yet another vpn/routing question

Discussion in 'Windows Networking' started by Jeremy, Apr 27, 2004.

  1. Jeremy

    Jeremy Guest

    Was playing around with getting VPN setup on w2k advanced server. When I go
    through the VPN wizard in routing and remote access. when I did that it
    still lists the correct routes and gateways in the configs, and in network
    properties.

    IP 10.146.183.251
    GW 10.146.183.253
    DNS 10.146.183.254
    Netmask 255.255.255.0

    Above is what everything shows set to. Which should work, but for some
    reason when routing and remote access kicks in the network card stops
    responding and when I do a route print I now show the following, even though
    the above settings still show in routing/remote access.
    Network destination Netmask Gateway Interface
    10.146.183.251 255.255.255.255 127.0.0.1 127.0.0.1

    Any way to fix that or straighten that out? Only way to get the card
    working is to disable routing and remote access and reboot. But everytime I
    go back through the wizard the above funky settings come back, even though
    they are listed in routing and remote access as above.
     
    Jeremy, Apr 27, 2004
    #1
    1. Advertisements

  2. Hi Jeremy,

    The route itself looks to be correct. But is that the only route you see
    in the route table?

    One thing to be careful of is when you use the Wizard to add the VPN
    server, you will get packet filters applied to the network card (for
    security reasons). It will only pass 1723 and GRE traffic.

    You can go into the properties of the interface ( in RRAS under ip routing
    -> general) and remove these. As long as the server is internal (and does
    not have a direct connection to the internet), then this should be ok.


    Thank you,
    Matthew Fresoli
    Microsoft Network Support
    --

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Use of included script samples are subject to the terms specified at
    http://www.microsoft.com/info/cpyright.htm

    Note: For the benefit of the community-at-large, all responses to this
    message are best directed to the newsgroup/thread from which they
    originated.
     
    Matthew [MSFT], Apr 27, 2004
    #2
    1. Advertisements

  3. Jeremy

    Jeremy Guest

    No it wasn't the only route, but for ease of typing I only included the one
    that changed the most. Is there a easy way to use the wizard and setup VPN
    with a internal network Nic and a Nic with Internet? So that in theory that
    I could allow vpn's coming in on the internet nic to access the internal
    network? I had it working briefly then all the sudden the route got munged
    and seemed to be routing everything to the local loopback of 127.0.0.1 even
    though with my limited experience I looked everywhere it was listing the
    routes as still being what the network cards were set with. But the
    route -print didn't match what the cards were set with my example is the
    internal nic being set to a gateway of 127.0.0.1 instead of 10.146.183.253
     
    Jeremy, Apr 27, 2004
    #3
  4. It sounds like the routing table is perfectly fine and you are only thinking
    it is wrong and in the process of trying to correct it you may be messing it
    up.

    What you are looking at is not the Default Gateway entry. It is the Loopback
    Route and that is the way it is supposed to look. The Default Gateway route
    looks like this:

    Destination Netmask Gateway Interface
    0.0.0.0 0.0.0.0 10.146.183.253 10.146.183.251

    These are loopback routes and should be there as they are. The one for
    127.0.0.0 is the "localhost loopback". They do that same thing but one is
    used when you use the name "localhost" (or 127.0.0.1), and the other is used
    when you use the machine's name (or 10.146.183.251), but in the end they do
    that same thing:

    Destination Netmask Gateway Interface
    127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
    10.146.183.251 255.255.255.255 127.0.0.1 127.0.0.1

    I suspect that your problem lies somewhere in the actual configuration of
    RRAS and the problem has nothing to do with the Routing table. If your
    network is a single subnet private network, then there is *nothing* to
    configure in any routing table. Layer3 Routers (such as RRAS) will
    automatically know what to do with networks that are directly connected to
    thier ports. They are refered to as simply "Directly Connected Networks" or
    in some documentation it may just say "Connected Networks". There is simply
    no configuration needed for such networks. "Routes" are only required when
    there is more than one "hop" between the Source and Destination (in other
    words two or more routers between them).

    --

    Phillip Windell [MCP, MVP, CCNA]
    www.wandtv.com
     
    Phillip Windell, Apr 27, 2004
    #4
  5. Jeremy

    Jeremy Guest

    I think I got it, I re-ran the wizard and chose some different options, the
    network cards are working now, and vpn appears to work. Now I just have to
    figure out how to make the server secure from the internet and still allow
    vpn and only vpn.

    --


    Jeremy Kettelhohn


     
    Jeremy, Apr 27, 2004
    #5
  6. In the properties of the external interface in RRAS - IP routing - General
    - you can set the inbound filters for only VPN ports.

    Use this article:
    http://support.microsoft.com/default.aspx?scid=KB;EN-US;324262

    If you add the outbound filters, you will need to configure outbound access
    for all other protocols as well.


    Thank you,
    Matthew Fresoli
    Microsoft Network Support
    --

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Use of included script samples are subject to the terms specified at
    http://www.microsoft.com/info/cpyright.htm

    Note: For the benefit of the community-at-large, all responses to this
    message are best directed to the newsgroup/thread from which they
    originated.
     
    Matthew [MSFT], Apr 27, 2004
    #6
  7. Jeremy

    Jeremy Guest

    Thanks for all the help, thats exactly what I wanted to do.
     
    Jeremy, Apr 27, 2004
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.