| Author |
Message |
shudson
Guest
|
 Posted:
Mon Apr 11, 2005 1:45 pm Post subject:
RRAS/VPN Win 2003 SP1 |
|
|
We have a simple, two office network set-up, LAN in UK (192.168.1.0/24) and a
LAN in France (192.168.2.0/24) all XP Pro clients. These have been linked for
18 months, using Win2K3 RRAS servers (Demand Dial, Static Route and Address
Pool). With SP1 for Win2k3 installed on the RRAS servers, everything looks OK
(In RRAS Admin) however you cannot connect, or Ping through the tunnel, to or
from clients. RRAS servers can ‘ping’ the whole of the remote LAN. I've used
PING, PINGPATH, TRACERT, ROUTE PRINT and NETDIAG there are no differences in
their results, before or after SP1.
If I take SP1 off (nothing else is changed), everything is fine again. I’ve
tried this many times over the last few days, with 3 different RRAS servers.
Always the same result.
Each client has a route for the remote LAN (for example 192.168.2.0 mask
255.255.255.0) and IP routing is enabled at the RRAS servers
I’m ‘pinging’ using IP Addresses. ‘Ping’ Error is ‘Request Timed Out’
‘Tracert, from any client, stops after (correctly) showing the IP address of
the local RASS server Intranet NIC (for example 192.168.1.1). There is no
Windows Firewall on the RRAS servers (Windows prevents this when RRAS is
ruining).
I know this seems like a RRAS IP Routing issues, However this is a
‘textbook’ set-up that works correctly without SP1 installed. |
|
| Back to top |
|
 |
Robert L [MS-MVP]
Guest
|
| Posted:
Mon Apr 11, 2005 7:57 pm Post subject:
Re: RRAS/VPN Win 2003 SP1 |
|
|
assuming this is firewall issue and server can ping but not client, what's the routing tables on both site? posting them here may help.
For more and other information, go to http://howtonetworking.com.
Don't send e-mail or reply to me except you need consulting services. Posting on MS newsgroup will benefit all readers and you may get more help.
Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.
I recommend Brinkster for web hosting! |
|
| Back to top |
|
|
shudson
Guest
|
| Posted:
Mon Apr 11, 2005 9:09 pm Post subject:
Re: RRAS/VPN Win 2003 SP1 |
|
|
Hi Robert,
Here are the two RASS IP Routing tables...(Hidden Public IP Addresses)
RRAS in UK
Intranet IP 192.168.1.1
Internet IP AAA.BBB.CCC.71
RRAS IP Pool 192.168.1.241 - 192.168.1.250 (10 Addresses)
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 AAA.BBB.CCC.126 AAA.BBB.CCC.71 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.1 192.168.1.1 20
192.168.1.1 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.241 255.255.255.255 127.0.0.1 127.0.0.1 50
192.168.1.242 255.255.255.255 192.168.1.241 192.168.1.241 1
192.168.1.255 255.255.255.255 192.168.1.1 192.168.1.1 20
192.168.2.0 255.255.255.0 192.168.2.241 192.168.2.248 1
192.168.2.241 255.255.255.255 192.168.2.248 192.168.2.248 1
192.168.2.248 255.255.255.255 127.0.0.1 127.0.0.1 50
192.168.2.255 255.255.255.255 192.168.2.248 192.168.2.248 50
XXX.YYY.ZZZ.81 255.255.255.255 AAA.BBB.CCC.126 AAA.BBB.CCC.71 30
AAA.BBB.CCC.64 255.255.255.192 AAA.BBB.CCC.71 AAA.BBB.CCC.71 30
AAA.BBB.CCC.71 255.255.255.255 127.0.0.1 127.0.0.1 30
AAA.BBB.CCC.255 255.255.255.255 AAA.BBB.CCC.71 AAA.BBB.CCC.71 30
224.0.0.0 240.0.0.0 192.168.1.1 192.168.1.1 20
224.0.0.0 240.0.0.0 192.168.2.248 192.168.2.248 50
224.0.0.0 240.0.0.0 AAA.BBB.CCC.71 AAA.BBB.CCC.71 30
255.255.255.255 255.255.255.255 192.168.1.1 192.168.1.1 1
255.255.255.255 255.255.255.255 AAA.BBB.CCC.71 AAA.BBB.CCC.71 1
Default Gateway: AAA.BBB.CCC.126
RRAS in France
Intranet IP 192.168.2.1
Internet IP XXX.YYY.ZZZ.81
RRAS IP Pool 192.168.2.241 - 192.168.2.250 (10 Addresses)
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 XXX.YYY.ZZZ.94 XXX.YYY.ZZZ.81 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.241 192.168.1.242 1
192.168.1.241 255.255.255.255 192.168.1.242 192.168.1.242 1
192.168.1.242 255.255.255.255 127.0.0.1 127.0.0.1 50
192.168.1.255 255.255.255.255 192.168.1.242 192.168.1.242 50
192.168.2.1 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.241 255.255.255.255 127.0.0.1 127.0.0.1 50
192.168.2.248 255.255.255.255 192.168.2.241 192.168.2.241 1
192.168.2.255 255.255.255.255 192.168.2.1 192.168.2.1 20
XXX.YYY.ZZZ.64 255.255.255.224 XXX.YYY.ZZZ.81 XXX.YYY.ZZZ.81 30
XXX.YYY.ZZZ.81 255.255.255.255 127.0.0.1 127.0.0.1 30
XXX.YYY.ZZZ.255 255.255.255.255 XXX.YYY.ZZZ.81 XXX.YYY.ZZZ.81 30
AAA.BBB.CCC.71 255.255.255.255 XXX.YYY.ZZZ.94 XXX.YYY.ZZZ.81 30
224.0.0.0 240.0.0.0 192.168.1.242 192.168.1.242 50
224.0.0.0 240.0.0.0 192.168.2.1 192.168.2.1 20
224.0.0.0 240.0.0.0 XXX.YYY.ZZZ.81 XXX.YYY.ZZZ.81 30
255.255.255.255 255.255.255.255 192.168.2.1 192.168.2.1 1
255.255.255.255 255.255.255.255 XXX.YYY.ZZZ.81 XXX.YYY.ZZZ.81 1
Default Gateway: XXX.YYY.ZZZ.94 |
|
| Back to top |
|
|
Georgi Enchev
Guest
|
| Posted:
Tue Apr 12, 2005 1:46 pm Post subject:
Re: RRAS/VPN Win 2003 SP1 |
|
|
We have exactly the same problem - after applying SP1 to the server at the
head office no ping to remote sites from within the LAN except from the RAS
server itself, however there are many remote sites building site-to-site VPN
with our head office, and there IS connectivity in both directions, only
ICMP seems to be blocked. Also we have ISA 2000 on the central site. |
|
| Back to top |
|
|
Arch Willingham
Guest
|
| Posted:
Wed Apr 13, 2005 9:45 pm Post subject:
Re: RRAS/VPN Win 2003 SP1 |
|
|
I opened up a support call on this same issue about a week ago. They have
acknowledged it is a big and are working on it right now.
Arch |
|
| Back to top |
|
|
Arch Willingham
Guest
|
| Posted:
Thu Apr 14, 2005 1:45 pm Post subject:
Re: RRAS/VPN Win 2003 SP1 |
|
|
They called my cell yesterday but I missed the call. I hit redial and was
told that the number that pops up is the number for a bazillion people. I'm
still waiting but I'll keep y'all up to speed!
Arch |
|
| Back to top |
|
|
Andy L
Guest
|
| Posted:
Tue Apr 19, 2005 11:35 pm Post subject:
Re: RRAS/VPN Win 2003 SP1 |
|
|
Yup, I'll join the crowd. Upgraded one of my 5 VPN/RRAS servers to SP1 and
routing shut down between clients served by that server. Spent a while going
over settings and registry entries looking for changes, but couldn't see
anything. Finally gave up, removed SP1 and it roared back to life... |
|
| Back to top |
|
|
Guest
|
| Posted:
Tue May 03, 2005 11:37 pm Post subject:
Re: RRAS/VPN Win 2003 SP1 |
|
|
Anyone have any update to this? I have the same problem - PPTP server
running fine on 2003 before SP1 update, now won't let my PPTP clients
connect to it at all ("Server didn't respond in a timely manner" or
something)
I guess I'll uninstall SP1 unless I see that someone has a hotfix or
something...
Thanks! |
|
| Back to top |
|
|
shudson
Guest
|
| Posted:
Tue May 24, 2005 12:32 am Post subject:
Re: RRAS/VPN Win 2003 SP1 |
|
|
This solved my problem, hope it helps others…
The ‘Demand Dial’ interfaces on my RRAS servers were slightly
miss-configured (the user name in the login credentials did not match the
remote RRAS Demand Dial interface name). This causes RRAS to think the
incoming connection is a Remote Access Client, no a Demand Dial ‘Router’
Connection.
In pre-SP1 Win2k3 this did not seem to matter, in that Remote Access
Connections behaved the same way as Demand Dial connections
Post-SP1 Win2k3 RRAS does not give Remote Access Connections the same
routing functionality as Demand Dial connections.
Once I got my RRAS Demand Dial interfaces and login credentials names
correctly (so that incoming connections were seen as Demand Dial ‘Router’
connections and not Remote Access Connections, every thing worked fine again
(as per pre-SP1)
This is another case where SP1 shows up a miss-configured pre-SP1 installation
Regards
shudson |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in