Unable to ping/browse peer to peer network after setting up RRAS

Hi, I was wondering if I could get someone to help with a
little VPN problem I am having. I've tried a ton of
things so far, and can't seem to get it to work. My VPN
connects, but the issue is that I can't ping or browse
outside my VPN box.


Anyways, here's my setup:


Our current network is a peer-to-peer with a
Unix DNS, WEB, and DHCP server. My Server 2003 box is
not a domain controller, and is in a UNIX network. It
has two static (public) IP addresses (.247.42
and .247.32). I call it CHS-VPNServer. I have one other
server on a windows 2000 server box in the same subnet
that is a file server. It's called CHS-Backup. I've
installed Routing and remote access on the VPN server,
followed all the instructions to set it up. Tested it
locally and remotely, and I get a connection fine. I can
even ping and tracert to the default gateway through the
VPN server.


I've set Routing and Remote Access to use one
nick (.247.42, called the WAN connection) as the external
gateway, and the other (.247.32, called the LAN
connection) as the internal gateway. All DHCP, DNS is
coming from the LAN connection which is set to point
towards the default gateway of
..246.1 and DNS server of .247.9 (the Unix server). The
subnet mask for our network is 255.255.254.0.


The box connecting through the VPN server is
a Windows XP box located over in the University Medical
Center area.


The whole purpose of this VPN is to be able
to connect to our Intranet site (.247.17), and our PCN
server (.247.30), and to our share
folders (.247.9). The ports are currently blocked at the
router. We
currently have one site outside our network that needs to
tunnel through and utilize these sites.


Here's the problem:


I can't get beyond the server. When the
client computer makes the VPN connection, it
authenticates, connects, and shows an appropriate VPN
connect. I can ping the default gateway (.246.1) and can
even tracert through VPN server to it. I can also Ping
the .247.32 address. I CAN'T ping any other internal
address, specifically the ones mentioned above. The
windows browser doesn't show anything when I try to use
it. And I can't see ANYTHING other than the default
gateway and the LAN computer via ping.


IF I disable Routing and Remote access, I can
ping both nic's just fine from the servers, and vice,
versa. WITH it, I can't ping anything on the VPNserver
from the other servers.


Here's the things I've tried with no success at all:



- Putting in static routes in routing and remote
access to point
from the LAN (and even the WAN) connection to the DNS
server and Intranet server.

- Setting up a DNS server on the VPN server box
and forwarding to
our current DNS server and using those settings on the
LAN box.

- Making the VPN-Server a domain controller in a
separate domain,
and then routing both nicks through that DNS which points
to the UNIX DNS.

- Tried Routing and Remote access on the Windows
2000 server box
with the same results.

- Disabling browser service on the VPN server
box in the registry
(Microsoft says this is an option if it's a domain
controller and trying to be browser master and can't see
other computers).

- Setting up a DHCP server on the VPN server box
and having IP
requests go through there.

- Disabling one nic card and running everything
through just one
nic (the .247.42 one).


At this point, I'm starting to run out of ideas and
Microsoft Knowledgebase articles . . . Any help would be
MORE than appreciated.


Thanks in advance,



Steve L. Mann

The basic problem is that you have both NICs of the server in the same IP
subnet. RRAS is a router, so it really doesn't like that!

Are the .247.x addresses registered public IPs? What you are trying to
do is tunnel through a LAN, not thorugh the Internet. You do not need two
NICs in the RRAS server. You make the VPN connection to the server's normal
LAN IP. The tunnel is created through the LAN between the client and
server. As long as the client can ping the server, it should work.

Do not use the VPN server option in the RRAS setup wizard. Use the
remote access or manual config option. This will allow you to set up the
server to accept a VPN connection using just one NIC.

"Steve Mann" <(E-Mail Removed)> wrote in message
news:49a501c47368$a6b94810$(E-Mail Removed)...
> Hi, I was wondering if I could get someone to help with a
> little VPN problem I am having. I've tried a ton of
> things so far, and can't seem to get it to work. My VPN
> connects, but the issue is that I can't ping or browse
> outside my VPN box.
>
>
> Anyways, here's my setup:
>
>
> Our current network is a peer-to-peer with a
> Unix DNS, WEB, and DHCP server. My Server 2003 box is
> not a domain controller, and is in a UNIX network. It
> has two static (public) IP addresses (.247.42
> and .247.32). I call it CHS-VPNServer. I have one other
> server on a windows 2000 server box in the same subnet
> that is a file server. It's called CHS-Backup. I've
> installed Routing and remote access on the VPN server,
> followed all the instructions to set it up. Tested it
> locally and remotely, and I get a connection fine. I can
> even ping and tracert to the default gateway through the
> VPN server.
>
>
> I've set Routing and Remote Access to use one
> nick (.247.42, called the WAN connection) as the external
> gateway, and the other (.247.32, called the LAN
> connection) as the internal gateway. All DHCP, DNS is
> coming from the LAN connection which is set to point
> towards the default gateway of
> .246.1 and DNS server of .247.9 (the Unix server). The
> subnet mask for our network is 255.255.254.0.
>
>
> The box connecting through the VPN server is
> a Windows XP box located over in the University Medical
> Center area.
>
>
> The whole purpose of this VPN is to be able
> to connect to our Intranet site (.247.17), and our PCN
> server (.247.30), and to our share
> folders (.247.9). The ports are currently blocked at the
> router. We
> currently have one site outside our network that needs to
> tunnel through and utilize these sites.
>
>
> Here's the problem:
>
>
> I can't get beyond the server. When the
> client computer makes the VPN connection, it
> authenticates, connects, and shows an appropriate VPN
> connect. I can ping the default gateway (.246.1) and can
> even tracert through VPN server to it. I can also Ping
> the .247.32 address. I CAN'T ping any other internal
> address, specifically the ones mentioned above. The
> windows browser doesn't show anything when I try to use
> it. And I can't see ANYTHING other than the default
> gateway and the LAN computer via ping.
>
>
> IF I disable Routing and Remote access, I can
> ping both nic's just fine from the servers, and vice,
> versa. WITH it, I can't ping anything on the VPNserver
> from the other servers.
>
>
> Here's the things I've tried with no success at all:
>
>
>
> - Putting in static routes in routing and remote
> access to point
> from the LAN (and even the WAN) connection to the DNS
> server and Intranet server.
>
> - Setting up a DNS server on the VPN server box
> and forwarding to
> our current DNS server and using those settings on the
> LAN box.
>
> - Making the VPN-Server a domain controller in a
> separate domain,
> and then routing both nicks through that DNS which points
> to the UNIX DNS.
>
> - Tried Routing and Remote access on the Windows
> 2000 server box
> with the same results.
>
> - Disabling browser service on the VPN server
> box in the registry
> (Microsoft says this is an option if it's a domain
> controller and trying to be browser master and can't see
> other computers).
>
> - Setting up a DHCP server on the VPN server box
> and having IP
> requests go through there.
>
> - Disabling one nic card and running everything
> through just one
> nic (the .247.42 one).
>
>
> At this point, I'm starting to run out of ideas and
> Microsoft Knowledgebase articles . . . Any help would be
> MORE than appreciated.
>
>
> Thanks in advance,
>
>
>
> Steve L. Mann

Hi, guys..

I'd go a step further and say that VPN shouldn't be used at all. This isn't
the environment or situation that VPN is desinged for. VPN isn't for use
between two machines in the same subnet in the same LAN. The method to use
in this situation is IPSec not VPN.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"Bill Grant" <not.available@online> wrote in message
news:(E-Mail Removed)...
> The basic problem is that you have both NICs of the server in the same
IP
> subnet. RRAS is a router, so it really doesn't like that!
>
> Are the .247.x addresses registered public IPs? What you are trying
to
> do is tunnel through a LAN, not thorugh the Internet. You do not need two
> NICs in the RRAS server. You make the VPN connection to the server's
normal
> LAN IP. The tunnel is created through the LAN between the client and
> server. As long as the client can ping the server, it should work.