Client connected to my RRAS server configured with SSTP do not have access to the internal network

-

i have trying resolve issue while need because cannot find solution.

i setup rras server uses nps. clients connect through sstp. part seems working fine.

the problem once connected, not have access our network (i.e. pinging using ip address fails) , internet.

here how our network setup:

  • our office on 172.16.11.xx subnet
  • we use amazon web services host of our servers. servers hosted in different subnet:172.16.30.xx
  • just in case our office network goes down, have 2 dcs, 1 in office subnet (172.16.11.xx) , 1 in 172.16.30.xx subnet
  • those dcs dns , dhcp (using dhcp split scope) servers
  • the rras server hosted on 172.16.30.xx subnet
  • the rras server has 1 nic
  • the “use default gateway on remote desktop” option in vpn connection properties on clients checked
  • to avoid error 720 on client, setup static address pool in ipv4 settings on rras server

what missing?

thanks

christophe

below result of netstat -rn , ipconfig /all :

c:\users\christophe>ipconfig /all

windows ip configuration

   host name . . . . . . . . . . . . : inspiron-9300
   primary dns suffix  . . . . . . . : flamingosoft.net
   node type . . . . . . . . . . . . : hybrid
   ip routing enabled. . . . . . . . : no
   wins proxy enabled. . . . . . . . : no
   dns suffix search list. . . . . . : flamingosoft.net

ppp adapter vpnw:

   connection-specific dns suffix  . :
   description . . . . . . . . . . . : vpnw
   physical address. . . . . . . . . :
   dhcp enabled. . . . . . . . . . . : no
   autoconfiguration enabled . . . . : yes
   ipv4 address. . . . . . . . . . . : 172.16.30.201(preferred)
   subnet mask . . . . . . . . . . . : 255.255.255.255
   default gateway . . . . . . . . . : 0.0.0.0
   dns servers . . . . . . . . . . . : 172.16.11.64
                                       172.16.30.50
   netbios on tcpip. . . . . . . . : enabled

wireless lan adapter wireless network connection:

   connection-specific dns suffix  . :
   description . . . . . . . . . . . : intel(r) pro/wireless 2915abg network con
nection
   physical address. . . . . . . . . : 00-0e-35-f7-83-97
   dhcp enabled. . . . . . . . . . . : yes
   autoconfiguration enabled . . . . : yes
   link-local ipv6 address . . . . . : fe80::ad69:af0f:53c0:9d79%11(preferred)
   ipv4 address. . . . . . . . . . . : 172.16.13.109(preferred)
   subnet mask . . . . . . . . . . . : 255.255.255.0
   lease obtained. . . . . . . . . . : monday, september 17, 2012 2:01:02 pm
   lease expires . . . . . . . . . . : tuesday, september 18, 2012 6:10:24 pm
   default gateway . . . . . . . . . : 172.16.13.1
   dhcp server . . . . . . . . . . . : 172.16.13.1
   dhcpv6 iaid . . . . . . . . . . . : 301993525
   dhcpv6 client duid. . . . . . . . : 00-01-00-01-0a-c0-68-41-00-15-c5-52-f7-ac

   dns servers . . . . . . . . . . . : 50.115.102.100
                                       50.115.103.100
   netbios on tcpip. . . . . . . . : enabled

ethernet adapter local area connection:

   media state . . . . . . . . . . . : media disconnected
   connection-specific dns suffix  . : flamingosoft.net
   description . . . . . . . . . . . : broadcom 440x 10/100 integrated controlle
r
   physical address. . . . . . . . . : 00-15-c5-52-f7-ac
   dhcp enabled. . . . . . . . . . . : yes
   autoconfiguration enabled . . . . : yes

tunnel adapter teredo tunneling pseudo-interface:

   media state . . . . . . . . . . . : media disconnected
   connection-specific dns suffix  . :
   description . . . . . . . . . . . : teredo tunneling pseudo-interface
   physical address. . . . . . . . . : 00-00-00-00-00-00-00-e0
   dhcp enabled. . . . . . . . . . . : no
   autoconfiguration enabled . . . . : yes

tunnel adapter isatap.flamingosoft.net:

   media state . . . . . . . . . . . : media disconnected
   connection-specific dns suffix  . :
   description . . . . . . . . . . . : microsoft isatap adapter #2
   physical address. . . . . . . . . : 00-00-00-00-00-00-00-e0
   dhcp enabled. . . . . . . . . . . : no
   autoconfiguration enabled . . . . : yes

tunnel adapter isatap.{e05b3a3c-1441-4fe6-a372-05241a3004d4}:

   media state . . . . . . . . . . . : media disconnected
   connection-specific dns suffix  . :
   description . . . . . . . . . . . : microsoft isatap adapter #3
   physical address. . . . . . . . . : 00-00-00-00-00-00-00-e0
   dhcp enabled. . . . . . . . . . . : no
   autoconfiguration enabled . . . . : yes

c:\users\christophe>netstat -rn
===========================================================================
interface list
 30...........................vpnw
 11...00 0e 35 f7 83 97 ......intel(r) pro/wireless 2915abg network connection
 10...00 15 c5 52 f7 ac ......broadcom 440x 10/100 integrated controller
  1...........................software loopback interface 1
 14...00 00 00 00 00 00 00 e0 microsoft isatap adapter
 12...00 00 00 00 00 00 00 e0 teredo tunneling pseudo-interface
 15...00 00 00 00 00 00 00 e0 microsoft isatap adapter #2
 31...00 00 00 00 00 00 00 e0 microsoft isatap adapter #3
===========================================================================

ipv4 route table
===========================================================================
active routes:
network destination        netmask          gateway       interface  metric
          0.0.0.0          0.0.0.0      172.16.13.1    172.16.13.109   4250
          0.0.0.0          0.0.0.0         on-link     172.16.30.201     26
     50.18.204.83  255.255.255.255      172.16.13.1    172.16.13.109   4251
        127.0.0.0        255.0.0.0         on-link         127.0.0.1   4531
        127.0.0.1  255.255.255.255         on-link         127.0.0.1   4531
  127.255.255.255  255.255.255.255         on-link         127.0.0.1   4531
      172.16.13.0    255.255.255.0         on-link     172.16.13.109   4506
    172.16.13.109  255.255.255.255         on-link     172.16.13.109   4506
    172.16.13.255  255.255.255.255         on-link     172.16.13.109   4506
    172.16.30.201  255.255.255.255         on-link     172.16.30.201    281
        224.0.0.0        240.0.0.0         on-link         127.0.0.1   4531
        224.0.0.0        240.0.0.0         on-link     172.16.13.109   4507
        224.0.0.0        240.0.0.0         on-link     172.16.30.201     26
  255.255.255.255  255.255.255.255         on-link         127.0.0.1   4531
  255.255.255.255  255.255.255.255         on-link     172.16.13.109   4506
  255.255.255.255  255.255.255.255         on-link     172.16.30.201    281
===========================================================================
persistent routes:
  none

ipv6 route table
===========================================================================
active routes:
 if metric network destination      gateway
  1    306 ::1/128                  on-link
 11    281 fe80::/64                on-link
 11    281 fe80::ad69:af0f:53c0:9d79/128
                                    on-link
  1    306 ff00::/8                 on-link
 11    281 ff00::/8                 on-link
===========================================================================
persistent routes:
  none


hi,

thanks post.

from output of route table/ipconfig of remote client, looks fine. in order troubleshoot, please let know vpn client, can access resources on subnet 172.16.30.xx? please post unedited ipconfig /all & route print.

for vpn client cannot access internet, expected. because default gateway on remote interface override default gateway configured on physical nic.

you cannot connect internet after connect vpn server (applies higher version)

http://support.microsoft.com/kb/317025

best regards,

aiden

aiden cao

technet community support




Windows Server  >  Network Infrastructure Servers



Comments

Post a Comment

Popular posts from this blog

2008 Windows Deployment Server Properties Error

-
currently wading through setup , configuration of wds on 2008 server. have captured xp sp2 image , purposes of testing not prestaging. pxe response settings have been set "respond (known & unknown) client computers" leaving "for unknown clients, notify administrator etc" unchecked when ok properties sheet error "server properties error" "the system cannot find file specified" when attempting use command "wdsutil /approve-autoadddevices /requestid:1" in response pending devices within gui "an error occurred while trying execute command. error code: 0x6 error description: access denied" surely if not attempting add workstations domain (no prestaging) there shouldn't problem. any appreciated  answering part of own question although if can explain reason appreciated. server properties error occurs when launching windows deployment services using start>all programs>administrative tools. if access via server manager...
Read more

Can no longer user MS Update - Files required to use Microsoft Update are no longer registered

-
hi, i'm new server 2003.  installed it.  removed enhanced ie security.  proceed download , install windows server 2003 sp1, of dot net (1.1, 2.0, 3.0, 3.5, , updates), , sp2. after downloaded , installed of above, tried windows update menu option in ie.  (ie 8 windows server 2003) , sits there "done" in lower left hand corner.  never brings in window. so try www.microsoft.com -> download , trails -> update.  received error message "files required use microsoft update no longer registered or installed on computer".  click on register or reinstall files me now.  window changes , "check latest version of windows updating software .... ".   sits there (last time sat there on hour). i went on internet , found instructions: regsvr32 wuapi.dll regsvr32 wups.dll regsvr32 wuaueng.dll regsvr32 wucltui.dll regsvr32 atl.dll regsvr32 msxml3.dll did not work either.  have other suggestions?...
Read more

How do a find data in one file, search for it in another file and if not found, write a custom message to another file

-
in file if.txt, starting on 2nd line of file, data formatted follows: ah10551,a10551,cn=a10551,a10551@qts.com ah10600,a10600,cn=a10600,a10600@qts.com ah10608,a10608,cn=a10608,a10608@qts.com in file sf.txt, data formatted follows: 2011-02-16 17:26:44 sid acme\ah10551 added sid history of qts\a10551 2011-02-16 17:26:44 sid acme\ah10244 added sid history of qts\a10244 2011-02-16 17:26:45 sid acme\ah10425 added sid history of qts\a10425 please provide suggestions on how following: 1. in if.txt file, read first field first ',' , store in variable called $if1 2. in sf.txt file, search for the value stored in $if1 , if found, ignore.  if not found, write custom message in another file such as: $if1 sidhistory not migrated. these files wont large.  im trying build 'exception file' of items in if.txt file not occurring in sf.txt file. thanks in advance ideas. mtv99 many ways that... here's one... (using example data) [array]$if1=@() gc d:\if.txt...
Read more