locked
Windows 2012r2 VPN Server RRS feed

  • Question

  • I have set up a simple VPN server within windows 2012r2 server.

    It has two Nics one on the DMZ and one of the internal network

    I assign the VPN to give out a static address pool but it will only ping the VPN Server when connected.

    Internal NIC 10.0.0.2

    DMZ NIC 192.168.254.135

    Static IP Range 172.0.0.100 - 172.0.0.120

    What is the issue, I am assuming that this is some kind of routing problem

    Tuesday, July 21, 2015 10:59 AM

Answers

  • VPN clients should get an IP address in the internal range to allow access to internal resources.

    Also, while configuring RRAS, be sure to select custom configuration > select VPN and "LAN ROUTING"

    If your internal networks spans across different subnets, you will need to use "Force Tunneling" to ensure that the VPN client contacts the internal gateway to get to the other subnets

    • Proposed as answer by Leo Han Monday, August 3, 2015 7:57 AM
    • Marked as answer by Leo Han Wednesday, August 5, 2015 5:25 AM
    Wednesday, July 22, 2015 4:33 PM

All replies

  • Hi Proactis,

    I suppose it is related to the routes on clients. To be able to ping IP addresses of other subnets, corresponding routes are needed.

    To check the routes on clients, we could open Command Prompt and type route print. If there is no route to the subnet, we may add manually or use default gateway on remote network.

    To enable the setting, open Properties of VPN connection. Choose Network tab and double click IPv4. Click Advanced and we could see the check box.

    Then reconnect VPN and try again.

    Best Regards,

    Leo


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.



    • Edited by Leo Han Wednesday, July 22, 2015 1:25 AM
    Wednesday, July 22, 2015 1:24 AM
  • VPN clients should get an IP address in the internal range to allow access to internal resources.

    Also, while configuring RRAS, be sure to select custom configuration > select VPN and "LAN ROUTING"

    If your internal networks spans across different subnets, you will need to use "Force Tunneling" to ensure that the VPN client contacts the internal gateway to get to the other subnets

    • Proposed as answer by Leo Han Monday, August 3, 2015 7:57 AM
    • Marked as answer by Leo Han Wednesday, August 5, 2015 5:25 AM
    Wednesday, July 22, 2015 4:33 PM