Hi, I'm trying to setup a test deployment of vpn server on my home network - i've virtualised the following servers using VMWare server (each operating in bridged mode): A dns server and domain controller role on windows server 2008r2 - internal ip address 192.168.1.2 vpn server role on windows server 2008r2 - internal ip address 192.168.1.3 All of this sits behind a netgear wireless g model number wgr614v9 router (capable of accepting PPTP). I've setup portforwarding on the following ports: port 1723 - going to the vpn server. I've disabled DHCP on the router and i've configured RRAS on the vpn server and setup network access policy - I've created a simple policy that the user logging in must be a domain user. I've also installed certification authority on the vpn server; creating a certificate on the client machine and deselected use default gateway on internal network on the connection options. The computer connecting via vpn (using an external 3g connection and connecting with windows 7) signs in; it shows up as one of the devices connected to my router and in the RRAS a remote client shows it is connected. However I cannot connect to the internal network - can't see anything in the network or map to a shared folder I've created. I've tried pinging the internal network from my remote client - ping 192.168.1.2 and it just comes up with - Request timed out. I also can't perform nslookup. However if I type ipconfig /all: amongst the PPP adapter settings it says DNS Servers 192.168.1.2 - which I assume it means that it has detected the DNS server on the internal network? I've also tried disabling the firewalls on both the internal servers (as just a test network), but still no joy! I'm a bit lost as to what to try next? Any help or suggestions appreciated!

Hi Mark, Thanks for posting here. If VPN could be properly connected , it’s indicate that this may a route issue. How you set address distribution for remote connection ? Are all servers and remote computers in same IP segment? If different , have you set route on RRAS server ? According the description , seems this is a single NIC RRAS deployment , you may read the method that discussed in the link below first : VPN server deployment: IP Addressing, Routing/NAT, Single vs two NIC http://blogs.technet.com/b/rrasblog/archive/2006/09/20/vpn-server-deployment-ip-addressing-routing-nat-single-vs-two-nic.aspx Meanwhile ,Could you also perform “ipconfig /all” and “route print” on RRAS server and client when VPN connected and post here for further investigation. PS: if you are using PPTP for remote connection then GRE (IP protocol 47) should also be published Service overview and network port requirements for the Windows Server system http://support.microsoft.com/kb/832017 Thanks. Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Mark, If there is any update on this issue, please feel free to let us know. We are looking forward to your reply. Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Tiger Li, Thanks for your help! Here's the info: Microsoft Windows [Version 6.1.7600] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Users\Mark Smith>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : Hades Primary Dns Suffix . . . . . . . : touchstone.com Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : touchstone.com PPP adapter touchstone: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : touchstone Physical Address. . . . . . . . . : DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : 0.0.0.0 DNS Servers . . . . . . . . . . . : 192.168.1.2 NetBIOS over Tcpip. . . . . . . . : Enabled PPP adapter O2 UK: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : O2 UK Physical Address. . . . . . . . . : DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 10.52.224.194(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : 0.0.0.0 DNS Servers . . . . . . . . . . . : 193.113.200.200 193.113.200.201 Primary WINS Server . . . . . . . : 10.11.12.13 Secondary WINS Server . . . . . . : 10.11.12.14 NetBIOS over Tcpip. . . . . . . . : Enabled Mobile Broadband adapter Mobile Broadband Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : HUAWEI Mobile Connect - 3G Network Card Physical Address. . . . . . . . . : 00-1E-10-1F-4E-71 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Wireless LAN adapter Wireless Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter Physical Address. . . . . . . . . : 00-1D-D9-64-60-3B DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetLink (TM) Fast Ethernet Physical Address. . . . . . . . . : 00-1B-38-65-CD-C0 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{B1D579D5-1166-4A60-9072-93C45B953B07}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{360E18A0-C497-4BFB-BB87-EE085113F370}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{67E922BC-4F09-4C8D-B81F-F4A7FDBA4C5E}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:3c11:2665:f5cb:1f3d(Preferred) Link-local IPv6 Address . . . . . : fe80::3c11:2665:f5cb:1f3d%15(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter Reusable ISATAP Interface {402E8CB0-C5C5-4F6E-BBA8-9CFD658EF1B5}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{3994A354-2061-49BD-A466-0F2D450EB7E6}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes

And the routing table: C:\Users\Mark Smith>route print =========================================================================== Interface List 31...........................touchstone 28...........................O2 UK 14...00 1e 10 1f 4e 71 ......HUAWEI Mobile Connect - 3G Network Card 13...00 1d d9 64 60 3b ......Atheros AR5007EG Wireless Network Adapter 11...00 1b 38 65 cd c0 ......Broadcom NetLink (TM) Fast Ethernet 1...........................Software Loopback Interface 1 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 30...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3 32...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 On-link 10.52.224.194 31 0.0.0.0 0.0.0.0 On-link 192.168.1.4 31 10.52.224.194 255.255.255.255 On-link 10.52.224.194 286 94.169.248.174 255.255.255.255 On-link 10.52.224.194 31 127.0.0.0 255.0.0.0 On-link 127.0.0.1 4531 127.0.0.1 255.255.255.255 On-link 127.0.0.1 4531 127.255.255.255 255.255.255.255 On-link 127.0.0.1 4531 192.168.1.0 255.255.255.0 192.168.1.4 192.168.1.4 31 192.168.1.4 255.255.255.255 On-link 192.168.1.4 286 224.0.0.0 240.0.0.0 On-link 127.0.0.1 4531 224.0.0.0 240.0.0.0 On-link 10.52.224.194 31 255.255.255.255 255.255.255.255 On-link 127.0.0.1 4531 255.255.255.255 255.255.255.255 On-link 10.52.224.194 286 255.255.255.255 255.255.255.255 On-link 192.168.1.4 286 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 192.168.1.1 Default =========================================================================== IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 15 58 ::/0 On-link 1 306 ::1/128 On-link 15 58 2001::/32 On-link 15 306 2001:0:5ef5:79fd:3c11:2665:f5cb:1f3d/128 On-link 15 306 fe80::/64 On-link 15 306 fe80::3c11:2665:f5cb:1f3d/128 On-link 1 306 ff00::/8 On-link 15 306 ff00::/8 On-link =========================================================================== Persistent Routes: None

Thanks for your other suggestions, I'll have a look at the article http://support.microsoft.com/kb/832017 - seems quite relevant as I'm only port forwarding 1723 for vpn currently; not for any other services!

Hi Mark, Thanks for update. OK, so you may try configuring router to forward GRE (IP protocol 47) and check if this issue persist. Meanwhile, I’d suggest you may need modify the route settings: Same metric value may cause this issue : Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 On-link 10.52.224.194 31 0.0.0.0 0.0.0.0 On-link 192.168.1.4 31 192.168.1.0 255.255.255.0 192.168.1.4 192.168.1.4 31 please remove the persistent route “0.0.0.0 0.0.0.0 192.168.1.1 Default “ first and modify the interfaces binding order and make interface “touchstone” top of the list. After that please restart your computer and check if this issue still persist. For how to modify the binding order, you may refer to the steps below: •Click Start, click Run, type ncpa.cpl , and then click OK. •You can see the available connections in the LAN and High-Speed Internet section of the Network Connections window. •On the Advanced menu (press “Alt” to show , if you are using windows vista/7 ), click Advanced Settings, and then click the Adapters and Bindings tab. •In the Connections area, select remote access connections touchstone. Use the arrow buttons to move the connection to the top of binding order list. Thanks. Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Tiger Li, Sorry for not responding sooner - christmas got in the way! I went through the port requirements document that you posted the link too: Service overview and network port requirements for the Windows Server system http://support.microsoft.com/kb/832017 And port forwarded the following ports: 1723 - vpn 137-139 - enable browse 135 - certificate services 1024 - 1030 - certificate services 53 - dns Everything now appears to work ok - can browse and ping the network when connected! However this now only works intermittently - I can connect everytime to the network - but cannot always ping or connect to the other computers. I don't suppose you'd have any suggestions as to why this would happen?

Hi Mark, Thanks for update Can you check if it works with checking “use default gateway on remote network” option in TCP/IP Properties of VPN connection or making remote connection top of binding order list and check if this issue persist . Please following the workaround in the links below: · Right-click the VPN connection on remote client , and then click Properties. · Click the Networking tab, click Internet Protocol (TCP/IP) in the Components checked are used by this connection list, and then click Properties. · Click Advanced, and then click to check the Use default gateway on remote network check box. · Click OK, click OK, and then click OK. OR Please backup registry before perform following workaround first. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base: 322756 How to back up and restore the registry in Windows To work around this problem, edit the registry to move the Remote Access Services connection to the top of the binding order: Click Start, click Run, type regedit32 in the Open box, and then click OK. Click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage In the right pane, double-click Bind. In the Value data box, select the "\Device\NdisWanIp" item, press CTRL+X, click the top of the list of devices, and then press CTRL+V. Click OK, and then quit Registry Editor. Thanks. Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.