Home | Troubleshooting |  Quick Setup  |  Cisco How to  |  Data Recovery  |  Forums   | Blog | IT Exam Practice | Services  | About Us | Chicagotech MVP  | Search  | Contact Us  |                 

 

Routing Issues on VPN

Can ping VPN server only but not other resources
Can't access the internal server when remote client establishes VPN
Can't access the Internet while using VPN
 Can't access the remote network after unchecking  "Use default gateway on Remote Network"
Can't access the remote network from VPN clients
Can my VPN server as a VPN server and also act as a router
TTL expired in transit and Destination host unreachable

Post your questions, comments, feedbacks and suggestions

Contact a consultant

Can ping VPN server only but not other resources

Symptom: after establishing VPN, you can ping and access the VPN server, but not other servers and the network resources.

Cause: 1. incorrect NAT/Firewall settings.
2. ISA/Proxy blocking.
3. Disable IP routing/forwarding.

Can't access the internal server when remote client establishes VPN

Symptoms: Two offices are connected using a vpn. Both offices run W2K servers, RAS & TS. When office A connects to Office B you can not connect to office A from anywhere except from office B. You can not connect using TS, or a vpn connection. In order to gain access to office A, you have to connect to office B, disconnect the client in RAS, then you can connect to office A.

Resolution: When establishing VPN to the office A, the routing table changes. To fix this issue, disable the "Use default gateway" on the Office A VPN server. Or modify the routing table manually.

Can't access the Internet while using VPN

Symptom: after establishing a VPN connection, you may not be able to access the Internet because the VPN takes over your existing connection and all traffic to use the VPN default gateway on the remote network. The remote network may not allow VPN clients to access the Internet via their gateway.

Resolutions:
1) If you don't need to access the entire VPN resources, disable the "use default gateway on remote network" option in the properties of the VPN connection. 
2) Edit route table manually if you know how to or check routing page on this web site.
3) For the security reason, some firewall/routers like Cisco PIX do not allow access the Internet after establishing the VPN and you cannot modify the routing table. You may setup split-tunnel.

Can't access the remote network after unchecking  "Use default gateway on Remote Network"

Symptom: After following above instruction and uncheck "Use default gateway on Remote Network" on VPN connection, you can't access to the remote network any more. For example, your LAN network is 192.0.0.0 and default gateway is 192.0.0.1; the VPN is 192.0.1.0 and gateway 192.0.1.1.that is connecting to the remote network 10.0.0.0. After establishing the VPN connection and unchecking  "Use default gateway on Remote Network", your computer use 192.0.0.1 as gateway instead of 192.0.1.1 and can't find a way to 10.0.0.0 network.

Resolution: you need modify the route table manually or refer to our Routing page on this web. Or check "Use default gateway on Remote Network" on VPN connection.

Can't access the remote network from VPN clients

Symptoms: Your VPN client can ping/access the server but not other computers in the remote network.

Resolutions: 1) if you have two NICs in the VPN server, you may need to enable IP Routing. To do this, go to the RRAS>the Properties of the server>IP, check IP Routing.
2) Make sure you don't uncheck Use the remote default gateway on VPN client's VPN connection.
3) Make sure VPN client's LAN and the remote LAN are using the different IP range and subnet.
4) Check routing table for troubleshooting.

Can my VPN server as a VPN server and also act as a router

SYMPTOMS:  If you enable VPN on a server, the RRAS will accept incoming VPN connections only and secures the RRAS by enabling filters that only accept PPTP or L2TP traffic. Then network traffic over the VPN connections and the internal LAN connection are normal but the RRAS will not forward packets over the interface except PPTP or L2TP traffic.

RESOLUTION: If you want your server to be a VPN server and also act as a router,  you should select Manually configured server from above options and configure the RRAS as a router.

Connectivity issue after enabling VPN in multihomed server

Symptoms: after you enable VPN on a server as a router or with two or more NICs, you may experience some issues. 1) the internal computers can't access the Internet; 2) outside VPN clients can't access the VPN server; 3) can't access the server using TS and VNC form the internal or outside.

Causes: for the security reason, the RRAS modify the routing table and enable incoming VPN connections only so that no other forward packets over the interface except PPTP or L2TP traffic. For consultants, refer to case 090804RL.

TTL expired in transit and Destination host unreachable

Symptoms: After enabling VPN on a Windows 2000 server you may have these issues: 1. From the server, you receive "Destination host unreachable" when ping outside IP.
2. You receive Time out or "Reply from x.x.x.x: TTL expired in transit" when ping the server from outside.

Cause: Outside NIC Filter is enabled.

 

 


Hit Counter   This web is provided "AS IS" with no warranties.
Copyright © 2002-2018 ChicagoTech.net, All rights reserved. Unauthorized reproduction forbidden.