RRAS on W2K3

Dear all,

I have setup a W2K3.SP2 server having two NICs. NIC-1 is connected directly
to the ISP using a PPPoE connection (thus giving this NIC two IP addresses).
NIC-2 is then connected to the LAN having a static IP of 192.168.0.1. I have
used the RRAS wizard to allow the Windows server to act as a NAT and VPN
server at the same time. Furthermore, I have established a demand-dial NIC
connection inside the RRAS service and connected successfully.

The problem is now, that neither the Windows server nor any of my Windows XP
clients on the LAN are able to connect to the internet using any browser.
However, they are able to ping public web servers.

What can I do about this?


Thank you in advance.

Gustav Roder

Make sure no VPN filters block the internet access. This how to may help,

VPN SetupHow to configure VPN Packet Filters How do I set up a modem to dial into a remote compute How to configure W2K server as VPN server ...
http://www.chicagotech.net/vpnsetup.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Gustav Roder" <Gustav (E-Mail Removed)> wrote in message news5E0DD7A-23B8-4E7C-A5D3-(E-Mail Removed)...
Dear all,

I have setup a W2K3.SP2 server having two NICs. NIC-1 is connected directly
to the ISP using a PPPoE connection (thus giving this NIC two IP addresses).
NIC-2 is then connected to the LAN having a static IP of 192.168.0.1. I have
used the RRAS wizard to allow the Windows server to act as a NAT and VPN
server at the same time. Furthermore, I have established a demand-dial NIC
connection inside the RRAS service and connected successfully.

The problem is now, that neither the Windows server nor any of my Windows XP
clients on the LAN are able to connect to the internet using any browser.
However, they are able to ping public web servers.

What can I do about this?


Thank you in advance.

Gustav Roder

Hi Robert,

Thank you for your quick reply. OK, so I went through the list in the link
that you provided. Unfortunately, none of the points could solve my problem.
As goes for the filters - no filters (inbound/outgoing) are listed in my RRAS
configuration. Therefore I assume, that there are none - maybe they are
listed elsewhere? Furthermore, I have also tried to setup the W2k3 server
doing 'just' NAT without VPN (using the same wizard). It does not make any
difference. When I disable RRAS and to ICS then it actually works fine. I
should also mention, that this particular server runs the DC service along
with the DHCP and DNS services. Does this prohibit the RRAS service? What am
I missing here?


BR,
Gustav


"Robert L [MVP - Networking]" wrote:

> Make sure no VPN filters block the internet access. This how to may help,
>
> VPN SetupHow to configure VPN Packet Filters How do I set up a modem to dial into a remote compute How to configure W2K server as VPN server ...
> http://www.chicagotech.net/vpnsetup.htm
>
>
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
> "Gustav Roder" <Gustav (E-Mail Removed)> wrote in message news5E0DD7A-23B8-4E7C-A5D3-(E-Mail Removed)...
> Dear all,
>
> I have setup a W2K3.SP2 server having two NICs. NIC-1 is connected directly
> to the ISP using a PPPoE connection (thus giving this NIC two IP addresses).
> NIC-2 is then connected to the LAN having a static IP of 192.168.0.1. I have
> used the RRAS wizard to allow the Windows server to act as a NAT and VPN
> server at the same time. Furthermore, I have established a demand-dial NIC
> connection inside the RRAS service and connected successfully.
>
> The problem is now, that neither the Windows server nor any of my Windows XP
> clients on the LAN are able to connect to the internet using any browser.
> However, they are able to ping public web servers.
>
> What can I do about this?
>
>
> Thank you in advance.
>
> Gustav Roder

It is not recommended to enable RRAS on a DC with DNS. If you do, you may have a connectivity or name resolution issue. If this is your only option, this link may help.

name resolution and connectivity issues on RRASCase Study - Name resolution and connectivity issues on a RRAS that also runs DC, DNS or WINS. A computer that is running Windows Server may have name ...
http://www.howtonetworking.com/cases...dcdnswins1.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Gustav Roder" <(E-Mail Removed)> wrote in message news:0071800F-EE3C-4BBC-8372-(E-Mail Removed)...
Hi Robert,

Thank you for your quick reply. OK, so I went through the list in the link
that you provided. Unfortunately, none of the points could solve my problem.
As goes for the filters - no filters (inbound/outgoing) are listed in my RRAS
configuration. Therefore I assume, that there are none - maybe they are
listed elsewhere? Furthermore, I have also tried to setup the W2k3 server
doing 'just' NAT without VPN (using the same wizard). It does not make any
difference. When I disable RRAS and to ICS then it actually works fine. I
should also mention, that this particular server runs the DC service along
with the DHCP and DNS services. Does this prohibit the RRAS service? What am
I missing here?


BR,
Gustav


"Robert L [MVP - Networking]" wrote:

> Make sure no VPN filters block the internet access. This how to may help,
>
> VPN SetupHow to configure VPN Packet Filters How do I set up a modem to dial into a remote compute How to configure W2K server as VPN server ....
> http://www.chicagotech.net/vpnsetup.htm
>
>
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
> "Gustav Roder" <Gustav (E-Mail Removed)> wrote in message news5E0DD7A-23B8-4E7C-A5D3-(E-Mail Removed)...
> Dear all,
>
> I have setup a W2K3.SP2 server having two NICs. NIC-1 is connected directly
> to the ISP using a PPPoE connection (thus giving this NIC two IP addresses).
> NIC-2 is then connected to the LAN having a static IP of 192.168.0.1. I have
> used the RRAS wizard to allow the Windows server to act as a NAT and VPN
> server at the same time. Furthermore, I have established a demand-dial NIC
> connection inside the RRAS service and connected successfully.
>
> The problem is now, that neither the Windows server nor any of my Windows XP
> clients on the LAN are able to connect to the internet using any browser.
> However, they are able to ping public web servers.
>
> What can I do about this?
>
>
> Thank you in advance.
>
> Gustav Roder

Dear Robert,


Again thank you for your response. I went to the link below and tried out
the case study. In addition, I also followed other related links from that
web site. Unfortunately, nothing seemed to solve my problems. It now occurs
to me, however, that I cannot access the internet when connected using the
dial-demand adapter created from within the RRAS manager. However, if I
create a PPPoE connection under Network Connections and connect using this
'adapter', then I am able to connect to the internet from the server, but
still not the from client(s). If I connect to the ISP using the RRAS
demand-dial adapter, then I am able to ping all the pingable hosts in the
world, but I just cannot connect to them (time-out). I did a tracert to
yahoo.com, and it looked like:

C:\Documents and Settings\Administrator>tracert yahoo.com

Tracing route to yahoo.com [66.94.234.13]
over a maximum of 30 hops:

1 * * * Request timed out.
2 1 ms <1 ms <1 ms geth0-100.gtx00-ves.broadcom.dk
[212.99.255.33]

3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 ^C
C:\Documents and Settings\Administrator>


Not much connection here. Maybe its just not possible to have DC and RRAS on
the same server? Any suggestions fro here?


BR,
Gustav



"Robert L [MVP - Networking]" wrote:

> It is not recommended to enable RRAS on a DC with DNS. If you do, you may have a connectivity or name resolution issue. If this is your only option, this link may help.
>
> name resolution and connectivity issues on RRASCase Study - Name resolution and connectivity issues on a RRAS that also runs DC, DNS or WINS. A computer that is running Windows Server may have name ...
> http://www.howtonetworking.com/cases...dcdnswins1.htm
>
>
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
> "Gustav Roder" <(E-Mail Removed)> wrote in message news:0071800F-EE3C-4BBC-8372-(E-Mail Removed)...
> Hi Robert,
>
> Thank you for your quick reply. OK, so I went through the list in the link
> that you provided. Unfortunately, none of the points could solve my problem.
> As goes for the filters - no filters (inbound/outgoing) are listed in my RRAS
> configuration. Therefore I assume, that there are none - maybe they are
> listed elsewhere? Furthermore, I have also tried to setup the W2k3 server
> doing 'just' NAT without VPN (using the same wizard). It does not make any
> difference. When I disable RRAS and to ICS then it actually works fine. I
> should also mention, that this particular server runs the DC service along
> with the DHCP and DNS services. Does this prohibit the RRAS service? What am
> I missing here?
>
>
> BR,
> Gustav
>
>
> "Robert L [MVP - Networking]" wrote:
>
> > Make sure no VPN filters block the internet access. This how to may help,
> >
> > VPN SetupHow to configure VPN Packet Filters How do I set up a modem to dial into a remote compute How to configure W2K server as VPN server ....
> > http://www.chicagotech.net/vpnsetup.htm
> >
> >
> > Bob Lin, MS-MVP, MCSE & CNE
> > Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
> > How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
> > "Gustav Roder" <Gustav (E-Mail Removed)> wrote in message news5E0DD7A-23B8-4E7C-A5D3-(E-Mail Removed)...
> > Dear all,
> >
> > I have setup a W2K3.SP2 server having two NICs. NIC-1 is connected directly
> > to the ISP using a PPPoE connection (thus giving this NIC two IP addresses).
> > NIC-2 is then connected to the LAN having a static IP of 192.168.0.1. I have
> > used the RRAS wizard to allow the Windows server to act as a NAT and VPN
> > server at the same time. Furthermore, I have established a demand-dial NIC
> > connection inside the RRAS service and connected successfully.
> >
> > The problem is now, that neither the Windows server nor any of my Windows XP
> > clients on the LAN are able to connect to the internet using any browser.
> > However, they are able to ping public web servers.
> >
> > What can I do about this?
> >
> >
> > Thank you in advance.
> >
> > Gustav Roder

You need to be careful with PPPoE and RRAS/NAT. The PPPoE interface needs
to be configured as the "public" interface, not the external NIC.

"Gustav Roder" <(E-Mail Removed)> wrote in message
news:3FF6FB44-0FEB-46F3-A4E0-(E-Mail Removed)...
> Dear Robert,
>
>
> Again thank you for your response. I went to the link below and tried out
> the case study. In addition, I also followed other related links from that
> web site. Unfortunately, nothing seemed to solve my problems. It now
> occurs
> to me, however, that I cannot access the internet when connected using the
> dial-demand adapter created from within the RRAS manager. However, if I
> create a PPPoE connection under Network Connections and connect using this
> 'adapter', then I am able to connect to the internet from the server, but
> still not the from client(s). If I connect to the ISP using the RRAS
> demand-dial adapter, then I am able to ping all the pingable hosts in the
> world, but I just cannot connect to them (time-out). I did a tracert to
> yahoo.com, and it looked like:
>
> C:\Documents and Settings\Administrator>tracert yahoo.com
>
> Tracing route to yahoo.com [66.94.234.13]
> over a maximum of 30 hops:
>
> 1 * * * Request timed out.
> 2 1 ms <1 ms <1 ms geth0-100.gtx00-ves.broadcom.dk
> [212.99.255.33]
>
> 3 * * * Request timed out.
> 4 * * * Request timed out.
> 5 * * * Request timed out.
> 6 ^C
> C:\Documents and Settings\Administrator>
>
>
> Not much connection here. Maybe its just not possible to have DC and RRAS
> on
> the same server? Any suggestions fro here?
>
>
> BR,
> Gustav
>
>
>
> "Robert L [MVP - Networking]" wrote:
>
>> It is not recommended to enable RRAS on a DC with DNS. If you do, you may
>> have a connectivity or name resolution issue. If this is your only
>> option, this link may help.
>>
>> name resolution and connectivity issues on RRASCase Study - Name
>> resolution and connectivity issues on a RRAS that also runs DC, DNS or
>> WINS. A computer that is running Windows Server may have name ...
>> http://www.howtonetworking.com/cases...dcdnswins1.htm
>>
>>
>> Bob Lin, MS-MVP, MCSE & CNE
>> Networking, Internet, Routing, VPN Troubleshooting on
>> http://www.ChicagoTech.net
>> How to Setup Windows, Network, VPN & Remote Access on
>> http://www.HowToNetworking.com
>> "Gustav Roder" <(E-Mail Removed)> wrote in message
>> news:0071800F-EE3C-4BBC-8372-(E-Mail Removed)...
>> Hi Robert,
>>
>> Thank you for your quick reply. OK, so I went through the list in the
>> link
>> that you provided. Unfortunately, none of the points could solve my
>> problem.
>> As goes for the filters - no filters (inbound/outgoing) are listed in
>> my RRAS
>> configuration. Therefore I assume, that there are none - maybe they are
>> listed elsewhere? Furthermore, I have also tried to setup the W2k3
>> server
>> doing 'just' NAT without VPN (using the same wizard). It does not make
>> any
>> difference. When I disable RRAS and to ICS then it actually works fine.
>> I
>> should also mention, that this particular server runs the DC service
>> along
>> with the DHCP and DNS services. Does this prohibit the RRAS service?
>> What am
>> I missing here?
>>
>>
>> BR,
>> Gustav
>>
>>
>> "Robert L [MVP - Networking]" wrote:
>>
>> > Make sure no VPN filters block the internet access. This how to may
>> help,
>> >
>> > VPN SetupHow to configure VPN Packet Filters How do I set up a modem
>> to dial into a remote compute How to configure W2K server as VPN server
>> ....
>> > http://www.chicagotech.net/vpnsetup.htm
>> >
>> >
>> > Bob Lin, MS-MVP, MCSE & CNE
>> > Networking, Internet, Routing, VPN Troubleshooting on
>> http://www.ChicagoTech.net
>> > How to Setup Windows, Network, VPN & Remote Access on
>> http://www.HowToNetworking.com
>> > "Gustav Roder" <Gustav (E-Mail Removed)> wrote in
>> message news5E0DD7A-23B8-4E7C-A5D3-(E-Mail Removed)...
>> > Dear all,
>> >
>> > I have setup a W2K3.SP2 server having two NICs. NIC-1 is connected
>> directly
>> > to the ISP using a PPPoE connection (thus giving this NIC two IP
>> addresses).
>> > NIC-2 is then connected to the LAN having a static IP of
>> 192.168.0.1. I have
>> > used the RRAS wizard to allow the Windows server to act as a NAT
>> and VPN
>> > server at the same time. Furthermore, I have established a
>> demand-dial NIC
>> > connection inside the RRAS service and connected successfully.
>> >
>> > The problem is now, that neither the Windows server nor any of my
>> Windows XP
>> > clients on the LAN are able to connect to the internet using any
>> browser.
>> > However, they are able to ping public web servers.
>> >
>> > What can I do about this?
>> >
>> >
>> > Thank you in advance.
>> >
>> > Gustav Roder

Hi Bill,

Thank you for answering. OK, so I have already configured the PPPoE
interface as public (with/without firewall - it didn't do any difference).
What I have not tried is to configure the actual WAN NIC as non-public - i.e.
private. That is what you suggest, right? I will try that this evening, when
I get back to the server.


BR,
Gustav



"Bill Grant" wrote:

> You need to be careful with PPPoE and RRAS/NAT. The PPPoE interface needs
> to be configured as the "public" interface, not the external NIC.
>
> "Gustav Roder" <(E-Mail Removed)> wrote in message
> news:3FF6FB44-0FEB-46F3-A4E0-(E-Mail Removed)...
> > Dear Robert,
> >
> >
> > Again thank you for your response. I went to the link below and tried out
> > the case study. In addition, I also followed other related links from that
> > web site. Unfortunately, nothing seemed to solve my problems. It now
> > occurs
> > to me, however, that I cannot access the internet when connected using the
> > dial-demand adapter created from within the RRAS manager. However, if I
> > create a PPPoE connection under Network Connections and connect using this
> > 'adapter', then I am able to connect to the internet from the server, but
> > still not the from client(s). If I connect to the ISP using the RRAS
> > demand-dial adapter, then I am able to ping all the pingable hosts in the
> > world, but I just cannot connect to them (time-out). I did a tracert to
> > yahoo.com, and it looked like:
> >
> > C:\Documents and Settings\Administrator>tracert yahoo.com
> >
> > Tracing route to yahoo.com [66.94.234.13]
> > over a maximum of 30 hops:
> >
> > 1 * * * Request timed out.
> > 2 1 ms <1 ms <1 ms geth0-100.gtx00-ves.broadcom.dk
> > [212.99.255.33]
> >
> > 3 * * * Request timed out.
> > 4 * * * Request timed out.
> > 5 * * * Request timed out.
> > 6 ^C
> > C:\Documents and Settings\Administrator>
> >
> >
> > Not much connection here. Maybe its just not possible to have DC and RRAS
> > on
> > the same server? Any suggestions fro here?
> >
> >
> > BR,
> > Gustav
> >
> >
> >
> > "Robert L [MVP - Networking]" wrote:
> >
> >> It is not recommended to enable RRAS on a DC with DNS. If you do, you may
> >> have a connectivity or name resolution issue. If this is your only
> >> option, this link may help.
> >>
> >> name resolution and connectivity issues on RRASCase Study - Name
> >> resolution and connectivity issues on a RRAS that also runs DC, DNS or
> >> WINS. A computer that is running Windows Server may have name ...
> >> http://www.howtonetworking.com/cases...dcdnswins1.htm
> >>
> >>
> >> Bob Lin, MS-MVP, MCSE & CNE
> >> Networking, Internet, Routing, VPN Troubleshooting on
> >> http://www.ChicagoTech.net
> >> How to Setup Windows, Network, VPN & Remote Access on
> >> http://www.HowToNetworking.com
> >> "Gustav Roder" <(E-Mail Removed)> wrote in message
> >> news:0071800F-EE3C-4BBC-8372-(E-Mail Removed)...
> >> Hi Robert,
> >>
> >> Thank you for your quick reply. OK, so I went through the list in the
> >> link
> >> that you provided. Unfortunately, none of the points could solve my
> >> problem.
> >> As goes for the filters - no filters (inbound/outgoing) are listed in
> >> my RRAS
> >> configuration. Therefore I assume, that there are none - maybe they are
> >> listed elsewhere? Furthermore, I have also tried to setup the W2k3
> >> server
> >> doing 'just' NAT without VPN (using the same wizard). It does not make
> >> any
> >> difference. When I disable RRAS and to ICS then it actually works fine.
> >> I
> >> should also mention, that this particular server runs the DC service
> >> along
> >> with the DHCP and DNS services. Does this prohibit the RRAS service?
> >> What am
> >> I missing here?
> >>
> >>
> >> BR,
> >> Gustav
> >>
> >>
> >> "Robert L [MVP - Networking]" wrote:
> >>
> >> > Make sure no VPN filters block the internet access. This how to may
> >> help,
> >> >
> >> > VPN SetupHow to configure VPN Packet Filters How do I set up a modem
> >> to dial into a remote compute How to configure W2K server as VPN server
> >> ....
> >> > http://www.chicagotech.net/vpnsetup.htm
> >> >
> >> >
> >> > Bob Lin, MS-MVP, MCSE & CNE
> >> > Networking, Internet, Routing, VPN Troubleshooting on
> >> http://www.ChicagoTech.net
> >> > How to Setup Windows, Network, VPN & Remote Access on
> >> http://www.HowToNetworking.com
> >> > "Gustav Roder" <Gustav (E-Mail Removed)> wrote in
> >> message news5E0DD7A-23B8-4E7C-A5D3-(E-Mail Removed)...
> >> > Dear all,
> >> >
> >> > I have setup a W2K3.SP2 server having two NICs. NIC-1 is connected
> >> directly
> >> > to the ISP using a PPPoE connection (thus giving this NIC two IP
> >> addresses).
> >> > NIC-2 is then connected to the LAN having a static IP of
> >> 192.168.0.1. I have
> >> > used the RRAS wizard to allow the Windows server to act as a NAT
> >> and VPN
> >> > server at the same time. Furthermore, I have established a
> >> demand-dial NIC
> >> > connection inside the RRAS service and connected successfully.
> >> >
> >> > The problem is now, that neither the Windows server nor any of my
> >> Windows XP
> >> > clients on the LAN are able to connect to the internet using any
> >> browser.
> >> > However, they are able to ping public web servers.
> >> >
> >> > What can I do about this?
> >> >
> >> >
> >> > Thank you in advance.
> >> >
> >> > Gustav Roder
>
>
>

Not really. As far as RRAS is concerned, the outside or public interface
is the interface which has a connection to the Internet. It can sometimes
have a private IP if it is PPPoE, because it connects to the public network
at your ISP. But with PPPoE it is the actual PPPoE interface, not the
external NIC of the server.

The private interface in RRAS/NAT is your local LAN which needs NAT to
access the Internet.

"Gustav Roder" <(E-Mail Removed)> wrote in message
newsEA7B85C-3A0C-411A-B893-(E-Mail Removed)...
> Hi Bill,
>
> Thank you for answering. OK, so I have already configured the PPPoE
> interface as public (with/without firewall - it didn't do any difference).
> What I have not tried is to configure the actual WAN NIC as non-public -
> i.e.
> private. That is what you suggest, right? I will try that this evening,
> when
> I get back to the server.
>
>
> BR,
> Gustav
>
>
>
> "Bill Grant" wrote:
>
>> You need to be careful with PPPoE and RRAS/NAT. The PPPoE interface
>> needs
>> to be configured as the "public" interface, not the external NIC.
>>
>> "Gustav Roder" <(E-Mail Removed)> wrote in message
>> news:3FF6FB44-0FEB-46F3-A4E0-(E-Mail Removed)...
>> > Dear Robert,
>> >
>> >
>> > Again thank you for your response. I went to the link below and tried
>> > out
>> > the case study. In addition, I also followed other related links from
>> > that
>> > web site. Unfortunately, nothing seemed to solve my problems. It now
>> > occurs
>> > to me, however, that I cannot access the internet when connected using
>> > the
>> > dial-demand adapter created from within the RRAS manager. However, if I
>> > create a PPPoE connection under Network Connections and connect using
>> > this
>> > 'adapter', then I am able to connect to the internet from the server,
>> > but
>> > still not the from client(s). If I connect to the ISP using the RRAS
>> > demand-dial adapter, then I am able to ping all the pingable hosts in
>> > the
>> > world, but I just cannot connect to them (time-out). I did a tracert to
>> > yahoo.com, and it looked like:
>> >
>> > C:\Documents and Settings\Administrator>tracert yahoo.com
>> >
>> > Tracing route to yahoo.com [66.94.234.13]
>> > over a maximum of 30 hops:
>> >
>> > 1 * * * Request timed out.
>> > 2 1 ms <1 ms <1 ms geth0-100.gtx00-ves.broadcom.dk
>> > [212.99.255.33]
>> >
>> > 3 * * * Request timed out.
>> > 4 * * * Request timed out.
>> > 5 * * * Request timed out.
>> > 6 ^C
>> > C:\Documents and Settings\Administrator>
>> >
>> >
>> > Not much connection here. Maybe its just not possible to have DC and
>> > RRAS
>> > on
>> > the same server? Any suggestions fro here?
>> >
>> >
>> > BR,
>> > Gustav
>> >
>> >
>> >
>> > "Robert L [MVP - Networking]" wrote:
>> >
>> >> It is not recommended to enable RRAS on a DC with DNS. If you do, you
>> >> may
>> >> have a connectivity or name resolution issue. If this is your only
>> >> option, this link may help.
>> >>
>> >> name resolution and connectivity issues on RRASCase Study - Name
>> >> resolution and connectivity issues on a RRAS that also runs DC, DNS or
>> >> WINS. A computer that is running Windows Server may have name ...
>> >> http://www.howtonetworking.com/cases...dcdnswins1.htm
>> >>
>> >>
>> >> Bob Lin, MS-MVP, MCSE & CNE
>> >> Networking, Internet, Routing, VPN Troubleshooting on
>> >> http://www.ChicagoTech.net
>> >> How to Setup Windows, Network, VPN & Remote Access on
>> >> http://www.HowToNetworking.com
>> >> "Gustav Roder" <(E-Mail Removed)> wrote in
>> >> message
>> >> news:0071800F-EE3C-4BBC-8372-(E-Mail Removed)...
>> >> Hi Robert,
>> >>
>> >> Thank you for your quick reply. OK, so I went through the list in
>> >> the
>> >> link
>> >> that you provided. Unfortunately, none of the points could solve my
>> >> problem.
>> >> As goes for the filters - no filters (inbound/outgoing) are listed
>> >> in
>> >> my RRAS
>> >> configuration. Therefore I assume, that there are none - maybe they
>> >> are
>> >> listed elsewhere? Furthermore, I have also tried to setup the W2k3
>> >> server
>> >> doing 'just' NAT without VPN (using the same wizard). It does not
>> >> make
>> >> any
>> >> difference. When I disable RRAS and to ICS then it actually works
>> >> fine.
>> >> I
>> >> should also mention, that this particular server runs the DC service
>> >> along
>> >> with the DHCP and DNS services. Does this prohibit the RRAS service?
>> >> What am
>> >> I missing here?
>> >>
>> >>
>> >> BR,
>> >> Gustav
>> >>
>> >>
>> >> "Robert L [MVP - Networking]" wrote:
>> >>
>> >> > Make sure no VPN filters block the internet access. This how to
>> >> may
>> >> help,
>> >> >
>> >> > VPN SetupHow to configure VPN Packet Filters How do I set up a
>> >> modem
>> >> to dial into a remote compute How to configure W2K server as VPN
>> >> server
>> >> ....
>> >> > http://www.chicagotech.net/vpnsetup.htm
>> >> >
>> >> >
>> >> > Bob Lin, MS-MVP, MCSE & CNE
>> >> > Networking, Internet, Routing, VPN Troubleshooting on
>> >> http://www.ChicagoTech.net
>> >> > How to Setup Windows, Network, VPN & Remote Access on
>> >> http://www.HowToNetworking.com
>> >> > "Gustav Roder" <Gustav (E-Mail Removed)> wrote in
>> >> message news5E0DD7A-23B8-4E7C-A5D3-(E-Mail Removed)...
>> >> > Dear all,
>> >> >
>> >> > I have setup a W2K3.SP2 server having two NICs. NIC-1 is
>> >> connected
>> >> directly
>> >> > to the ISP using a PPPoE connection (thus giving this NIC two IP
>> >> addresses).
>> >> > NIC-2 is then connected to the LAN having a static IP of
>> >> 192.168.0.1. I have
>> >> > used the RRAS wizard to allow the Windows server to act as a NAT
>> >> and VPN
>> >> > server at the same time. Furthermore, I have established a
>> >> demand-dial NIC
>> >> > connection inside the RRAS service and connected successfully.
>> >> >
>> >> > The problem is now, that neither the Windows server nor any of
>> >> my
>> >> Windows XP
>> >> > clients on the LAN are able to connect to the internet using any
>> >> browser.
>> >> > However, they are able to ping public web servers.
>> >> >
>> >> > What can I do about this?
>> >> >
>> >> >
>> >> > Thank you in advance.
>> >> >
>> >> > Gustav Roder
>>
>>
>>

Hi Bill,


That's exactly what I thought - it just doesn't work :-(
From the server and the LAN clients I am only able to ping servers around
the world - not to access them ;-( Maybe it's because I'm doing DC and RRAS
at the same time?


BR,
Gustav





"Bill Grant" wrote:

> Not really. As far as RRAS is concerned, the outside or public interface
> is the interface which has a connection to the Internet. It can sometimes
> have a private IP if it is PPPoE, because it connects to the public network
> at your ISP. But with PPPoE it is the actual PPPoE interface, not the
> external NIC of the server.
>
> The private interface in RRAS/NAT is your local LAN which needs NAT to
> access the Internet.
>
> "Gustav Roder" <(E-Mail Removed)> wrote in message
> newsEA7B85C-3A0C-411A-B893-(E-Mail Removed)...
> > Hi Bill,
> >
> > Thank you for answering. OK, so I have already configured the PPPoE
> > interface as public (with/without firewall - it didn't do any difference).
> > What I have not tried is to configure the actual WAN NIC as non-public -
> > i.e.
> > private. That is what you suggest, right? I will try that this evening,
> > when
> > I get back to the server.
> >
> >
> > BR,
> > Gustav
> >
> >
> >
> > "Bill Grant" wrote:
> >
> >> You need to be careful with PPPoE and RRAS/NAT. The PPPoE interface
> >> needs
> >> to be configured as the "public" interface, not the external NIC.
> >>
> >> "Gustav Roder" <(E-Mail Removed)> wrote in message
> >> news:3FF6FB44-0FEB-46F3-A4E0-(E-Mail Removed)...
> >> > Dear Robert,
> >> >
> >> >
> >> > Again thank you for your response. I went to the link below and tried
> >> > out
> >> > the case study. In addition, I also followed other related links from
> >> > that
> >> > web site. Unfortunately, nothing seemed to solve my problems. It now
> >> > occurs
> >> > to me, however, that I cannot access the internet when connected using
> >> > the
> >> > dial-demand adapter created from within the RRAS manager. However, if I
> >> > create a PPPoE connection under Network Connections and connect using
> >> > this
> >> > 'adapter', then I am able to connect to the internet from the server,
> >> > but
> >> > still not the from client(s). If I connect to the ISP using the RRAS
> >> > demand-dial adapter, then I am able to ping all the pingable hosts in
> >> > the
> >> > world, but I just cannot connect to them (time-out). I did a tracert to
> >> > yahoo.com, and it looked like:
> >> >
> >> > C:\Documents and Settings\Administrator>tracert yahoo.com
> >> >
> >> > Tracing route to yahoo.com [66.94.234.13]
> >> > over a maximum of 30 hops:
> >> >
> >> > 1 * * * Request timed out.
> >> > 2 1 ms <1 ms <1 ms geth0-100.gtx00-ves.broadcom.dk
> >> > [212.99.255.33]
> >> >
> >> > 3 * * * Request timed out.
> >> > 4 * * * Request timed out.
> >> > 5 * * * Request timed out.
> >> > 6 ^C
> >> > C:\Documents and Settings\Administrator>
> >> >
> >> >
> >> > Not much connection here. Maybe its just not possible to have DC and
> >> > RRAS
> >> > on
> >> > the same server? Any suggestions fro here?
> >> >
> >> >
> >> > BR,
> >> > Gustav
> >> >
> >> >
> >> >
> >> > "Robert L [MVP - Networking]" wrote:
> >> >
> >> >> It is not recommended to enable RRAS on a DC with DNS. If you do, you
> >> >> may
> >> >> have a connectivity or name resolution issue. If this is your only
> >> >> option, this link may help.
> >> >>
> >> >> name resolution and connectivity issues on RRASCase Study - Name
> >> >> resolution and connectivity issues on a RRAS that also runs DC, DNS or
> >> >> WINS. A computer that is running Windows Server may have name ...
> >> >> http://www.howtonetworking.com/cases...dcdnswins1.htm
> >> >>
> >> >>
> >> >> Bob Lin, MS-MVP, MCSE & CNE
> >> >> Networking, Internet, Routing, VPN Troubleshooting on
> >> >> http://www.ChicagoTech.net
> >> >> How to Setup Windows, Network, VPN & Remote Access on
> >> >> http://www.HowToNetworking.com
> >> >> "Gustav Roder" <(E-Mail Removed)> wrote in
> >> >> message
> >> >> news:0071800F-EE3C-4BBC-8372-(E-Mail Removed)...
> >> >> Hi Robert,
> >> >>
> >> >> Thank you for your quick reply. OK, so I went through the list in
> >> >> the
> >> >> link
> >> >> that you provided. Unfortunately, none of the points could solve my
> >> >> problem.
> >> >> As goes for the filters - no filters (inbound/outgoing) are listed
> >> >> in
> >> >> my RRAS
> >> >> configuration. Therefore I assume, that there are none - maybe they
> >> >> are
> >> >> listed elsewhere? Furthermore, I have also tried to setup the W2k3
> >> >> server
> >> >> doing 'just' NAT without VPN (using the same wizard). It does not
> >> >> make
> >> >> any
> >> >> difference. When I disable RRAS and to ICS then it actually works
> >> >> fine.
> >> >> I
> >> >> should also mention, that this particular server runs the DC service
> >> >> along
> >> >> with the DHCP and DNS services. Does this prohibit the RRAS service?
> >> >> What am
> >> >> I missing here?
> >> >>
> >> >>
> >> >> BR,
> >> >> Gustav
> >> >>
> >> >>
> >> >> "Robert L [MVP - Networking]" wrote:
> >> >>
> >> >> > Make sure no VPN filters block the internet access. This how to
> >> >> may
> >> >> help,
> >> >> >
> >> >> > VPN SetupHow to configure VPN Packet Filters How do I set up a
> >> >> modem
> >> >> to dial into a remote compute How to configure W2K server as VPN
> >> >> server
> >> >> ....
> >> >> > http://www.chicagotech.net/vpnsetup.htm
> >> >> >
> >> >> >
> >> >> > Bob Lin, MS-MVP, MCSE & CNE
> >> >> > Networking, Internet, Routing, VPN Troubleshooting on
> >> >> http://www.ChicagoTech.net
> >> >> > How to Setup Windows, Network, VPN & Remote Access on
> >> >> http://www.HowToNetworking.com
> >> >> > "Gustav Roder" <Gustav (E-Mail Removed)> wrote in
> >> >> message news5E0DD7A-23B8-4E7C-A5D3-(E-Mail Removed)...
> >> >> > Dear all,
> >> >> >
> >> >> > I have setup a W2K3.SP2 server having two NICs. NIC-1 is
> >> >> connected
> >> >> directly
> >> >> > to the ISP using a PPPoE connection (thus giving this NIC two IP
> >> >> addresses).
> >> >> > NIC-2 is then connected to the LAN having a static IP of
> >> >> 192.168.0.1. I have
> >> >> > used the RRAS wizard to allow the Windows server to act as a NAT
> >> >> and VPN
> >> >> > server at the same time. Furthermore, I have established a
> >> >> demand-dial NIC
> >> >> > connection inside the RRAS service and connected successfully.
> >> >> >
> >> >> > The problem is now, that neither the Windows server nor any of
> >> >> my
> >> >> Windows XP
> >> >> > clients on the LAN are able to connect to the internet using any
> >> >> browser.
> >> >> > However, they are able to ping public web servers.
> >> >> >
> >> >> > What can I do about this?
> >> >> >
> >> >> >
> >> >> > Thank you in advance.
> >> >> >
> >> >> > Gustav Roder
> >>
> >>
> >>
>
>
>

That doesn't really sound like a RRAS problem. If you can ping a site,
the routing is working!

Running RRAS on a DC is certainly a bad idea, and PPPoE probably makes
it worse, because there are now three interfaces involved. See this KB for
the sort of problems running RRAS on a DC causes.

http://support.microsoft.com/kb/292822

"Gustav Roder" <(E-Mail Removed)> wrote in message
news:6A41D770-7E05-4B09-BC48-(E-Mail Removed)...
> Hi Bill,
>
>
> That's exactly what I thought - it just doesn't work :-(
> From the server and the LAN clients I am only able to ping servers around
> the world - not to access them ;-( Maybe it's because I'm doing DC and
> RRAS
> at the same time?
>
>
> BR,
> Gustav
>
>
>
>
>
> "Bill Grant" wrote:
>
>> Not really. As far as RRAS is concerned, the outside or public
>> interface
>> is the interface which has a connection to the Internet. It can sometimes
>> have a private IP if it is PPPoE, because it connects to the public
>> network
>> at your ISP. But with PPPoE it is the actual PPPoE interface, not the
>> external NIC of the server.
>>
>> The private interface in RRAS/NAT is your local LAN which needs NAT
>> to
>> access the Internet.
>>
>> "Gustav Roder" <(E-Mail Removed)> wrote in message
>> newsEA7B85C-3A0C-411A-B893-(E-Mail Removed)...
>> > Hi Bill,
>> >
>> > Thank you for answering. OK, so I have already configured the PPPoE
>> > interface as public (with/without firewall - it didn't do any
>> > difference).
>> > What I have not tried is to configure the actual WAN NIC as
>> > non-public -
>> > i.e.
>> > private. That is what you suggest, right? I will try that this evening,
>> > when
>> > I get back to the server.
>> >
>> >
>> > BR,
>> > Gustav
>> >
>> >
>> >
>> > "Bill Grant" wrote:
>> >
>> >> You need to be careful with PPPoE and RRAS/NAT. The PPPoE interface
>> >> needs
>> >> to be configured as the "public" interface, not the external NIC.
>> >>
>> >> "Gustav Roder" <(E-Mail Removed)> wrote in
>> >> message
>> >> news:3FF6FB44-0FEB-46F3-A4E0-(E-Mail Removed)...
>> >> > Dear Robert,
>> >> >
>> >> >
>> >> > Again thank you for your response. I went to the link below and
>> >> > tried
>> >> > out
>> >> > the case study. In addition, I also followed other related links
>> >> > from
>> >> > that
>> >> > web site. Unfortunately, nothing seemed to solve my problems. It now
>> >> > occurs
>> >> > to me, however, that I cannot access the internet when connected
>> >> > using
>> >> > the
>> >> > dial-demand adapter created from within the RRAS manager. However,
>> >> > if I
>> >> > create a PPPoE connection under Network Connections and connect
>> >> > using
>> >> > this
>> >> > 'adapter', then I am able to connect to the internet from the
>> >> > server,
>> >> > but
>> >> > still not the from client(s). If I connect to the ISP using the RRAS
>> >> > demand-dial adapter, then I am able to ping all the pingable hosts
>> >> > in
>> >> > the
>> >> > world, but I just cannot connect to them (time-out). I did a tracert
>> >> > to
>> >> > yahoo.com, and it looked like:
>> >> >
>> >> > C:\Documents and Settings\Administrator>tracert yahoo.com
>> >> >
>> >> > Tracing route to yahoo.com [66.94.234.13]
>> >> > over a maximum of 30 hops:
>> >> >
>> >> > 1 * * * Request timed out.
>> >> > 2 1 ms <1 ms <1 ms geth0-100.gtx00-ves.broadcom.dk
>> >> > [212.99.255.33]
>> >> >
>> >> > 3 * * * Request timed out.
>> >> > 4 * * * Request timed out.
>> >> > 5 * * * Request timed out.
>> >> > 6 ^C
>> >> > C:\Documents and Settings\Administrator>
>> >> >
>> >> >
>> >> > Not much connection here. Maybe its just not possible to have DC and
>> >> > RRAS
>> >> > on
>> >> > the same server? Any suggestions fro here?
>> >> >
>> >> >
>> >> > BR,
>> >> > Gustav
>> >> >
>> >> >
>> >> >
>> >> > "Robert L [MVP - Networking]" wrote:
>> >> >
>> >> >> It is not recommended to enable RRAS on a DC with DNS. If you do,
>> >> >> you
>> >> >> may
>> >> >> have a connectivity or name resolution issue. If this is your only
>> >> >> option, this link may help.
>> >> >>
>> >> >> name resolution and connectivity issues on RRASCase Study - Name
>> >> >> resolution and connectivity issues on a RRAS that also runs DC, DNS
>> >> >> or
>> >> >> WINS. A computer that is running Windows Server may have name ...
>> >> >>
>> >> >> http://www.howtonetworking.com/cases...dcdnswins1.htm
>> >> >>
>> >> >>
>> >> >> Bob Lin, MS-MVP, MCSE & CNE
>> >> >> Networking, Internet, Routing, VPN Troubleshooting on
>> >> >> http://www.ChicagoTech.net
>> >> >> How to Setup Windows, Network, VPN & Remote Access on
>> >> >> http://www.HowToNetworking.com
>> >> >> "Gustav Roder" <(E-Mail Removed)> wrote in
>> >> >> message
>> >> >> news:0071800F-EE3C-4BBC-8372-(E-Mail Removed)...
>> >> >> Hi Robert,
>> >> >>
>> >> >> Thank you for your quick reply. OK, so I went through the list in
>> >> >> the
>> >> >> link
>> >> >> that you provided. Unfortunately, none of the points could solve
>> >> >> my
>> >> >> problem.
>> >> >> As goes for the filters - no filters (inbound/outgoing) are
>> >> >> listed
>> >> >> in
>> >> >> my RRAS
>> >> >> configuration. Therefore I assume, that there are none - maybe
>> >> >> they
>> >> >> are
>> >> >> listed elsewhere? Furthermore, I have also tried to setup the
>> >> >> W2k3
>> >> >> server
>> >> >> doing 'just' NAT without VPN (using the same wizard). It does not
>> >> >> make
>> >> >> any
>> >> >> difference. When I disable RRAS and to ICS then it actually works
>> >> >> fine.
>> >> >> I
>> >> >> should also mention, that this particular server runs the DC
>> >> >> service
>> >> >> along
>> >> >> with the DHCP and DNS services. Does this prohibit the RRAS
>> >> >> service?
>> >> >> What am
>> >> >> I missing here?
>> >> >>
>> >> >>
>> >> >> BR,
>> >> >> Gustav
>> >> >>
>> >> >>
>> >> >> "Robert L [MVP - Networking]" wrote:
>> >> >>
>> >> >> > Make sure no VPN filters block the internet access. This how to
>> >> >> may
>> >> >> help,
>> >> >> >
>> >> >> > VPN SetupHow to configure VPN Packet Filters How do I set up a
>> >> >> modem
>> >> >> to dial into a remote compute How to configure W2K server as VPN
>> >> >> server
>> >> >> ....
>> >> >> > http://www.chicagotech.net/vpnsetup.htm
>> >> >> >
>> >> >> >
>> >> >> > Bob Lin, MS-MVP, MCSE & CNE
>> >> >> > Networking, Internet, Routing, VPN Troubleshooting on
>> >> >> http://www.ChicagoTech.net
>> >> >> > How to Setup Windows, Network, VPN & Remote Access on
>> >> >> http://www.HowToNetworking.com
>> >> >> > "Gustav Roder" <Gustav (E-Mail Removed)> wrote
>> >> >> in
>> >> >> message news5E0DD7A-23B8-4E7C-A5D3-(E-Mail Removed)...
>> >> >> > Dear all,
>> >> >> >
>> >> >> > I have setup a W2K3.SP2 server having two NICs. NIC-1 is
>> >> >> connected
>> >> >> directly
>> >> >> > to the ISP using a PPPoE connection (thus giving this NIC two
>> >> >> IP
>> >> >> addresses).
>> >> >> > NIC-2 is then connected to the LAN having a static IP of
>> >> >> 192.168.0.1. I have
>> >> >> > used the RRAS wizard to allow the Windows server to act as a
>> >> >> NAT
>> >> >> and VPN
>> >> >> > server at the same time. Furthermore, I have established a
>> >> >> demand-dial NIC
>> >> >> > connection inside the RRAS service and connected
>> >> >> successfully.
>> >> >> >
>> >> >> > The problem is now, that neither the Windows server nor any
>> >> >> of
>> >> >> my
>> >> >> Windows XP
>> >> >> > clients on the LAN are able to connect to the internet using
>> >> >> any
>> >> >> browser.
>> >> >> > However, they are able to ping public web servers.
>> >> >> >
>> >> >> > What can I do about this?
>> >> >> >
>> >> >> >
>> >> >> > Thank you in advance.
>> >> >> >
>> >> >> > Gustav Roder
>> >>
>> >>
>> >>
>>
>>
>>