RRAS - Tricky Situation & Question

Hi there,

I am setting up a network for a charity and we have two locations, I have
deployed Windows 2003 R2 (about to SP2 them) in their network.

Currently we have the following subnets

192.168.0.0 - HQ Office
192.168.1.1 - Remote Office

We have a Speedtouch USB Modem attached to the servers with a constant
internet connection on them, this routes all traffic to 0.0.0.0 out them.

There is PPTP running between both servers so a link is available, but
clients on each site cant ping each other.

I have tried adding static routes from one to the other without success, can
someone tell me where I am going wrong?

Ideally I would like to be able to ping anything from anywhere, can someone
help with this? Any tips would be very greatfully recived.

Since the Modem attaches to the Server, can I assume there are two NICs in
the server? if yes, have you enable NAT. then I would check the NAT settings
first. Posting the result of routing table here may help too.

--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com


"JSM" <(E-Mail Removed)> wrote in message
news:9F91FFFC-68AC-4C57-B470-(E-Mail Removed)...
> Hi there,
>
> I am setting up a network for a charity and we have two locations, I have
> deployed Windows 2003 R2 (about to SP2 them) in their network.
>
> Currently we have the following subnets
>
> 192.168.0.0 - HQ Office
> 192.168.1.1 - Remote Office
>
> We have a Speedtouch USB Modem attached to the servers with a constant
> internet connection on them, this routes all traffic to 0.0.0.0 out them.
>
> There is PPTP running between both servers so a link is available, but
> clients on each site cant ping each other.
>
> I have tried adding static routes from one to the other without success,
> can
> someone tell me where I am going wrong?
>
> Ideally I would like to be able to ping anything from anywhere, can
> someone
> help with this? Any tips would be very greatfully recived.

"JSM" <(E-Mail Removed)> wrote in message
news:9F91FFFC-68AC-4C57-B470-(E-Mail Removed)...
> I am setting up a network for a charity and we have two locations, I have
> deployed Windows 2003 R2 (about to SP2 them) in their network.
> Currently we have the following subnets
>
> 192.168.0.0 - HQ Office
> 192.168.1.1 - Remote Office

Actually the Remote Office subnet ID would be 192.168.1.0

> There is PPTP running between both servers so a link is available, but
> clients on each site cant ping each other.

Questions:
1. Did you do this with RRAS?
2. Did you create a Site-to-Site VPN and not mistakenly a Remote Access VPN?
3. Does each LAN use their own respective RRAS box as the Default Gateway?
4. Do you know for sure that the "modem" is truely only a "modem" and that
the External Facing Nic of the Server has a true Public IP#?

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

"Phillip Windell" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...

> 4. Do you know for sure that the "modem" is truely only a "modem" and that
> the External Facing Nic of the Server has a true Public IP#?

BTW - For clarity, the external facing Nic would be a "virtual interface"
created in software via the Drivers of the USB Modem. So think of it as an
"imaginary" nic that the Modem plugs into. It should show up in the
properties of Network Places as a "Connection" and you should be able to see
the IP Specs by doing an "IPCONFIG /All" from a commandline.

This "confusion" only exists with USB based "DSL modems". Modems that plug
into a true Ethernet port are plugging into a true physical Nic.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

No there is only one NIC in the Server, it wouldnt be any issue to plonk
another one in there

"Robert L (MS-MVP)" wrote:

> Since the Modem attaches to the Server, can I assume there are two NICs in
> the server? if yes, have you enable NAT. then I would check the NAT settings
> first. Posting the result of routing table here may help too.
>
> --
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on
> http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on
> http://www.HowToNetworking.com
>
>
> "JSM" <(E-Mail Removed)> wrote in message
> news:9F91FFFC-68AC-4C57-B470-(E-Mail Removed)...
> > Hi there,
> >
> > I am setting up a network for a charity and we have two locations, I have
> > deployed Windows 2003 R2 (about to SP2 them) in their network.
> >
> > Currently we have the following subnets
> >
> > 192.168.0.0 - HQ Office
> > 192.168.1.1 - Remote Office
> >
> > We have a Speedtouch USB Modem attached to the servers with a constant
> > internet connection on them, this routes all traffic to 0.0.0.0 out them.
> >
> > There is PPTP running between both servers so a link is available, but
> > clients on each site cant ping each other.
> >
> > I have tried adding static routes from one to the other without success,
> > can
> > someone tell me where I am going wrong?
> >
> > Ideally I would like to be able to ping anything from anywhere, can
> > someone
> > help with this? Any tips would be very greatfully recived.
>
>
>

Sorry I meant that the subnet is 192.168.1.0 - its late and I am tired - sorry!

Now to the questions
1) Yes it was done with RRAS
2) I believe it was a site-to-site VPN in RRAS, I will check that
3) Yes they do, they both sit at .1
4) Its a Speedtouch 330, about as much of a modem as a modem can get, it has
a static IP assigned from the ISP, which is resolveable and I can RDP to the
server.



"Phillip Windell" wrote:

> "JSM" <(E-Mail Removed)> wrote in message
> news:9F91FFFC-68AC-4C57-B470-(E-Mail Removed)...
> > I am setting up a network for a charity and we have two locations, I have
> > deployed Windows 2003 R2 (about to SP2 them) in their network.
> > Currently we have the following subnets
> >
> > 192.168.0.0 - HQ Office
> > 192.168.1.1 - Remote Office
>
> Actually the Remote Office subnet ID would be 192.168.1.0
>
> > There is PPTP running between both servers so a link is available, but
> > clients on each site cant ping each other.
>
> Questions:
> 1. Did you do this with RRAS?
> 2. Did you create a Site-to-Site VPN and not mistakenly a Remote Access VPN?
> 3. Does each LAN use their own respective RRAS box as the Default Gateway?
> 4. Do you know for sure that the "modem" is truely only a "modem" and that
> the External Facing Nic of the Server has a true Public IP#?
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>
>

I have just checked the remote office, the actual interface is listed as a
Demand Dial Interface.

"Phillip Windell" wrote:

> "JSM" <(E-Mail Removed)> wrote in message
> news:9F91FFFC-68AC-4C57-B470-(E-Mail Removed)...
> > I am setting up a network for a charity and we have two locations, I have
> > deployed Windows 2003 R2 (about to SP2 them) in their network.
> > Currently we have the following subnets
> >
> > 192.168.0.0 - HQ Office
> > 192.168.1.1 - Remote Office
>
> Actually the Remote Office subnet ID would be 192.168.1.0
>
> > There is PPTP running between both servers so a link is available, but
> > clients on each site cant ping each other.
>
> Questions:
> 1. Did you do this with RRAS?
> 2. Did you create a Site-to-Site VPN and not mistakenly a Remote Access VPN?
> 3. Does each LAN use their own respective RRAS box as the Default Gateway?
> 4. Do you know for sure that the "modem" is truely only a "modem" and that
> the External Facing Nic of the Server has a true Public IP#?
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>
>

The demand-dial interfaces are where you have to install the routes. Each
dd interface has a route to the "other" site's subnet. (You use the new
static route wizard in RRAS and link the route to the dd interface from the
dropdown list. You do not need to specify an IP address for it here). RRAS
stores the route in the registry until something connects to the dd
interface.

If the site to site connects correctly, both dd interfaces bind to the
connection and the link acts like a (very slow) IP router between sites.

The most common problem is that the connection doesn't bind to the dd
interface on the anwering router. To ensure that it does, you need to use
the name of the dd interface on the answering router as the username when
you initiate the connection.

When the RRAS server detects an incoming request, it checks to see if
the username matches one of its demand-dial interfaces. If it does, the
connection links to to the dd interface and the static route is added to the
routing table. If it does not, the connection is made as a dialup VPN
connection, not a router to router connection. The subnet route does not
become active and you only get a host route back to the caller (so site to
site routing fails).

"JSM" <(E-Mail Removed)> wrote in message
news:36472FF6-D11B-43E1-BBB4-(E-Mail Removed)...
>I have just checked the remote office, the actual interface is listed as a
> Demand Dial Interface.
>
> "Phillip Windell" wrote:
>
>> "JSM" <(E-Mail Removed)> wrote in message
>> news:9F91FFFC-68AC-4C57-B470-(E-Mail Removed)...
>> > I am setting up a network for a charity and we have two locations, I
>> > have
>> > deployed Windows 2003 R2 (about to SP2 them) in their network.
>> > Currently we have the following subnets
>> >
>> > 192.168.0.0 - HQ Office
>> > 192.168.1.1 - Remote Office
>>
>> Actually the Remote Office subnet ID would be 192.168.1.0
>>
>> > There is PPTP running between both servers so a link is available, but
>> > clients on each site cant ping each other.
>>
>> Questions:
>> 1. Did you do this with RRAS?
>> 2. Did you create a Site-to-Site VPN and not mistakenly a Remote Access
>> VPN?
>> 3. Does each LAN use their own respective RRAS box as the Default
>> Gateway?
>> 4. Do you know for sure that the "modem" is truely only a "modem" and
>> that
>> the External Facing Nic of the Server has a true Public IP#?
>>
>> --
>> Phillip Windell
>> www.wandtv.com
>>
>> The views expressed, are my own and not those of my employer, or
>> Microsoft,
>> or anyone else associated with me, including my cats.
>> -----------------------------------------------------
>>
>>
>>

"JSM" <(E-Mail Removed)> wrote in message
news:40D6D1B3-AA89-4C56-92BC-(E-Mail Removed)...
> Sorry I meant that the subnet is 192.168.1.0 - its late and I am tired -
> sorry!
>
> Now to the questions
> 1) Yes it was done with RRAS
> 2) I believe it was a site-to-site VPN in RRAS, I will check that
> 3) Yes they do, they both sit at .1

All good.

> 4) Its a Speedtouch 330, about as much of a modem as a modem can get, it
> has
> a static IP assigned from the ISP, which is resolveable and I can RDP to
> the
> server.

Modems are Layer1 & 2 Devices. They have no IP#,...unless it uses and IP# in
the same way a Switch does which is for management purposes, but I can't
think of anything to manage on it. So I am suspicious of that. But nothing
jumps out at me as being wrong beyond that.

Check out Bill's comments, those things are the next thing you need to look
at.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------