vpn & static routing

I have a static routing issue (I think) with my vpn setup. I have a 2003
domain server (and remote access server) with two NIC cards. One card is
conected to my LAN which is managed by a lynksys Router (Gateway) . This
Router does dhcp for the network and supplies the company internet
connection.
The other NIC s connected directly to the internet on a seperate Line (not
through the Linksys connection) This NIC we have setup for the VPN. We have
setup the remote users (XP laptops) and they can connect using ipsec. We have
the following problems - all because we have not got the static routing
setup correctly:
1) the Server itself (but no one else on the LAN) can't find the internet.
note: the VPN connection is filtered.
2) the remote users can't see the winows network - they can see the local IP
address, but none of the netbios stuff.
3)The remote users cannot use the local internet gateway ( I want this)

IDEAS - thanks

posting the results of both VPN client and server routing table here may help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"VPN User" <VPN (E-Mail Removed)> wrote in message news:2F5128EB-BC0D-4E22-AF98-(E-Mail Removed)...
I have a static routing issue (I think) with my vpn setup. I have a 2003
domain server (and remote access server) with two NIC cards. One card is
conected to my LAN which is managed by a lynksys Router (Gateway) . This
Router does dhcp for the network and supplies the company internet
connection.
The other NIC s connected directly to the internet on a seperate Line (not
through the Linksys connection) This NIC we have setup for the VPN. We have
setup the remote users (XP laptops) and they can connect using ipsec. We have
the following problems - all because we have not got the static routing
setup correctly:
1) the Server itself (but no one else on the LAN) can't find the internet.
note: the VPN connection is filtered.
2) the remote users can't see the winows network - they can see the local IP
address, but none of the netbios stuff.
3)The remote users cannot use the local internet gateway ( I want this)

IDEAS - thanks

That isn't a simple routing issue. It is a basic network design flaw.

A machine can have only one active default route. For a LAN machine,
that is set to point to the router. For a remote access server, it points
out to the Internet. It cannot do both at the same time through different
interfaces! So basically what you are trying to do will never work.

The only way to get that sort of setup to work is to have only one NIC
in the server and use the router as the default gateway. The remotes connect
to the router's public IP and you extend the VPN connection to the server on
the LAN using port forwarding.

In any case, it is not a good idea to use a DC as a remote access
server. When a remote user connects, you will have all sorts of odd problems
with name resolution and browsing (the netbios stuff you mention), because
the DC is now multihomed. (ie it has two IP addresses associated with its
Netbios name). This problem is discussed in KB292822.

VPN User wrote:
> I have a static routing issue (I think) with my vpn setup. I have a
> 2003 domain server (and remote access server) with two NIC cards. One
> card is conected to my LAN which is managed by a lynksys Router
> (Gateway) . This Router does dhcp for the network and supplies the
> company internet connection.
> The other NIC s connected directly to the internet on a seperate Line
> (not through the Linksys connection) This NIC we have setup for the
> VPN. We have setup the remote users (XP laptops) and they can
> connect using ipsec. We have the following problems - all because we
> have not got the static routing setup correctly:
> 1) the Server itself (but no one else on the LAN) can't find the
> internet. note: the VPN connection is filtered.
> 2) the remote users can't see the winows network - they can see the
> local IP address, but none of the netbios stuff.
> 3)The remote users cannot use the local internet gateway ( I want
> this)
>
> IDEAS - thanks