window 2003 server vpn connection connects but cannot browse anywhere

Ok so here is the situation. My vpn was working fine for a long time
but all of a sudden I started getting errors about GRE packets being
blocked, long story short I removed the vpn server settings and
reconfigured it and now I can connect fine but I cannot get anywhere
on my local network.

I am running Windows 2003 R2 RRAS without Radius with AD. I have
configured the server as a VPN server with NAT. My default gateway in
the office is 192.168.168.1. My VPN server ips are 192.168.168.60 and
192.168.168.63. I have my firewall set to forward an outside IP to .
63, lets say for arguments sake this ip is 1.1.1.2. So vpn.company.com
resolves to 1.1.1.2 which forwards on the firewall to 192.168.168.63.
I had set .63 to an external address and connected it outside of the
firewall but then my problems with GRE started happening so I went to
this method.

Okay so everything connects fine from home and I am able to get on the
vpn but I cannot ping any internal computer but DNS is working fine.
For example when I ping file.company.com it returns 192.168.168.40 but
it just gives me request timed out. I cannot ping the gateway at .1
either.

One thing I noticed is when I do an ipconfig /all with the VPN up I
get this.
Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx
Gigabit Cont
roller
Physical Address. . . . . . . . . : 00-18-8B-2D-9F-9C
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.12
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1

PPP adapter VPN:

Connection-specific DNS Suffix . : company.com
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.168.117
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.168.10
192.168.168.11
192.168.168.10
192.168.168.11
Primary WINS Server . . . . . . . : 192.168.168.10

I didnt run it before when it was working properly but why is there no
default gateway listed for my vpn connection?

This is my route print if it helps
================================================== =========================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 8b 2d 9f 9c ...... Broadcom NetXtreme 57xx Gigabit
Controller - Pac
ket Scheduler Miniport
0x3c0004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
================================================== =========================
================================================== =========================
Active Routes:
Network Destination Netmask Gateway Interface
Metric
0.0.0.0 0.0.0.0 192.168.1.1
192.168.1.12 20
127.0.0.0 255.0.0.0 127.0.0.1
127.0.0.1 1
140.239.172.181 255.255.255.255 192.168.1.1
192.168.1.12 20
192.168.1.0 255.255.255.0 192.168.1.12
192.168.1.12 20
192.168.1.12 255.255.255.255 127.0.0.1
127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.12
192.168.1.12 20
192.168.168.0 255.255.255.0 192.168.168.91
192.168.168.91 1
192.168.168.91 255.255.255.255 127.0.0.1
127.0.0.1 50
192.168.168.255 255.255.255.255 192.168.168.91
192.168.168.91 50
224.0.0.0 240.0.0.0 192.168.1.12
192.168.1.12 20
224.0.0.0 240.0.0.0 192.168.168.91
192.168.168.91 50
255.255.255.255 255.255.255.255 192.168.1.12
192.168.1.12 1
255.255.255.255 255.255.255.255 192.168.168.91
192.168.168.91 1
Default Gateway: 192.168.1.1
================================================== =========================
Persistent Routes:
None


While doing research I also read something where it wont work because
the 192/8 address are overlapping but I had this configuration before
and had no problems at all with getting to internal devices.

The VPN client ipconfig looks to me. It seems to me the server has routing
issue. Posting the results of ipconfig /all and routing table on VPN server
may help.

--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
<(E-Mail Removed)> wrote in message
news:03ac4d31-a845-4d51-94ad-(E-Mail Removed)...
> Ok so here is the situation. My vpn was working fine for a long time
> but all of a sudden I started getting errors about GRE packets being
> blocked, long story short I removed the vpn server settings and
> reconfigured it and now I can connect fine but I cannot get anywhere
> on my local network.
>
> I am running Windows 2003 R2 RRAS without Radius with AD. I have
> configured the server as a VPN server with NAT. My default gateway in
> the office is 192.168.168.1. My VPN server ips are 192.168.168.60 and
> 192.168.168.63. I have my firewall set to forward an outside IP to .
> 63, lets say for arguments sake this ip is 1.1.1.2. So vpn.company.com
> resolves to 1.1.1.2 which forwards on the firewall to 192.168.168.63.
> I had set .63 to an external address and connected it outside of the
> firewall but then my problems with GRE started happening so I went to
> this method.
>
> Okay so everything connects fine from home and I am able to get on the
> vpn but I cannot ping any internal computer but DNS is working fine.
> For example when I ping file.company.com it returns 192.168.168.40 but
> it just gives me request timed out. I cannot ping the gateway at .1
> either.
>
> One thing I noticed is when I do an ipconfig /all with the VPN up I
> get this.
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Broadcom NetXtreme 57xx
> Gigabit Cont
> roller
> Physical Address. . . . . . . . . : 00-18-8B-2D-9F-9C
> Dhcp Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.1.12
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.1.1
> DNS Servers . . . . . . . . . . . : 192.168.1.1
>
> PPP adapter VPN:
>
> Connection-specific DNS Suffix . : company.com
> Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
> Physical Address. . . . . . . . . : 00-53-45-00-00-00
> Dhcp Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.168.117
> Subnet Mask . . . . . . . . . . . : 255.255.255.255
> Default Gateway . . . . . . . . . :
> DNS Servers . . . . . . . . . . . : 192.168.168.10
> 192.168.168.11
> 192.168.168.10
> 192.168.168.11
> Primary WINS Server . . . . . . . : 192.168.168.10
>
> I didnt run it before when it was working properly but why is there no
> default gateway listed for my vpn connection?
>
> This is my route print if it helps
> ================================================== =========================
> Interface List
> 0x1 ........................... MS TCP Loopback interface
> 0x2 ...00 18 8b 2d 9f 9c ...... Broadcom NetXtreme 57xx Gigabit
> Controller - Pac
> ket Scheduler Miniport
> 0x3c0004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
> ================================================== =========================
> ================================================== =========================
> Active Routes:
> Network Destination Netmask Gateway Interface
> Metric
> 0.0.0.0 0.0.0.0 192.168.1.1
> 192.168.1.12 20
> 127.0.0.0 255.0.0.0 127.0.0.1
> 127.0.0.1 1
> 140.239.172.181 255.255.255.255 192.168.1.1
> 192.168.1.12 20
> 192.168.1.0 255.255.255.0 192.168.1.12
> 192.168.1.12 20
> 192.168.1.12 255.255.255.255 127.0.0.1
> 127.0.0.1 20
> 192.168.1.255 255.255.255.255 192.168.1.12
> 192.168.1.12 20
> 192.168.168.0 255.255.255.0 192.168.168.91
> 192.168.168.91 1
> 192.168.168.91 255.255.255.255 127.0.0.1
> 127.0.0.1 50
> 192.168.168.255 255.255.255.255 192.168.168.91
> 192.168.168.91 50
> 224.0.0.0 240.0.0.0 192.168.1.12
> 192.168.1.12 20
> 224.0.0.0 240.0.0.0 192.168.168.91
> 192.168.168.91 50
> 255.255.255.255 255.255.255.255 192.168.1.12
> 192.168.1.12 1
> 255.255.255.255 255.255.255.255 192.168.168.91
> 192.168.168.91 1
> Default Gateway: 192.168.1.1
> ================================================== =========================
> Persistent Routes:
> None
>
>
> While doing research I also read something where it wont work because
> the 192/8 address are overlapping but I had this configuration before
> and had no problems at all with getting to internal devices.

Thanks for the quick reply Bob, here is the routing table from the vpn
server and the ipconfig

IPv4 Route Table
================================================== =========================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 40 f4 49 93 6f ...... Realtek RTL8139 Family PCI Fast
Ethernet NIC

0x10004 ...00 c0 9f 07 9c 28 ...... Intel 8255x-based PCI Ethernet
Adapter (10/1
00)
================================================== =========================
================================================== =========================
Active Routes:
Network Destination Netmask Gateway Interface
Metric
0.0.0.0 0.0.0.0 192.168.168.1
192.168.168.63 20
0.0.0.0 0.0.0.0 192.168.168.1
192.168.168.60 20
127.0.0.0 255.0.0.0 127.0.0.1
127.0.0.1 1
192.168.168.0 255.255.255.0 192.168.168.60
192.168.168.60 20
192.168.168.0 255.255.255.0 192.168.168.63
192.168.168.63 20
192.168.168.60 255.255.255.255 127.0.0.1
127.0.0.1 20
192.168.168.63 255.255.255.255 127.0.0.1
127.0.0.1 20
192.168.168.255 255.255.255.255 192.168.168.60
192.168.168.60 20
192.168.168.255 255.255.255.255 192.168.168.63
192.168.168.63 20
224.0.0.0 240.0.0.0 192.168.168.60
192.168.168.60 20
224.0.0.0 240.0.0.0 192.168.168.63
192.168.168.63 20
255.255.255.255 255.255.255.255 192.168.168.60
192.168.168.60 1
255.255.255.255 255.255.255.255 192.168.168.63
192.168.168.63 1
Default Gateway: 192.168.168.1
================================================== =========================
Persistent Routes:
None


Windows IP Configuration

Host Name . . . . . . . . . . . . : vpn-01
Primary Dns Suffix . . . . . . . : company.com
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : company.com

Ethernet adapter VPN:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast
Ethernet
NIC
Physical Address. . . . . . . . . : 00-40-F4-49-93-6F
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.168.63
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.168.1
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Local:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 8255x-based PCI Ethernet
Adapter (1
0/100)
Physical Address. . . . . . . . . : 00-C0-9F-07-9C-28
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.168.60
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.168.1
DNS Servers . . . . . . . . . . . : 192.168.168.10
192.168.168.11


Everything looks okay to me here. I also made sure that I can ping/rdp
to any other computer on the network and the gateway from the vpn
server. I am not having any other routing issues or connectivity
problems anywhere else on the network. I also setup a vpn the same way
on a different server with different public and private ip address and
got the same result. Connected to vpn but could not ping anything.

I dont have a problem changing the vpn server configuration if you
have a suggestion in that direction.

This is the problem:

0.0.0.0 0.0.0.0 192.168.168.1
192.168.168.63 20
0.0.0.0 0.0.0.0 192.168.168.1
192.168.168.60 20

You should not setup both NICs using the same IP range and should not have
two gateways event they are the same. These seach results may help too.

issues of a multihomed computer with two NICs
Issues of a multihomed computer with two gateways. Case 1: The client
setup a Windows 2003 server with two NICs, one for Internet access one for
the LAN ...
www.chicagotech.net/Routers/2gateway2.htm - Similar pages

Multihomed Computer Issues
Multihomed Computer. Can't access using FTP and RDC on a multihomed
computer ... Multihomed WinXP computer in a P2P LAN & related problem ...
http://www.chicagotech.net/netissues...edcomputer.htm


--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
<(E-Mail Removed)> wrote in message
news:97c2ce69-0fa1-4f98-b6f1-(E-Mail Removed)...
>
> Thanks for the quick reply Bob, here is the routing table from the vpn
> server and the ipconfig
>
> IPv4 Route Table
> ================================================== =========================
> Interface List
> 0x1 ........................... MS TCP Loopback interface
> 0x10003 ...00 40 f4 49 93 6f ...... Realtek RTL8139 Family PCI Fast
> Ethernet NIC
>
> 0x10004 ...00 c0 9f 07 9c 28 ...... Intel 8255x-based PCI Ethernet
> Adapter (10/1
> 00)
> ================================================== =========================
> ================================================== =========================
> Active Routes:
> Network Destination Netmask Gateway Interface
> Metric
> 0.0.0.0 0.0.0.0 192.168.168.1
> 192.168.168.63 20
> 0.0.0.0 0.0.0.0 192.168.168.1
> 192.168.168.60 20
> 127.0.0.0 255.0.0.0 127.0.0.1
> 127.0.0.1 1
> 192.168.168.0 255.255.255.0 192.168.168.60
> 192.168.168.60 20
> 192.168.168.0 255.255.255.0 192.168.168.63
> 192.168.168.63 20
> 192.168.168.60 255.255.255.255 127.0.0.1
> 127.0.0.1 20
> 192.168.168.63 255.255.255.255 127.0.0.1
> 127.0.0.1 20
> 192.168.168.255 255.255.255.255 192.168.168.60
> 192.168.168.60 20
> 192.168.168.255 255.255.255.255 192.168.168.63
> 192.168.168.63 20
> 224.0.0.0 240.0.0.0 192.168.168.60
> 192.168.168.60 20
> 224.0.0.0 240.0.0.0 192.168.168.63
> 192.168.168.63 20
> 255.255.255.255 255.255.255.255 192.168.168.60
> 192.168.168.60 1
> 255.255.255.255 255.255.255.255 192.168.168.63
> 192.168.168.63 1
> Default Gateway: 192.168.168.1
> ================================================== =========================
> Persistent Routes:
> None
>
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : vpn-01
> Primary Dns Suffix . . . . . . . : company.com
> Node Type . . . . . . . . . . . . : Broadcast
> IP Routing Enabled. . . . . . . . : Yes
> WINS Proxy Enabled. . . . . . . . : Yes
> DNS Suffix Search List. . . . . . : company.com
>
> Ethernet adapter VPN:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast
> Ethernet
> NIC
> Physical Address. . . . . . . . . : 00-40-F4-49-93-6F
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.168.63
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.168.1
> NetBIOS over Tcpip. . . . . . . . : Disabled
>
> Ethernet adapter Local:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel 8255x-based PCI Ethernet
> Adapter (1
> 0/100)
> Physical Address. . . . . . . . . : 00-C0-9F-07-9C-28
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.168.60
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.168.1
> DNS Servers . . . . . . . . . . . : 192.168.168.10
> 192.168.168.11
>
>
> Everything looks okay to me here. I also made sure that I can ping/rdp
> to any other computer on the network and the gateway from the vpn
> server. I am not having any other routing issues or connectivity
> problems anywhere else on the network. I also setup a vpn the same way
> on a different server with different public and private ip address and
> got the same result. Connected to vpn but could not ping anything.
>
> I dont have a problem changing the vpn server configuration if you
> have a suggestion in that direction.