, but no
>> other computer on the network can.
>
> ok, so long as you actually HAVE firewalls somewhere between your servers
> and the internet, we are good to continue .
>
> what you really need is a site-to-site VPN.
>
> http://www.chicagotech.net/site%20to%20site%20vpn.htm
>
> read through this. It should answer a bunch of your questions.
>
> if you are using ISA servers, it's pretty easy to set up a proper, and
> safe, s-2-s VPN. But I don't know what you are using.
>
> Oliver
>
> Oliver
>
>>
>> "Oliver O'Boyle" <(E-Mail Removed)> wrote in message
>> news:elLh$(E-Mail Removed)...
>>> >
>>>> I am wanting to setup a VPN connection to a domain accross the
>>>> internet. I have two domains on different subnets for which I want to
>>>> connect through this VPN.
>>>>
>>>> Domain1, and Domain2.
>>>> On the Domain1 server I have setup RRAS to accept VPN connections. On
>>>> Domain2 server I setup RRAS to initiate a VPN dial to Domain1 server.
>>>> The network interface on Domain2 for the VPN dialout is called Romote
>>>> Router.
>>>>
>>>> The problem is my Domain2 server which is running RRAS will initiate a
>>>> the dialout and make a connection as normal. On this server, I can
>>>> ping and reach the computers on Domain1 through the VPN connection,
>>>> however on the workstations of Domain2, they can't ping or connect to
>>>> any of the computers on domain1.
>>>>
>>>> Now, the Subnet for Domain1 is 10.12.3.0 and the subnet for Domain2 is
>>>> 10.12.4.0. I tried creating a static route on Domain2 RRAS server to
>>>> forward all 10.12.3.0 requests to the Remote Router interface. The
>>>> workstations default gateway point to the RRAS, which is also the DNS
>>>> and PDC for this network.
>>>>
>>>> Why can I reach the Domain1 network when on the RRAS server, but none
>>>> of the client computers connected to Domain2 can't access Domain1
>>>> computers. Is there something else I need to do in RRAS on Domain2
>>>> server?
>>>>
>>>> Thanks,
>>>
>>>
>>> First question: Do you have firewalls in front of these DCs (one at each
>>> site)?
>>>
>>> Oliver
>>>
>>>
>>>>
>>>> James
>>>>
>>>
>>>
>>
>>
>
>

Yes. The reason is to make sure that you connect to the correct demand
dial interface. Even if there is only one dd interface on the answering
router, you need to specify its name as the username on the calling router.

If the username does not match the name of a demand-dial interface, you
connect as a normal user VPN client, not as a router. When that happens, you
only have a host route back to the calling machine instead of a subnet route
through the tunnel.

James L Williams wrote:
> I am only running Windows 2003 servers both configured with RRAS. Because
> I am only concerned with one-way VPN, does the interface name
> of the answering machine have to be the same as the user account name
> for the connection?
> Regards,
>
>
> James
>
> "Oliver O'Boyle" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>>> No, there are no firewalls in front of the DC.
>>>
>>> The firewall is at the internet connection points, which is through
>>> a route located elsewhere on the LANs. The thing is, that I can
>>> ping and reach the computers on Domain1 on the server that is
>>> running RRAS, but no other computer on the network can.
>>
>> ok, so long as you actually HAVE firewalls somewhere between your
>> servers and the internet, we are good to continue .
>>
>> what you really need is a site-to-site VPN.
>>
>> http://www.chicagotech.net/site%20to%20site%20vpn.htm
>>
>> read through this. It should answer a bunch of your questions.
>>
>> if you are using ISA servers, it's pretty easy to set up a proper,
>> and safe, s-2-s VPN. But I don't know what you are using.
>>
>> Oliver
>>
>> Oliver
>>
>>>
>>> "Oliver O'Boyle" <(E-Mail Removed)> wrote in message
>>> news:elLh$(E-Mail Removed)...
>>>>>
>>>>> I am wanting to setup a VPN connection to a domain accross the
>>>>> internet. I have two domains on different subnets for which I
>>>>> want to connect through this VPN.
>>>>>
>>>>> Domain1, and Domain2.
>>>>> On the Domain1 server I have setup RRAS to accept VPN
>>>>> connections. On Domain2 server I setup RRAS to initiate a VPN
>>>>> dial to Domain1 server. The network interface on Domain2 for the
>>>>> VPN dialout is called Romote Router.
>>>>>
>>>>> The problem is my Domain2 server which is running RRAS will
>>>>> initiate a the dialout and make a connection as normal. On this
>>>>> server, I can ping and reach the computers on Domain1 through the
>>>>> VPN connection, however on the workstations of Domain2, they
>>>>> can't ping or connect to any of the computers on domain1.
>>>>>
>>>>> Now, the Subnet for Domain1 is 10.12.3.0 and the subnet for
>>>>> Domain2 is 10.12.4.0. I tried creating a static route on Domain2 RRAS
>>>>> server to forward all 10.12.3.0 requests to the Remote Router
>>>>> interface. The workstations default gateway point to the RRAS,
>>>>> which is also the DNS and PDC for this network.
>>>>>
>>>>> Why can I reach the Domain1 network when on the RRAS server, but
>>>>> none of the client computers connected to Domain2 can't access
>>>>> Domain1 computers. Is there something else I need to do in RRAS
>>>>> on Domain2 server?
>>>>>
>>>>> Thanks,
>>>>
>>>>
>>>> First question: Do you have firewalls in front of these DCs (one
>>>> at each site)?
>>>>
>>>> Oliver
>>>>
>>>>
>>>>>
>>>>> James