VPN and NAT - Lan Clients will not connect to internet while VPN running

VPN and NAT - Lan Clients will not connect to internet while VPN running

Post by Jonatha » Mon, 18 Aug 2003 14:42:44


I have a windows 2000 server machine with two nic's one
connected to a cable modem and the other to my lan. I
have the server configured to use nat to provide internet
access to lan. When I try to configure a VPN so employees
can access the lan from home, none of the lan computers
can connect to the internet, but internet users can access
the lan. Either one will work by itself, but I can't get
both at the same time.

Cable modem ---- Nic1 ---- Server ---- NIC2 ---- Switch

I know there has to be something I am missing somewhere.
Can someone please help.

Thanks,
Jonathan
 
 
 

VPN and NAT - Lan Clients will not connect to internet while VPN running

Post by Bjoern Wol » Mon, 18 Aug 2003 19:47:40

Hi,

check your routing on your server if a VPN user is connected. Maybe the
default route is set to VPN if a VPN User connects.

Do this on your Server:
route print
And on one LAN Client do this:
tracert www.heise.de

pls post your results.

cu
Bjoern Wolfgardt

"Jonathan" < XXXX@XXXXX.COM > schrieb im Newsbeitrag

 
 
 

VPN and NAT - Lan Clients will not connect to internet while VPN running

Post by Bill Gran » Tue, 19 Aug 2003 11:39:34


What IP addresses are you using? The router to server link must be in a
different IP subnet from the LAN machines. A simple diagram would help. eg

Internet
|
public IP
router
IP?
|
IP?
RRAS
192.168.0.1 dg blank
|
workstations
192.168.0.x dg 192.168.0.1
 
 
 

VPN and NAT - Lan Clients will not connect to internet while VPN running

Post by Jonatha » Tue, 19 Aug 2003 12:21:31

In my server the network card connected to the internet
has a static public IP address and the network card
connected to my lan has a static IP of 192.168.0.1 .

Cable modem
|
|
NIC1 - 68.106.154.76
RRAS SERVER
NIC2 - 192.168.0.1
|
|
Workstations have DHCP assigned IP's from 192.168.0.2 -
192.168.0.25

With RAS and VPN running my workstations can ping each
other and the 192.168.0.1 NIC, but cannot ping any IP
addresses outside the lan. As soon as I disable the RAS
and the VPN they can access the internet.


server link must be in a
diagram would help. eg


internet
employees
access
 
 
 

VPN and NAT - Lan Clients will not connect to internet while VPN running

Post by Bill Gran » Tue, 19 Aug 2003 19:43:10


That doesn't make a lot of sense. If you disable RRAS you disable NAT,
and the private addressed clients shouldn't be able to get to the Internet.

Exactly what is on the public side of the server. Is there a router of
some sort? Are you using PPPoE?