locked
How do I configure multiple networks in windows 2008 RRS feed

  • Question

  • I have a window 2008 R1SP2 Active Directory domain. I have VPN clients connecting for access to a DB server and all appears to work for ping, file access, etc but the remote application is failing.

    I am wondering if the problem is that active directory is blocking the VPN network segment. How do I add the VPN segment to the allowed segments used by active directory?

    DHCP segment 192.168.144.0

    VPN segment 192.168.12.0

    Thanks,

    Gregg

    Sunday, May 27, 2012 3:41 AM

Answers

  • Hi Gregg,

    Thanks for posting here.

    >RRAS will not take a routing rule because there is only 1 active network adapter. Do I need a Network Policy or something else?

    >The Cisco SA540 router sends radius authentication requests to the Windows server but authentication always fails with error 413 showing on the Cisco client.

    So is this RRAS also domain controller server which contains active directory database ? and Cisco router needs to access this server to read the user information for authentication ? if I misunderstand please let me know.

    It seems we are using VPN service from Cisco I think we have nothing to do here but keeping in touch with Cisco support service .

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    Wednesday, May 30, 2012 5:59 AM
  • Yes, the RRAS is also a domain controller and the Cisco is the one serving the VPN. I ran some packet captures and found the Cisco doesn't seem to be passing authentication request traffic. Also, the Window Server appeared to be blocking CHAP requests because reverse encryptible passwords are not being used.

    I have submitted the case to Cisco and hope to get some answers.

    Thanks for your support!!!

    Gregg

    Thursday, May 31, 2012 7:02 AM

All replies

  • Hi Gregg,

    Thanks for posting here.

    > but the remote application is failing.

    In order to get a better understanding on your issue could you tell us what was the actual error we get when try to connect to internal network through VPN tunnel with using this application ? You mentioned that we can access other internal service with no problem then how did we test that ? access internal file server via IP address or host name ?

    If VPN segment is different from the internals then we need set routing entries on RRAS server , so have we do that yet ?Can these VPN client get the RRAS server ?

    Cannot reach beyond the RRAS server from VPN clients?

    http://blogs.technet.com/b/rrasblog/archive/2006/02/09/cannot-reach-beyond-the-rras-server-from-vpn-clients.aspx

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    Tuesday, May 29, 2012 6:23 AM
  • I now have the DB application working over VPN since I turned off IPS on the Cisco SA540 router.

    I found that I could add the two local networks to Active Directory through Server Manager - Active Directory Sites and Services - Sites - Subnets. It seems that RRAS could not add a route unless I had more than one network adapter.

    The connecting error received by the VPN client is 413. After running Wireshark on the various network segments it appears that the Cisco SA540 radius authentication requests don't make it to the Windows server so I will be working with Cisco to get that working.

    I hope that my research may help someone else. :-)

    Gregg



    Tuesday, May 29, 2012 9:45 PM
  • Hi Gregg,

    Thanks for posting here.

    >RRAS will not take a routing rule because there is only 1 active network adapter. Do I need a Network Policy or something else?

    >The Cisco SA540 router sends radius authentication requests to the Windows server but authentication always fails with error 413 showing on the Cisco client.

    So is this RRAS also domain controller server which contains active directory database ? and Cisco router needs to access this server to read the user information for authentication ? if I misunderstand please let me know.

    It seems we are using VPN service from Cisco I think we have nothing to do here but keeping in touch with Cisco support service .

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    Wednesday, May 30, 2012 5:59 AM
  • Yes, the RRAS is also a domain controller and the Cisco is the one serving the VPN. I ran some packet captures and found the Cisco doesn't seem to be passing authentication request traffic. Also, the Window Server appeared to be blocking CHAP requests because reverse encryptible passwords are not being used.

    I have submitted the case to Cisco and hope to get some answers.

    Thanks for your support!!!

    Gregg

    Thursday, May 31, 2012 7:02 AM