server 2003 single nic pptp vpn

Hello all. I have read hundreds of threads regarding VPN setup. I
have read technet and MSDN pages until I am dizzy. I need help getting
this to work... I am missing something and unable to figure out what.

Here is a summary of my setup and problems. The "setup" is at the end
of this post to make reading easier.

Symptoms and summary of problem:

THe VPN cvonnection on the client is setup to log onto the domain
and the domian users account is set to accept VPN connections

I can log into the network via the VPN
I can ping any IP on the remote network -and- internet
I can ping servername.domain.local from the client
I can NET USE \\server.domain.local
I can \\ClientHostName from the VPN server
I can browse web pages through the VPN server (trcert shows that the
route does indeed go through the VPN server and the DLINK router, then
off to the remote ISPS getaway)

I CAN NOT ping the clients IP address from the VPN server or remote lan

I CAN NOT browse to any of the remote computers over the VPN
I CAN NOT ping any of the remote computers by host name alone, I have
to use the FQDN
I CAN NOT <NET USE //HOST> I have to enter the FQDN instead

I guess this is a DNS problem of some sort or another. Likey something
simple? What gets me is that I can ping host.mydomain.local from the
vpn client... but vant ping just the host without providing the FQDN..
so DNS is kinda working.

Can any of you plese help me? It seems as if I am 90% there.. but just
can't get the rest of the way. I would like to be able to browse the
remote LAN from the client machine that is connected to the VPN.
Otherwise it is kind of pointless! Shouldnt I be able to open "entire
network" and broswse to the computers on the remote LAN? Shouldnt I be
able to <PING hostname> instead of having to <ping
hostname.mydomain.local>

Please help me understand what I am doing wrong. ALso, a dual nic
configuration is not possible. THis is a learning exercise so that I
can support a few of my clients with similar setups.

I proceeded to setup the RRAS server as follows:

SINGLE NIC
CUSTOM CONFIGURATION (from wizard)

GENARAL RRAS SEVER SETTINGS:
Router and Remote access enbalbed
(land and demand dial selected)

RRAS IP SETTINGS:
enable IP ROUTING
Allow Ip Based remote acces
STATIC POOL 192.168.1.75 - 192.168.1.79
ENABLE broadcast name resolution

NETWORK INTERFACES:
Loopback-Loopback-Enabled-Connected
Local Area Connection-Dedicated-Enabled-Connected-
Internal-Internal-Enabled-Connected

PORTS:
5 PPTP ports

DHCP RELAY AGENT:
Set to "relay DHCP packets"
Interface-INTERNAL
Sends messages to 192.168.1.1 (routers DHCP???)


IGMP:
Interface: Local Area Connection
setting: IGMP proxy
Status: Enabled
Interface: Internal
setting: IGMP router
Status: Enabled

Static Routes:
NONE

Routing Table:
Destination Network mask Gateway Interface

0.0.0.0 0.0.0.0 192.168.1.1 Local Area Connection
127.0.0.0 255.0.0.0 127.0.0.1 Loopback
127.0.0.1 255.255.255.255, 27.0.0.1 Loopback
192.168.1.0 255.255.255.0 192.168.1.5 Local Area
192.168.1.5 255.255.255.255,127.0.0.1,Loopback
192.168.1.255 255.255.255.255 192.168.1.5 Local Area
224.0.0.0 240.0.0.0 192.168.1.5 Local Area Connection
255.255.255.255 255.255.255.255 192.168.1.5 Local Area

That is the basic setup of my lan and the RRAS VPN SETTINGS.


If there is any other information I can provide please let me know!!
Thanks in advance,
William Burnett

I would use wins.

--
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
Networking Solutions, http://www.chicagotech.net/networksolutions.htm
VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm
VPN Process and Error Analysis, http://www.chicagotech.net/VPN%20process.htm
VPN Troubleshooting, http://www.chicagotech.net/vpn.htm
This posting is provided "AS IS" with no warranties.
"BeanAnimal" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Hello all. I have read hundreds of threads regarding VPN setup. I
> have read technet and MSDN pages until I am dizzy. I need help getting
> this to work... I am missing something and unable to figure out what.
>
> Here is a summary of my setup and problems. The "setup" is at the end
> of this post to make reading easier.
>
> Symptoms and summary of problem:
>
> THe VPN cvonnection on the client is setup to log onto the domain
> and the domian users account is set to accept VPN connections
>
> I can log into the network via the VPN
> I can ping any IP on the remote network -and- internet
> I can ping servername.domain.local from the client
> I can NET USE \\server.domain.local
> I can \\ClientHostName from the VPN server
> I can browse web pages through the VPN server (trcert shows that the
> route does indeed go through the VPN server and the DLINK router, then
> off to the remote ISPS getaway)
>
> I CAN NOT ping the clients IP address from the VPN server or remote lan
>
> I CAN NOT browse to any of the remote computers over the VPN
> I CAN NOT ping any of the remote computers by host name alone, I have
> to use the FQDN
> I CAN NOT <NET USE //HOST> I have to enter the FQDN instead
>
> I guess this is a DNS problem of some sort or another. Likey something
> simple? What gets me is that I can ping host.mydomain.local from the
> vpn client... but vant ping just the host without providing the FQDN..
> so DNS is kinda working.
>
> Can any of you plese help me? It seems as if I am 90% there.. but just
> can't get the rest of the way. I would like to be able to browse the
> remote LAN from the client machine that is connected to the VPN.
> Otherwise it is kind of pointless! Shouldnt I be able to open "entire
> network" and broswse to the computers on the remote LAN? Shouldnt I be
> able to <PING hostname> instead of having to <ping
> hostname.mydomain.local>
>
> Please help me understand what I am doing wrong. ALso, a dual nic
> configuration is not possible. THis is a learning exercise so that I
> can support a few of my clients with similar setups.
>
> I proceeded to setup the RRAS server as follows:
>
> SINGLE NIC
> CUSTOM CONFIGURATION (from wizard)
>
> GENARAL RRAS SEVER SETTINGS:
> Router and Remote access enbalbed
> (land and demand dial selected)
>
> RRAS IP SETTINGS:
> enable IP ROUTING
> Allow Ip Based remote acces
> STATIC POOL 192.168.1.75 - 192.168.1.79
> ENABLE broadcast name resolution
>
> NETWORK INTERFACES:
> Loopback-Loopback-Enabled-Connected
> Local Area Connection-Dedicated-Enabled-Connected-
> Internal-Internal-Enabled-Connected
>
> PORTS:
> 5 PPTP ports
>
> DHCP RELAY AGENT:
> Set to "relay DHCP packets"
> Interface-INTERNAL
> Sends messages to 192.168.1.1 (routers DHCP???)
>
>
> IGMP:
> Interface: Local Area Connection
> setting: IGMP proxy
> Status: Enabled
> Interface: Internal
> setting: IGMP router
> Status: Enabled
>
> Static Routes:
> NONE
>
> Routing Table:
> Destination Network mask Gateway Interface
>
> 0.0.0.0 0.0.0.0 192.168.1.1 Local Area Connection
> 127.0.0.0 255.0.0.0 127.0.0.1 Loopback
> 127.0.0.1 255.255.255.255, 27.0.0.1 Loopback
> 192.168.1.0 255.255.255.0 192.168.1.5 Local Area
> 192.168.1.5 255.255.255.255,127.0.0.1,Loopback
> 192.168.1.255 255.255.255.255 192.168.1.5 Local Area
> 224.0.0.0 240.0.0.0 192.168.1.5 Local Area Connection
> 255.255.255.255 255.255.255.255 192.168.1.5 Local Area
>
> That is the basic setup of my lan and the RRAS VPN SETTINGS.
>
>
> If there is any other information I can provide please let me know!!
> Thanks in advance,
> William Burnett
>

Fistly, I apologize to the group. I am using google groups to post
and somehow I have posted the same thread twice.

In any case, Robert I am not familair with how to setup WINS and was
also under the impression that DNS should and does work for the givin
application. Is using WINS not a step backwards? This is a learning
experience that I will have to apply to our clients networks. I am
sure that in most cases they ARE NOT using WINS. I would like to get
some information on how to troubleshoot and fix the problem with my
installation. WINS seems like a "workaround" not a solution to the
real problem.

Thanks

Bill

this another option. quoted from http://www.ChicagoTech.net
Can ping FQDN but not host name

Symptoms: after establishing VPN, you can't ping the server name. However,
you can ping FQDN, for example, server1.chicagotech.net.

Cause: Missing the DNS suffixes


--
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
Networking Solutions, http://www.chicagotech.net/networksolutions.htm
VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm
VPN Process and Error Analysis, http://www.chicagotech.net/VPN%20process.htm
VPN Troubleshooting, http://www.chicagotech.net/vpn.htm
This posting is provided "AS IS" with no warranties.
"BeanAnimal" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Fistly, I apologize to the group. I am using google groups to post
> and somehow I have posted the same thread twice.
>
> In any case, Robert I am not familair with how to setup WINS and was
> also under the impression that DNS should and does work for the givin
> application. Is using WINS not a step backwards? This is a learning
> experience that I will have to apply to our clients networks. I am
> sure that in most cases they ARE NOT using WINS. I would like to get
> some information on how to troubleshoot and fix the problem with my
> installation. WINS seems like a "workaround" not a solution to the
> real problem.
>
> Thanks
>
> Bill
>

Bob,

I appriciate your initial response and your reply to my email. However
it seems like you have a simple solution to my problem and are more
interested in selling your services. Even if the solution is not so
simple... I find it rather amusing that you seem to answer many of the
posts here by simply pointing to a FAQ or blurb on your website.
Again, thanks for the offer of a paid consultation but I get the
feeling that "one answer leads to the next paid cunsultation" I would
not have even balked at the idea until I read your previoius post.

For those of you interested. I emailed Bob asking for help, stating
that I found a relavant FAQ on his website and asking for more
information.) He replied saying that the resolution mentioned in
the "FAQ" is for consultants only! He stated his company would be more
than happy to provide me with a resolution for a fee. I was in the
process of composing a reply to Bob, requesting his help at his stated
price, when I dropped by google.groups to see if anybody else had
posted a resolution to my problem. Low and behold Bob posted a link
back to his website quoting the same FAQ I mentioned in the personal
email! I guess Bob is making it clear that he has the answer AND his
help costs money.

IN any case it is obvious that I have a DNS problem... I am just not
sure where to correct it. Should the DNS suffix for the domain be
added to the VPN connection properties?

>From what I read on MSDN, when a client connects to the VPN the DNS
information is passed from the server to the client via an initial file
transfer. Is there something on the VPN server that needs changed, or
something on my DNS server.

Can anybody else here help me? WITHOUT soliciting me for consulting?
THanks
William Burnett

If you don't want to use WINS, then the tip Bob gave you about domain
suffixes is what you need.

If you can ping using the full FQDN, then DNS lookup is working
correctly( if it gets the info it needs). To get it to work without giving
the FQDN, the client must supply the correct DNS suffix to put with the
simple name to form the FQDN. So if your server's FQDN is
server.domain.local, a remote client can ping using just server as its name
if its domain suffix is set to domain.local .

"BeanAnimal" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> Bob,
>
> I appriciate your initial response and your reply to my email. However
> it seems like you have a simple solution to my problem and are more
> interested in selling your services. Even if the solution is not so
> simple... I find it rather amusing that you seem to answer many of the
> posts here by simply pointing to a FAQ or blurb on your website.
> Again, thanks for the offer of a paid consultation but I get the
> feeling that "one answer leads to the next paid cunsultation" I would
> not have even balked at the idea until I read your previoius post.
>
> For those of you interested. I emailed Bob asking for help, stating
> that I found a relavant FAQ on his website and asking for more
> information.) He replied saying that the resolution mentioned in
> the "FAQ" is for consultants only! He stated his company would be more
> than happy to provide me with a resolution for a fee. I was in the
> process of composing a reply to Bob, requesting his help at his stated
> price, when I dropped by google.groups to see if anybody else had
> posted a resolution to my problem. Low and behold Bob posted a link
> back to his website quoting the same FAQ I mentioned in the personal
> email! I guess Bob is making it clear that he has the answer AND his
> help costs money.
>
> IN any case it is obvious that I have a DNS problem... I am just not
> sure where to correct it. Should the DNS suffix for the domain be
> added to the VPN connection properties?
>
>>From what I read on MSDN, when a client connects to the VPN the DNS
> information is passed from the server to the client via an initial file
> transfer. Is there something on the VPN server that needs changed, or
> something on my DNS server.
>
> Can anybody else here help me? WITHOUT soliciting me for consulting?
> THanks
> William Burnett
>

Bill and Bob... thanks for the help thus far.

I am now able to ping host and FQDNs on the host side from the VPN
client. I can also browse to a computer on the host side by using
\\computername I resolved the issue by putting the domain suffix in
the VPN cleints network settings.

I still can not open network neighborhood on the client computer. It
is not accessable. Shoudlnt I be able to browse the to the different
machines in the domain?

I also can not ping the client from the host side. I would imagine
that some kind of route would have to be setup?

If WINS is the propper way to achieve my goal, then I am all for
learning it. If DNS is the proper or prefered way, then I need to
learn that.

Regards,
Bill

Network neighborhood works on netbios names, not DNS. Broadcasts don't
cross the WAN link, so browsing doesn't work on WANs without WINS. Even with
WINS, there are linitations. Why do you feel your remote client needs to
browse the LAN? It can be made to work in a limited fashion, if you really
feel you need it.

"BeanAnimal" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Bill and Bob... thanks for the help thus far.
>
> I am now able to ping host and FQDNs on the host side from the VPN
> client. I can also browse to a computer on the host side by using
> \\computername I resolved the issue by putting the domain suffix in
> the VPN cleints network settings.
>
> I still can not open network neighborhood on the client computer. It
> is not accessable. Shoudlnt I be able to browse the to the different
> machines in the domain?
>
> I also can not ping the client from the host side. I would imagine
> that some kind of route would have to be setup?
>
> If WINS is the propper way to achieve my goal, then I am all for
> learning it. If DNS is the proper or prefered way, then I need to
> learn that.
>
> Regards,
> Bill
>

I am not only setting this up in a test lab, but learning to setup a
similar system for a client.

Browsing the lan would seem like a logical step to integrate remote
users and give them the same functionality as they would have locally.
It would make connecting to or discovering "new" shares or printers
much easier.

I was under the impression that most big corporate VPNS allow clients
to browse the newtwork and see what they see from a local login.

I am open to suggestions regarding best or accepted practice. The goal
for many of my small business clients is a hassle free solution once
the initial network is setup. They simply want it to work without me
or an IT guy having to fiddle with things all the time. That would
include VPN clients being able to "just see" new computers or devices
on the network.

I guess I am in dire need of good advice. It also seems as if my VPN
connection is working as it is suppose to then?

Just to add if you open Remote Access Management Console and go the server
listed and select properties/IP and make sure that "enable broadcast name
resolution" is checked which may help depending on your configuration. Note
that it may take a few minutes or so for the browse list to build on the
client computer if it works. Otherwise wins would be the easiest to set up.
It pretty much is just a matter of installing it with add and remove
programs/Windows components/networking components. Then just configure all
your computers to be wins clients either through DHCP scope or in tcp/ip
properties/advanced/wins where you add the IP address of the wins server. Be
sure that the wins server is a client to itself and that any domain
controller and the VPN server are also wins clients. If you have not seen it
yet, the Windows 2003 Server Deployment Kit is a free download from
Microsoft and has extensive info on networking services including wins and
Remote Access. --- Steve

http://www.microsoft.com/resources/d...S_overview.asp
http://tinyurl.com/3y5a6 -- same link as above,shorter.

"BeanAnimal" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Bill and Bob... thanks for the help thus far.
>
> I am now able to ping host and FQDNs on the host side from the VPN
> client. I can also browse to a computer on the host side by using
> \\computername I resolved the issue by putting the domain suffix in
> the VPN cleints network settings.
>
> I still can not open network neighborhood on the client computer. It
> is not accessable. Shoudlnt I be able to browse the to the different
> machines in the domain?
>
> I also can not ping the client from the host side. I would imagine
> that some kind of route would have to be setup?
>
> If WINS is the propper way to achieve my goal, then I am all for
> learning it. If DNS is the proper or prefered way, then I need to
> learn that.
>
> Regards,
> Bill
>