| Home | Register | Members | Search | Links |
 |
| Thread Tools | Display Modes |
|
Guest
Posts: n/a
|
|
|
|
||
|
|
| |
|
Guest
Posts: n/a
|
|
|
|
|
||
|
Guest
Posts: n/a
|
|
|
|
|
||
|
Guest
Posts: n/a
|
|
|
|
|
||
|
Guest
Posts: n/a
|
|
|
|
|
||
|
Guest
Posts: n/a
|
This would depend on the way you are handing out addresses to clients. If
you giving addresses to clients that match the internal network, you should not have to add a static route. If they are not the same, then internal clients would need to either point to the RAS server as a default gateway, or have individual local routes to point them back to the RAS server for that subnet. I would suggest using the same subnet either by creating a static pool in RRAS using the internal subnet, or using DHCP (this is default) to hand out addresses to RAS clients. I would check to see what address your client gets using IPconfig. If you see a 169.254.x.x, then the RRAS server probably is not getting addresses from DHCP. I would then go to a Static pool. The IP options are configured from the RRAS MMC. Right click on the server name, go to properties, and then IP. -Matt -- [This posting is provided AS IS with no warranties, and confers no rights.] <(E-Mail Removed)> wrote in message news  yfbc.24175$(E-Mail Removed) et...> great! i can connect now. however i cant ping any machines on the network. i > imagine i need to create a static route somewhere. i know that when using > dialin access via a phone modem to act as in ISP a static route must be > created with 0.0.0.0... would this be the same case? > > > "Matthew [MSFT]" <(E-Mail Removed)> wrote in message > news:(E-Mail Removed)... > > If you are using the domain name when logging one with the VPN client, > then > > the server is mostlikely trying to use the domain admin account. > > > > When logging on, try using the context machinename\username, where machine > > name is the RRAS server name. > > > > Another thing to try would be creating a new user locally that does not > have > > a domain account and give it dial in permissions. > > > > On your VPN connection properties, leave the domain name blank when > logging > > on. > > > > > > > > -- > > [This posting is provided AS IS > > with no warranties, and confers > > no rights.] > > <(E-Mail Removed)> wrote in message > > news:qMebc.23891$(E-Mail Removed) et... > > > since the machine is a stand alone server i am using the local > > administrator > > > account. would the fact that there is also an account named > administrator > > in > > > AD be causing a problem? there is on,y one DC. i have not changed the > > policy > > > to GRANT because my understanding of the default policy is that access > > will > > > be allowed IF dialin access is permitted at the user level as long as > day > > > and time restrictions do not match. please advise... > > > > > > > > > > > > "Matthew [MSFT]" <(E-Mail Removed)> wrote in message > > > news:%(E-Mail Removed)... > > > > Hi, > > > > > > > > Are you using a local user account or domain account? If domain > > account, > > > > make sure there is no local account with the same name on the server. > > > > > > > > Also, is there more than one DC? Check to see if the dial in > > permissions > > > > replicated to all DCs if using a domain account. > > > > > > > > If you change the RAS policy to Grant remote access permissions based > on > > > the > > > > conditions, does this work? > > > > > > > > -Matt > > > > > > > > > > > > > > > > -- > > > > [This posting is provided AS IS > > > > with no warranties, and confers > > > > no rights.] > > > > <(E-Mail Removed)> wrote in message > > > > news:i_dbc.23612$(E-Mail Removed) et... > > > > > i setup rras as a remote access server. i leave the default remote > > > access > > > > > policy alone. i then open the properties for a user account and on > the > > > > > dial-in tab i click to ALLOW remote access via dial in or vpn. guess > > > what? > > > > a > > > > > vpn connection attempt is denied and says the user does not have > > dialin > > > > > rights! ive rebooted, logged in physically at the machine, logged > off, > > > > tried > > > > > again... same thing! whats the problem? the server is a member of a > > > domain > > > > > but is NOT a domain controller. would there be a setting on the > > default > > > > > domain security policy that could be screwing me up? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > |
|
|
|
|
|||
|
Guest
Posts: n/a
|
ok. RRAS is configured to use a DHCP relay agent. when i connect i do get an
address that matches the rest of the network, however i couldnt see anything on the network except the rras server. i added a static route of 0.0.0.0 to the LAN adapter in RRAS and now i CAN see the rest of the network. could you provide an explanation as to why this is? "Matthew [MSFT]" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)... > This would depend on the way you are handing out addresses to clients. If > you giving addresses to clients that match the internal network, you should > not have to add a static route. If they are not the same, then internal > clients would need to either point to the RAS server as a default gateway, > or have individual local routes to point them back to the RAS server for > that subnet. > > I would suggest using the same subnet either by creating a static pool in > RRAS using the internal subnet, or using DHCP (this is default) to hand out > addresses to RAS clients. I would check to see what address your client > gets using IPconfig. If you see a 169.254.x.x, then the RRAS server > probably is not getting addresses from DHCP. I would then go to a Static > pool. > > The IP options are configured from the RRAS MMC. Right click on the server > name, go to properties, and then IP. > > -Matt > > -- > [This posting is provided AS IS > with no warranties, and confers > no rights.] > <(E-Mail Removed)> wrote in message > news yfbc.24175$(E-Mail Removed) et...> > great! i can connect now. however i cant ping any machines on the network. > i > > imagine i need to create a static route somewhere. i know that when using > > dialin access via a phone modem to act as in ISP a static route must be > > created with 0.0.0.0... would this be the same case? > > > > > > "Matthew [MSFT]" <(E-Mail Removed)> wrote in message > > news:(E-Mail Removed)... > > > If you are using the domain name when logging one with the VPN client, > > then > > > the server is mostlikely trying to use the domain admin account. > > > > > > When logging on, try using the context machinename\username, where > machine > > > name is the RRAS server name. > > > > > > Another thing to try would be creating a new user locally that does not > > have > > > a domain account and give it dial in permissions. > > > > > > On your VPN connection properties, leave the domain name blank when > > logging > > > on. > > > > > > > > > > > > -- > > > [This posting is provided AS IS > > > with no warranties, and confers > > > no rights.] > > > <(E-Mail Removed)> wrote in message > > > news:qMebc.23891$(E-Mail Removed) et... > > > > since the machine is a stand alone server i am using the local > > > administrator > > > > account. would the fact that there is also an account named > > administrator > > > in > > > > AD be causing a problem? there is on,y one DC. i have not changed the > > > policy > > > > to GRANT because my understanding of the default policy is that access > > > will > > > > be allowed IF dialin access is permitted at the user level as long as > > day > > > > and time restrictions do not match. please advise... > > > > > > > > > > > > > > > > "Matthew [MSFT]" <(E-Mail Removed)> wrote in message > > > > news:%(E-Mail Removed)... > > > > > Hi, > > > > > > > > > > Are you using a local user account or domain account? If domain > > > account, > > > > > make sure there is no local account with the same name on the > server. > > > > > > > > > > Also, is there more than one DC? Check to see if the dial in > > > permissions > > > > > replicated to all DCs if using a domain account. > > > > > > > > > > If you change the RAS policy to Grant remote access permissions > based > > on > > > > the > > > > > conditions, does this work? > > > > > > > > > > -Matt > > > > > > > > > > > > > > > > > > > > -- > > > > > [This posting is provided AS IS > > > > > with no warranties, and confers > > > > > no rights.] > > > > > <(E-Mail Removed)> wrote in message > > > > > news:i_dbc.23612$(E-Mail Removed) et... > > > > > > i setup rras as a remote access server. i leave the default remote > > > > access > > > > > > policy alone. i then open the properties for a user account and on > > the > > > > > > dial-in tab i click to ALLOW remote access via dial in or vpn. > guess > > > > what? > > > > > a > > > > > > vpn connection attempt is denied and says the user does not have > > > dialin > > > > > > rights! ive rebooted, logged in physically at the machine, logged > > off, > > > > > tried > > > > > > again... same thing! whats the problem? the server is a member of > a > > > > domain > > > > > > but is NOT a domain controller. would there be a setting on the > > > default > > > > > > domain security policy that could be screwing me up? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > |
|
|
|
|
|||
|
Guest
Posts: n/a
|
Your client machine receives an address when connecting (or it should),
therefore it is already in the same subnet (or it should be), so there is no "routing",...you can not "route" to where you are already at to start with. You need to verify which address your client is receiving and verify specifically which machine you can ping and which you cannot, and the subnet each is in if there are multiple subnets. Knowing *all* this makes a big difference when trying to troublshoot this type of stuff. -- Phillip Windell [MCP, MVP, CCNA] www.wandtv.com <(E-Mail Removed)> wrote in message news yfbc.24175$(E-Mail Removed) et...> great! i can connect now. however i cant ping any machines on the network. i > imagine i need to create a static route somewhere. i know that when using > dialin access via a phone modem to act as in ISP a static route must be > created with 0.0.0.0... would this be the same case? > > > "Matthew [MSFT]" <(E-Mail Removed)> wrote in message > news:(E-Mail Removed)... > > If you are using the domain name when logging one with the VPN client, > then > > the server is mostlikely trying to use the domain admin account. > > > > When logging on, try using the context machinename\username, where machine > > name is the RRAS server name. > > > > Another thing to try would be creating a new user locally that does not > have > > a domain account and give it dial in permissions. > > > > On your VPN connection properties, leave the domain name blank when > logging > > on. > > > > > > > > -- > > [This posting is provided AS IS > > with no warranties, and confers > > no rights.] > > <(E-Mail Removed)> wrote in message > > news:qMebc.23891$(E-Mail Removed) et... > > > since the machine is a stand alone server i am using the local > > administrator > > > account. would the fact that there is also an account named > administrator > > in > > > AD be causing a problem? there is on,y one DC. i have not changed the > > policy > > > to GRANT because my understanding of the default policy is that access > > will > > > be allowed IF dialin access is permitted at the user level as long as > day > > > and time restrictions do not match. please advise... > > > > > > > > > > > > "Matthew [MSFT]" <(E-Mail Removed)> wrote in message > > > news:%(E-Mail Removed)... > > > > Hi, > > > > > > > > Are you using a local user account or domain account? If domain > > account, > > > > make sure there is no local account with the same name on the server. > > > > > > > > Also, is there more than one DC? Check to see if the dial in > > permissions > > > > replicated to all DCs if using a domain account. > > > > > > > > If you change the RAS policy to Grant remote access permissions based > on > > > the > > > > conditions, does this work? > > > > > > > > -Matt > > > > > > > > > > > > > > > > -- > > > > [This posting is provided AS IS > > > > with no warranties, and confers > > > > no rights.] > > > > <(E-Mail Removed)> wrote in message > > > > news:i_dbc.23612$(E-Mail Removed) et... > > > > > i setup rras as a remote access server. i leave the default remote > > > access > > > > > policy alone. i then open the properties for a user account and on > the > > > > > dial-in tab i click to ALLOW remote access via dial in or vpn. guess > > > what? > > > > a > > > > > vpn connection attempt is denied and says the user does not have > > dialin > > > > > rights! ive rebooted, logged in physically at the machine, logged > off, > > > > tried > > > > > again... same thing! whats the problem? the server is a member of a > > > domain > > > > > but is NOT a domain controller. would there be a setting on the > > default > > > > > domain security policy that could be screwing me up? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > |
|
|
|
|
|||
|
Guest
Posts: n/a
|
The DHCP relay does not need to be configured if you are only using this as
a RAS server. Under DHCP relay, you should have the internal adapter listed, but in the DHCP relay properties, you do not need to have your internal server listed. The RAS server will automatically take 10 ip addresses from the DHCP scope when started. It will hand these out to the clients when they logon. I have seen this to be an issue when trying to access internal resources. -- [This posting is provided AS IS with no warranties, and confers no rights.] <(E-Mail Removed)> wrote in message news:LOfbc.24261$(E-Mail Removed) et... > ok. RRAS is configured to use a DHCP relay agent. when i connect i do get an > address that matches the rest of the network, however i couldnt see anything > on the network except the rras server. i added a static route of 0.0.0.0 to > the LAN adapter in RRAS and now i CAN see the rest of the network. could you > provide an explanation as to why this is? > > > "Matthew [MSFT]" <(E-Mail Removed)> wrote in message > news:(E-Mail Removed)... > > This would depend on the way you are handing out addresses to clients. If > > you giving addresses to clients that match the internal network, you > should > > not have to add a static route. If they are not the same, then internal > > clients would need to either point to the RAS server as a default gateway, > > or have individual local routes to point them back to the RAS server for > > that subnet. > > > > I would suggest using the same subnet either by creating a static pool in > > RRAS using the internal subnet, or using DHCP (this is default) to hand > out > > addresses to RAS clients. I would check to see what address your client > > gets using IPconfig. If you see a 169.254.x.x, then the RRAS server > > probably is not getting addresses from DHCP. I would then go to a Static > > pool. > > > > The IP options are configured from the RRAS MMC. Right click on the > server > > name, go to properties, and then IP. > > > > -Matt > > > > -- > > [This posting is provided AS IS > > with no warranties, and confers > > no rights.] > > <(E-Mail Removed)> wrote in message > > news yfbc.24175$(E-Mail Removed) et...> > > great! i can connect now. however i cant ping any machines on the > network. > > i > > > imagine i need to create a static route somewhere. i know that when > using > > > dialin access via a phone modem to act as in ISP a static route must be > > > created with 0.0.0.0... would this be the same case? > > > > > > > > > "Matthew [MSFT]" <(E-Mail Removed)> wrote in message > > > news:(E-Mail Removed)... > > > > If you are using the domain name when logging one with the VPN client, > > > then > > > > the server is mostlikely trying to use the domain admin account. > > > > > > > > When logging on, try using the context machinename\username, where > > machine > > > > name is the RRAS server name. > > > > > > > > Another thing to try would be creating a new user locally that does > not > > > have > > > > a domain account and give it dial in permissions. > > > > > > > > On your VPN connection properties, leave the domain name blank when > > > logging > > > > on. > > > > > > > > > > > > > > > > -- > > > > [This posting is provided AS IS > > > > with no warranties, and confers > > > > no rights.] > > > > <(E-Mail Removed)> wrote in message > > > > news:qMebc.23891$(E-Mail Removed) et... > > > > > since the machine is a stand alone server i am using the local > > > > administrator > > > > > account. would the fact that there is also an account named > > > administrator > > > > in > > > > > AD be causing a problem? there is on,y one DC. i have not changed > the > > > > policy > > > > > to GRANT because my understanding of the default policy is that > access > > > > will > > > > > be allowed IF dialin access is permitted at the user level as long > as > > > day > > > > > and time restrictions do not match. please advise... > > > > > > > > > > > > > > > > > > > > "Matthew [MSFT]" <(E-Mail Removed)> wrote in message > > > > > news:%(E-Mail Removed)... > > > > > > Hi, > > > > > > > > > > > > Are you using a local user account or domain account? If domain > > > > account, > > > > > > make sure there is no local account with the same name on the > > server. > > > > > > > > > > > > Also, is there more than one DC? Check to see if the dial in > > > > permissions > > > > > > replicated to all DCs if using a domain account. > > > > > > > > > > > > If you change the RAS policy to Grant remote access permissions > > based > > > on > > > > > the > > > > > > conditions, does this work? > > > > > > > > > > > > -Matt > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > [This posting is provided AS IS > > > > > > with no warranties, and confers > > > > > > no rights.] > > > > > > <(E-Mail Removed)> wrote in message > > > > > > news:i_dbc.23612$(E-Mail Removed) et... > > > > > > > i setup rras as a remote access server. i leave the default > remote > > > > > access > > > > > > > policy alone. i then open the properties for a user account and > on > > > the > > > > > > > dial-in tab i click to ALLOW remote access via dial in or vpn. > > guess > > > > > what? > > > > > > a > > > > > > > vpn connection attempt is denied and says the user does not have > > > > dialin > > > > > > > rights! ive rebooted, logged in physically at the machine, > logged > > > off, > > > > > > tried > > > > > > > again... same thing! whats the problem? the server is a member > of > > a > > > > > domain > > > > > > > but is NOT a domain controller. would there be a setting on the > > > > default > > > > > > > domain security policy that could be screwing me up? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > |
|
|
|
|
|||
|
Guest
Posts: n/a
|
|
|
|
|
||
|
|
| |
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Problem with 2003 Server RRAS (or maybe DNS) | =?Utf-8?B?c2hvY2t3YXZlMTIx?= | Windows Networking | 1 | 04-14-2005 10:46 AM |
| Very frustrating wireless problem | Treefrog | Home Networking | 1 | 03-21-2005 10:42 AM |
| Frustrating wireless networking problem.....please help. | Drummerboy | Wireless Networks | 8 | 03-15-2005 06:47 AM |
| frustrating logon issue on windows 2003 server clients | rua17 | Windows Networking | 4 | 11-04-2004 12:20 AM |
| Windows 2000 Server RRAS Won't Start | Mike | Windows Networking | 5 | 03-06-2004 11:42 PM |
Linear Mode
