2003 server VPN issue

March 28, 2009 at 20:05:24
Specs: vista 64/xp/2003, 4 gb ram
ive set up a vpn on server 2003. ive tried to do a lot of research but found it hard to answer my issue exactly based on other peoples issues. here is mine: vpn server with 2 nics. server is behind router running a pptp tunnel. i have tcp 1723 and gre protocol 47 forwarded to server. i can connect no problem to vpn both inside and outside my lan. i want to be able to access another computers shared folder which i have the correct permissions for. my problem is i cannot ping or connect to that computer by dns name. however since it also has a static ip. i can connect and ping to it via the ip. so my issue is name resolution. now i have heard some ridiculous things and some things im just not too familiar in. ive heard things like let the clients get ips by the dhcp server and not have a preset range, ive heard set up a dns forward lookup zone, ive heard i need to add static routes on the vpn server. ive heard that you are not supposed to be able to reach otehr pcs other then the vpn server. i just want to know what needs to be done. my clients are set to NOT use the remote gateway, and to obtain an ip form a set specified by the server. i do not have nat or firewall issues on the server as far as i know ( since firewall is off and nat was not set up in rras) the preset ip range is outside that issued by dhcp but obviously follows the same subnet and network addressing scheme for the lan. im not too familiar with rras yet and any help would be EXRTEMELY appreciated. thanks ahead of time.

See More: 2003 server VPN issue

Report •


#1
March 28, 2009 at 20:27:33
Why do you need 2 NICs? What happens if you temporarily disable one NIC?

Report •

#2
March 28, 2009 at 20:58:25
its best to have two nics, one to be used as the connection to the net and the other for connection to your lan. its also the recommended microsoft way from what i can see. that shouldnt be the problem. good to hear a response so soon. any reason why you think my second nic would cause a problem? or any other ideas out there?
*UPDATE* i was reading another post and saw someone again specify something similar to this being dns related, which sounds right. and they talk about adding a host record into the local dns forward zone that points to the dns server. in this case i have two, the vpn server itself has dns on it and my local home router which i think has a dns record for the pcs on my network. my home network is comprised of a domain and a workgroup. however the shared folder i need to access is on the domain and it appears there is a dns record for it as well. so im a bit confused. again im only starting with this stuff and any help or ideas will be appreciated.

Report •

#3
March 29, 2009 at 06:33:23
Windows doesn't handle dual NICs well at all. Is the server behind the router with an internal IP address on both NICs?

A forward lookup zone in Active Directory may work but if you say it already exists, try a hosts file.


http://www.blurtit.com/q968828.html

http://technet.microsoft.com/en-us/...


Report •

Related Solutions

#4
March 29, 2009 at 12:12:01
the server is behind the router. so it shoudlnt be impossible to configure it to use one nic. both nics have static ip addresses belonging to the lan yes. i coudl try adding some things to the hosts file. but what if i want to access shares on machines that obtain their ip form dhcp? the ip woudl change every once in a while and i would have to update the hosts. i thought dns should have name records of the machines. maybe i should remove the dns server function from my vpn as i dont really need it? ill try adding to the host file though.
*UPDATE* adding to the hosts file of the vpn server didnt work... and having to manually add to the hosts file of any of the clients isnt a very good solution. i think im gonna try removing the dns server functionality of my vpn as it isnt really needed and maybe i didnt set it up right.
*UPDATE 2* tried removing the dns server function on my windows 2003 vpn server and rely on my home router. still no luck. however i can still ping by ip to other computers, and can even ping the vpn server by dns name. however i still cant ping other computers by name.

Report •

#5
March 29, 2009 at 18:43:29
Give all machines a static IP address.

Report •

#6
March 29, 2009 at 19:37:03
thanks, but i dont know if i consider that a real solution. that means i still cant resolve names and have to do everything based on ip alone.

Report •

#7
March 29, 2009 at 19:52:31
I prefer static IPs whenever possible, for a number of reasons. The fact that it's a work around for your problem is only one of them but fits none the less.

Report •

#8
March 29, 2009 at 20:40:17
i can see advantages in having static ips. but i shoudlnt have to rely on static ips for different client computers. plus having to map network drives by ip isnt hard its just annoying considering i should be able to do name resolution. ping by name, map by name, etc... my main computers like the domain controller, vpn and file server all have static ips. while i appreciate your help, i am really trying to get the name resolution to work. is there any ideas you have for reasons why name resolution woudlnt be working for the vpn clients?

Report •

#9
March 30, 2009 at 05:24:26
http://www.chicagotech.net/namereso...

There is a lot on it there. ^^

I have another question. What version of Windows is the VPN server running?


Report •

#10
March 31, 2009 at 23:49:07
its running windows 2003 server. ill see if i can test some of the things on that page in the morning.
*UPDATE* i tried a few things on the list and some of my own. its still not doing name resolution. i noticed a few things like the vpn client have a subnet of 255.255.255.255 when the internal network is on a 255.255.255.0 now im not sure if its requests are just being routed into my network, but it sounds a little funny. however i wouldnt be surprised if it was normal. another thing is the routing table doesnt show anything for a destination to my primary dns server (home router). whats your take on this?

Report •


Ask Question