Routing for RRAS/VPN client

All replies

• 

  

  1

  Sign in to vote

      Do the clients currently get IP addresses in the 192.168.10 subnet? If they do, this won't be easy.
  
        That method, which is called on-subnet addressing, is not suited to a routed network. It is a quick and easy method to set up, but it relies on the server doing proxy ARP on the LAN for the remotes. No real IP routing is done (because they are all in the same IP subnet).
  
      To get access to other subnets on the LAN, you need to use off-subnet addressing. You use a different IP subnet for the remote clients (using a static pool of addresses). You then route this subnet as you would route any other subnet in your network.
  
     Are you planning to give remote clients access to VOIP? VOIP over VPN sounds a bit dicey to me. HAve you tested that it works OK?
  

  ---

  Bill

  Tuesday, July 28, 2009 12:44 AM
• 

  

  0

  Sign in to vote

  Yes, the clients get the 192.168.10 subnet IP addresses.  The 192.168.15.x IP range is for our VOIP system only.  Apparently, our sister company uses the same IP scheme but they use a SonicWall VPN server and it works for their VPN clients using their VOIP phones.
  

  Tuesday, July 28, 2009 1:44 AM
• 

  

  0

  Sign in to vote

  Hi Customer,

   

  Thank you for posting here.

   

  According to your description, you’d like to configure a RRAS server to allow the VPN clients to access 2 different subnet resources. If I have misunderstood the problem, please do not hesitate to let me know. The RRAS feature in Windows 2003 is able to do the job for you.

   

  To access 2^nd Local network resource, please following the steps:

   

  1.     Configure the RRAS server for your VPN clients, please refer to the KB article: http://support.microsoft.com/kb/323381

  2.     Add a static route to access 2^nd Local network in the RRAS console.

  a)      Click Start, point to Administrative Tools, and then click Routing and Remote Access.

  b)    In the console directory, click your_server_name.

  c)     Expend IP routing, select the Static Routes.

  d)    Right click the right panel, choose New Static Routes.

  e)     Choose the Interface to RRAS server’s internal network card, fill in Destination 192.168.15.0, Network mask 255.255.255.0, Gateway 192.168.10.x (RRAS server’s internal network card IP address here), Metric 1, OK

  ---

  Wilson Jia - MSFT

  • Marked as answer by Wilson Jia Friday, July 31, 2009 7:44 AM

  Friday, July 31, 2009 1:22 AM
• 

  

  0

  Sign in to vote

  Hi Wilson, thank you for your reply.  I'm sorry but I've given the incorrect info here.  Our local IP addr is 221.8.1.x/24 and the other IP that I want the remote access users to get to is 192.168.15.x/24 network.  Sorry for the confusion guys.  Hope this clear up things.  Pls advise, thks.
  

  Saturday, August 1, 2009 2:39 AM
• 

  

  0

  Sign in to vote

  Hi,
  
  In this case, you can change the Static Routes Gateway IP to 221.8.1.x/24 according to the intruction step e. Thanks.

  ---

  Wilson Jia - MSFT

  Monday, August 3, 2009 4:10 AM
• 

  

  0

  Sign in to vote

  Thanks Wilson.  It didn't work. When I tried VPN into our network, I cannot ping the 192.168.15.x network.

  Tuesday, August 4, 2009 3:13 PM
• 

  

  0

  Sign in to vote

  Hi X_user, Can you ping the 192.168.15.x/24 network from the RRAS server successfully?

  ---

  Wilson Jia - MSFT

  Wednesday, August 5, 2009 1:14 AM
• 

  

  0

  Sign in to vote

  Hi Wilson, no I cannot ping the 192.168.15.x network.
  

  Wednesday, August 5, 2009 1:38 PM
• 

  

  0

  Sign in to vote

  Hi,
  
  Thanks for the response.
  
  You may try to assign a second static IP 192.168.15.x/24 on your RRAS server internal network card.
  
  Ensure the RRAS VPN server is able to access both 192.168.15.x/24 and 221.8.1.x/24 subnet. Then try the VPN client again.
  

  ---

  Wilson Jia - MSFT

  Thursday, August 6, 2009 9:21 AM
• 

  

  0

  Sign in to vote

  Hi,

  I think I have the same problem too.

  my rras server external ip address is 172.20.30.67/24 (G:172.20.30.1) that can reach from an public ip address and rras internal ip address is 172.20.20.131/25 (G:172.20.20.129) and ip pool is 172.20.20.135-140/25

  when one of my vpn clients makes a vpn connection to the server, he can ping internal ip subnet ( 172.20.20.131/25 ) but cannot ping other internal ip subnets such as 172.20.31.0/24.in my case rras server can ping other internal subnets throuh DG.

  the "Use Default Gateway on remote network" option on vpn connection of client is enabled.

  I guess that I have to write a static route on my vpn server. can anybody tell me what route i have to write exactly?

  Saturday, January 8, 2011 10:45 AM
• 

  

  0

  Sign in to vote

  Hello,

  I see this is 9 years old, but still comes up in google of course.

  I have the same problem and this is how I fixed it for myself! On the VPN client I typed this command

  route add 192.168.88.0 mask 255.255.255.0 192.168.10.1 metric 1

  and now I can reach the remote network computers which have subnet 192.168.88.0/24

  before that I tried adding this static route in routing and remote access console, but it does not seem to be applying anywhere even after disconnect/connect of the client it does not appear in routing table so I wonder what this settings should do! :o
  

  Now after running the command I can see this line in route print and it works
  

  192.168.88.0    255.255.255.0     192.168.10.1     192.168.10.2     36

  The problem is I will have to add this route every time I wake up my pc or connect to another network...
  

  
  

  • Edited by Vitezslav Zurek Wednesday, January 8, 2020 3:32 PM

  Tuesday, January 7, 2020 3:53 PM
• 

  

  0

  Sign in to vote

  -p makes it persistent after a reboot, maybe that will help?

  Tuesday, March 17, 2020 11:20 PM