| Author |
Message |
Andy L
Guest
|
 Posted:
Fri Nov 11, 2005 5:50 pm Post subject:
2003 SP1 breaks VPN router on all servers I try |
|
|
Whenever I install SP1 on any of our VPN servers, it breaks the internal
routing on the server. The VPN interfaces connect just fine, just the
routing breaks. I can ping the VPN adaptor IP address on the remote server,
but if I ping the LAN IP address of that same server no response. If I
remove SP1 it comes to life again. This happened to a couple of our VPN
servers when SP1 first came out. We just banned SP1 from our network. But
recently a new location snuck SP1 on their server, and boom, broken again. I
don't see any patches related to this, but since SP1 is acting like an
on/off light switch for our VPN functionality on any server it touches what
could it be? I can happily continue to ban SP1 from our networks, but sooner
or later I'm going to run up against something that requires SP1 installed.
Would be nice to figure this out... Anyone with ideas? |
|
| Back to top |
|
 |
Neteng
Guest
|
| Posted:
Fri Nov 11, 2005 9:50 pm Post subject:
Re: 2003 SP1 breaks VPN router on all servers I try |
|
|
What's your route table look like before and after the SP? Is SP1 enabling
the firewall after the install?
"Andy L" <Droid13@online.nospam> wrote in message
news:OJcZ$Yu5FHA.3636@TK2MSFTNGP09.phx.gbl...
| Quote: | Whenever I install SP1 on any of our VPN servers, it breaks the internal
routing on the server. The VPN interfaces connect just fine, just the
routing breaks. I can ping the VPN adaptor IP address on the remote
server,
but if I ping the LAN IP address of that same server no response. If I
remove SP1 it comes to life again. This happened to a couple of our VPN
servers when SP1 first came out. We just banned SP1 from our network. But
recently a new location snuck SP1 on their server, and boom, broken again.
I
don't see any patches related to this, but since SP1 is acting like an
on/off light switch for our VPN functionality on any server it touches
what
could it be? I can happily continue to ban SP1 from our networks, but
sooner
or later I'm going to run up against something that requires SP1
installed.
Would be nice to figure this out... Anyone with ideas?
|
|
|
| Back to top |
|
|
Andy L
Guest
|
| Posted:
Fri Nov 11, 2005 9:50 pm Post subject:
Re: 2003 SP1 breaks VPN router on all servers I try |
|
|
Firewall won't start (another service using ipnat.sys which I assume is
RRAS). But YES?? there is a change in the routing table. When defining the
VPN interface, a static route is added in RRAS admin tool for the class C IP
address space of the remote network (ie 192.168.10.0 mask 255.255.255.0)
using that same VPN interface to the remote network.
Without SP1 the routing table for that address space looks like this:
Dest / Mask / Gateway / Interface
192.168.10.0 255.255.255.0 0.0.0.0 192.168.32.4
192.168.10.0 255.255.255.0 192.168.32.1 192.168.32.4
With SP1 the routing table only has 1 entry:
192.168.10.0 255.255.255.0 192.168.32.1 192.168.32.4
32.1 is the VPN IP of the remote server, 32.4 is the VPN IP of the local
server.
"Neteng" <neteng.ccie@gmail.com> wrote in message
news:%23GEv6nu5FHA.3976@TK2MSFTNGP15.phx.gbl...
| Quote: | What's your route table look like before and after the SP? Is SP1 enabling
the firewall after the install?
"Andy L" <Droid13@online.nospam> wrote in message
news:OJcZ$Yu5FHA.3636@TK2MSFTNGP09.phx.gbl...
Whenever I install SP1 on any of our VPN servers, it breaks the internal
routing on the server. The VPN interfaces connect just fine, just the
routing breaks. I can ping the VPN adaptor IP address on the remote
server,
but if I ping the LAN IP address of that same server no response. If I
remove SP1 it comes to life again. This happened to a couple of our VPN
servers when SP1 first came out. We just banned SP1 from our network. But
recently a new location snuck SP1 on their server, and boom, broken
again.
I
don't see any patches related to this, but since SP1 is acting like an
on/off light switch for our VPN functionality on any server it touches
what
could it be? I can happily continue to ban SP1 from our networks, but
sooner
or later I'm going to run up against something that requires SP1
installed.
Would be nice to figure this out... Anyone with ideas?
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in