Can only ping VPN server; NAT malfunction?

I am running Windows 2000 Server (SP4). I set up RRAS for a VPN, setting the
computer as a Router for LAN and demand-dial routing and as a remote access
server. I can dial in successfully and get a VPN connection. I can access
the VPN server by IP address only, and cannot access any other computer on
the internal network.

The server is behind a DSL modem that acts as a firewall and a DHCP server
for the workplace network. The internal network DHCP'ed into the IP range
192.168.0.64 through 192.168.0.149. The VPN clients are assigned addresses
from the static range 192.168.1.100 through 192.168.1.149, with the VPN
server being 192.168.1.100.

When I make the VPN connection from outside the office, I get an IP address
(such as 192.168.1.101) and can ping the office server by its VPN IP address
(192.168.1.100). I cannot ping the server by its internal IP (192.168.0.65)
nor can I ping any other machine in the office network.

So, I'm pretty helpless here. How do I get a VPN client to be able to ping
machines in the office network? What IP addresses will the VPN client see
for those machines (192.168.1.X or 192.168.0.X) once I get this working?


BeanDog

Have you enabled IP routing? Posting the routing table here may help.

vpn client can ping server only VPN client can ping the VPN server only. Situation: one of our clients setup a VPN on windows server. The VPN client can ping the VPN server without problem ...
www.chicagotech.net/casestudy/vpn1.htm


routing issues on vpn Can ping VPN server only but not other resources Can't access the internal server when remote client establishes VPN Can't access the Internet while using ...
www.chicagotech.net/routingissuesonvpn.htm


Can't ping remote computers VPN client can ping server only The VPN client can ping the VPN server without problem. ... The ipconfig /all display both NICs’ IPs are in the same IP ...
www.chicagotech.net/casestudy/notpingvpn.htm



Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"BeanDog" <(E-Mail Removed)> wrote in message newsA2DF581-5B91-48A4-AA74-(E-Mail Removed)...
I am running Windows 2000 Server (SP4). I set up RRAS for a VPN, setting the
computer as a Router for LAN and demand-dial routing and as a remote access
server. I can dial in successfully and get a VPN connection. I can access
the VPN server by IP address only, and cannot access any other computer on
the internal network.

The server is behind a DSL modem that acts as a firewall and a DHCP server
for the workplace network. The internal network DHCP'ed into the IP range
192.168.0.64 through 192.168.0.149. The VPN clients are assigned addresses
from the static range 192.168.1.100 through 192.168.1.149, with the VPN
server being 192.168.1.100.

When I make the VPN connection from outside the office, I get an IP address
(such as 192.168.1.101) and can ping the office server by its VPN IP address
(192.168.1.100). I cannot ping the server by its internal IP (192.168.0.65)
nor can I ping any other machine in the office network.

So, I'm pretty helpless here. How do I get a VPN client to be able to ping
machines in the office network? What IP addresses will the VPN client see
for those machines (192.168.1.X or 192.168.0.X) once I get this working?

The problem is probably the default gateway setting on the LAN machines.
If they point to the firewall, that is where the traffic for the remotes
will be going. It will never get to the RRAS server.

You could add a static route to the firewall to "bounce" the 192.168.1
traffic to the RRAS router. (eg 192.168.1.0 255.255.255.0 192.168.0.65 )
It will then be encrypted and encapsulated by the RRAS server before it goes
to the firewall, and everything should be OK.

"BeanDog" <(E-Mail Removed)> wrote in message
newsA2DF581-5B91-48A4-AA74-(E-Mail Removed)...
>I am running Windows 2000 Server (SP4). I set up RRAS for a VPN, setting
>the
> computer as a Router for LAN and demand-dial routing and as a remote
> access
> server. I can dial in successfully and get a VPN connection. I can
> access
> the VPN server by IP address only, and cannot access any other computer on
> the internal network.
>
> The server is behind a DSL modem that acts as a firewall and a DHCP server
> for the workplace network. The internal network DHCP'ed into the IP range
> 192.168.0.64 through 192.168.0.149. The VPN clients are assigned
> addresses
> from the static range 192.168.1.100 through 192.168.1.149, with the VPN
> server being 192.168.1.100.
>
> When I make the VPN connection from outside the office, I get an IP
> address
> (such as 192.168.1.101) and can ping the office server by its VPN IP
> address
> (192.168.1.100). I cannot ping the server by its internal IP
> (192.168.0.65)
> nor can I ping any other machine in the office network.
>
> So, I'm pretty helpless here. How do I get a VPN client to be able to
> ping
> machines in the office network? What IP addresses will the VPN client see
> for those machines (192.168.1.X or 192.168.0.X) once I get this working?