+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 29 of 29
Windows Server 2008 Thread, PPTP VPN Connection in Technical; Is server A and server B using different editions if so what are they?...
  1. #16

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    Is server A and server B using different editions if so what are they?

  2. #17

    Join Date
    Mar 2009
    Location
    Ayrshire, Scotland
    Posts
    78
    Thank Post
    8
    Thanked 5 Times in 5 Posts
    Rep Power
    12
    Hi sukh,

    Sorry I haven't replied lately. I've just been really busy lately an haven't had two minutes to pick up on where we left off. Since my last post, I did find someone in the same situation as me and his solution was to add a static route on both servers. The other post did also say that this was automatically done for you with windows 2003 which explains why my setup worked with another two sites.

    I'll will revisit my VPN set up over the weekend and report back.

    Thank you for your help so far!

    Fraser.

  3. #18

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    Hi Fraser,

    np, let me know and if you still have issues, we can continue.

    Sukh

  4. Thanks to sukh from:

    Fraser-09 (1st May 2011)

  5. #19

    Join Date
    Mar 2009
    Location
    Ayrshire, Scotland
    Posts
    78
    Thank Post
    8
    Thanked 5 Times in 5 Posts
    Rep Power
    12
    OK, so I finally got round to fixing this over the long weekend with all offices being closed for the Royal Wedding and Public holidays.

    My fix was to completely remove and reconfigured RRAS on both servers, setting up the VPN connection first, then later adding NAT. After the VPN server was created and connected, I still could not ping from both servers to the other server using it's internal IP address. Pinging from both servers to a workstation on the otherside was fine. Also pinging from workstationA,site1 TO workstationA,site2 worked.

    After some (more) research, I found that with server 2008, a static route is required to be able to reach the other server using its local address:
    For example:
    Route Add [IP of Remote Server] mask 255.255.255.255 [IP of RRAS Inteface on local network] -p
    With Server 2003, this route is automatically created for you.

    If anyone else reading this with the same problem, have a look at Microsoft's response in the following article: **See Step 7**
    Unable to ping the tunnel address of a Demand Dial Connection on Windows Server 2008 RRAS - Microsoft Enterprise Networking Team - Site Home - TechNet Blogs


    Thank you for all your help Sukh

    Fraser
    Last edited by Fraser-09; 1st May 2011 at 10:08 PM.

  6. #20

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    Np, glad it's resolved

  7. #21

    Join Date
    Mar 2009
    Location
    Ayrshire, Scotland
    Posts
    78
    Thank Post
    8
    Thanked 5 Times in 5 Posts
    Rep Power
    12
    Quote Originally Posted by sukh View Post
    Np, glad it's resolved
    Actually, not quite lol. Been testing this out and restarting various devices that could possibly break the VPN connection and I've noticed that the static route must be deleted and recreated every time the connection drops. Can't understand why. Not to worry tho, im sure i'll get to the bottom of it.

  8. #22

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    OK. What devices have you restarted, which causes the static route to fail?

    Can you details the steps that you take?

    I assume the route is a persistant route?

    Sukh

  9. #23

    Join Date
    Mar 2009
    Location
    Ayrshire, Scotland
    Posts
    78
    Thank Post
    8
    Thanked 5 Times in 5 Posts
    Rep Power
    12
    Any device that would break the connection, ie network switch, router or either server. Even if I manually "disconnect" the VPN and let the remote server reconnect, I must delete then recreate the route. Yes, using persistence route.

    Once the connection is dropped and recreated, I must do
    Route delete 192.168.10.1
    then
    Route Add 192.168.10.1 mask 255.255.255.255 192.168.20.53 -p
    Seems very odd or maybe I'm missing something?

  10. #24

    Join Date
    Mar 2009
    Location
    Ayrshire, Scotland
    Posts
    78
    Thank Post
    8
    Thanked 5 Times in 5 Posts
    Rep Power
    12
    Think I've got it working now.... Will test again tomorrow as its 2.30am!

    Thanks
    Fraser

  11. #25

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    Let me know, as I'm trying to reproduce

    Thanks
    S

  12. #26

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    Hi

    Sent PM.
    Sukh

  13. #27

    Join Date
    Mar 2009
    Location
    Ayrshire, Scotland
    Posts
    78
    Thank Post
    8
    Thanked 5 Times in 5 Posts
    Rep Power
    12
    Quote Originally Posted by sukh View Post
    Let me know, as I'm trying to reproduce

    Thanks
    S
    Hi,

    I now messed up my previous setup so I think it's best to go back to basics regarding the network topology and what I'm actually trying to achieve here. I've attached a diagram with IP addressing. Ideal solution would be all networks to be able communicate with all subnets however I'd be happy if only the two outer networks could talk.


    Some facts:
    Server A
    2 Network Cards
    IP Addresses: 192.168.10.1 and 192.168.1.1
    NAT running on 192.168.10.1 to provide internet running for 192.168.10.0/24
    DHCP running for both networks
    Windows Server 2008 SBS Std.
    VPN Dial in for users is required too

    Server B
    2 Network Cards
    IP Addresses: 192.168.20.1 and 192.168.2.1
    NAT running on 192.168.20.1 to provide internet running for 192.168.20.0/24
    DHCP running for both networks
    Windows Server 2008 Foundation.

    PCa1
    IP Address 192.168.10.100

    PCb1
    IP Address 192.168.20.100

    Router A
    IP Address: 192.168.1.254
    FQDN: RouterA.Domain.net

    Router B
    IP Address: 192.168.2.254
    FQDN: RouterB.Domain.net

    What I need to achieve:
    Both outer NAT networks, in Red (ie, 192.168.10.0 and 192.168.20.0) able to reach each other across the Internet. I'd prefer the VPN to use Static IP addressing to avoid IP changes, if possible. So in plain English, anywhere within the 192.168.10.0/24 network able to connect to anywhere in the 192.168.20.0/24 network and vice versa.

    I understand RIP maybe required on both servers to achieve 'the ideal solution'. - I did have this working with Static Routes but tbh I think I'd prefer to use RIP if its straight forward to do. (I know how RIP works etc, but always configured it on cisco equipment, never with RRAS)


    Hopefully now you'll be able to fully understand the set up and how to assist me Can you please point me in the direction of setting this VPN connection up from scratch?

    thanks,
    Fraser




    Edit:

    After taking a wee break from thinking (it is 3.45am!) I've got the VPN up and running (without RIP - using static route). All devices can ping each other. As everything is working, I restarted Server B to test the connection is restored when reconnected. The results are below:
    • Site A can ping Server B and PCb successfully.
    • Site B can ping PCa successfully.
    • Site B (Server+PC) cannot ping ServerA

    Then when I delete and recreate the static route on Server B;
    Route delete 192.168.10.1
    Route Add 192.168.10.1 mask 255.255.255.255 192.168.20.10.50 -p
    ...all starts working again. Why?? I'm banging my head off the wall here!

    If I can't get this issue resolved, I think I'll redesign both networks, removing the seconds subnet and NAT interface at each site. It will be a pain in the ass to do, but might just be worth it in the long run!

    Thanks
    Fraser
    Attached Images Attached Images
    Last edited by Fraser-09; 3rd May 2011 at 04:20 AM.

  14. #28

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    Looking into this bear with me.

    Sukh

  15. #29

    Join Date
    Mar 2009
    Location
    Ayrshire, Scotland
    Posts
    78
    Thank Post
    8
    Thanked 5 Times in 5 Posts
    Rep Power
    12
    Quote Originally Posted by sukh View Post
    Looking into this bear with me.

    Sukh

    I'm in the process of removing the outer subnets in the diagram. SiteB is already done (as its a small office) and I should have SiteA done by the end of the night. After that, it should be a doddle to create the Site-to-Site VPN. The network was set up this way by the installers as site A is part of a business centre so there was untrusted devices from other offices using the same network (192.168.1.0/24). Since then, SiteA has expanded and the other offices were moved to separate broadband lines.

    Will keep you posted... I'll be here all night!

    Thanks
    Fraser

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Replies: 2
    Last Post: 21st February 2010, 10:03 PM
  2. VPN Connection from Inside
    By karldenton in forum Windows
    Replies: 1
    Last Post: 25th January 2010, 02:28 PM
  3. detect vpn connection
    By firefighting in forum How do you do....it?
    Replies: 3
    Last Post: 15th July 2009, 12:02 AM
  4. PPTP VPN and Censornet
    By OutToLunch in forum *nix
    Replies: 2
    Last Post: 23rd January 2008, 05:25 PM
  5. VPN connection with internet connection option
    By FN-GM in forum Wireless Networks
    Replies: 6
    Last Post: 29th December 2007, 07:19 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •