locked
VPN client cannot access internal network after a VPN connection established RRS feed

  • Question

  • Dear Experts,

    We using MS TMG server as our VPN server, it already working for 3 years.

    But from 7 days ago, we found a very strange problem that VPN clients cannot access internal network although VPN connected.

    As checking the route table of TMG server, we found all routing entries for VPN clients lost when the problem happened.

    For example, we set VPN client IP range in TMG is 10.212.226.1 ~ 10.212.226.250, with 5 clients have VPN connected with TMG server, normal situation the routing entries should be like this:

    10.212.226.1  255.255.255.255         On-link      10.212.226.1    277
    10.212.226.6  255.255.255.255     10.212.226.6     10.212.226.1     22
    10.212.226.7  255.255.255.255     10.212.226.7     10.212.226.1     22
    10.212.226.11  255.255.255.255    10.212.226.11     10.212.226.1     22
    10.212.226.14  255.255.255.255    10.212.226.14     10.212.226.1     22
    10.212.226.18  255.255.255.255    10.212.226.18     10.212.226.1     22

    With above routing table, all 5 VPN clients working fine, they can access internal network. But once the problem happened, then only below one VPN routing entry can find in routing table, others are all missing.

    10.212.226.1  255.255.255.255         On-link      10.212.226.1    306

    At this moment, all VPN clients cannot access internal network although they still connected. This problem can be solved after a server reboot. But it would happen after several days. 

    Looking for your support and feedback. Thank you very much.

    Best regards,

    Jiali Feng

    Thursday, June 19, 2014 6:12 AM

Answers

  • Hi,

    Did you run the command below?

    route -p add 10.212.226.0 mask 255.255.255.0 10.212.226.1

    In addition, if you want to assign an interface for the route, you can add the interface index after "if" to specify the interface index for the interface over which the destination is reachable. You can find you interface list and interface index by running “route print” at the command prompt.

    Best regards,

    Susie

    Tuesday, June 24, 2014 9:44 AM
    Moderator

All replies

  • Try adding a persistent Route for

    10.212.226.1 ~ 10.212.226.250 gateway as 10.212.226.1.

    Syntax : route -p add Network mask 255.255.0.0 Gateway

    Thursday, June 19, 2014 9:13 AM
  • Hello Guna,

    Thanks for your support. 

    We tried this already, but I cannot assign the proper interface in command route add,

    i.e. 

    In command "route -p add 10.212.226.7 mask 255.255.255.255 10.212.226.7 IF ? ", how can I assign the proper interface 10.212.226.1?

    Following parameter "IF", the value should be the number of interface, but there are only two interfaces on that server, one is internal NIC, another one is external NIC.

    Any idea?

    Best regards,

    Jiali Feng

    Thursday, June 19, 2014 12:58 PM
  • Hi,

    Did you run the command below?

    route -p add 10.212.226.0 mask 255.255.255.0 10.212.226.1

    In addition, if you want to assign an interface for the route, you can add the interface index after "if" to specify the interface index for the interface over which the destination is reachable. You can find you interface list and interface index by running “route print” at the command prompt.

    Best regards,

    Susie

    Tuesday, June 24, 2014 9:44 AM
    Moderator
  • Hi,

    Anything updates now?

    If you need further assistance, please feel free to let us know.

    Best regards,

    Susie

    Tuesday, July 1, 2014 2:11 AM
    Moderator