Hi, we have an ISA server 2000 acting as a firewall/VPN server. Our VPN clients conect to our network and have no problems. However, we would like remote clients to access another subnet in our network. Namely, our VOIP server. Here are the config info. 1. Local network IP addresses: 192.168.10.x/24 2. 2nd local network IP addresses: 192.168.15.x/24 Currently, our VPN clients can only access the 192.168.10.x network. How can we configure our RRAS so that these VPN clients can acccess both networks? Pls advise, thks.

Do the clients currently get IP addresses in the 192.168.10 subnet? If they do, this won't be easy. That method, which is called on-subnet addressing, is not suited to a routed network. It is a quick and easy method to set up, but it relies on the server doing proxy ARP on the LAN for the remotes. No real IP routing is done (because they are all in the same IP subnet). To get access to other subnets on the LAN, you need to use off-subnet addressing. Youuse a different IP subnet for the remote clients (using a static pool of addresses). You then route this subnet as you would route any other subnet in your network. Are you planning to give remote clients access to VOIP?VOIP over VPN sounds a bit dicey to me. HAve you tested that it works OK?Bill

Yes, the clients get the 192.168.10 subnet IP addresses. The 192.168.15.x IP range is for our VOIP system only. Apparently, our sister company uses the same IP scheme but they use a SonicWall VPN server and it works for their VPN clients using their VOIP phones.

Hi Customer, Thank you for posting here. According to your description, youd like to configure a RRAS server to allow the VPN clients to access 2 different subnet resources. If I have misunderstood the problem, please do not hesitate to let me know. The RRAS feature in Windows 2003 is able to do the job for you. To access 2nd Local network resource, please following the steps: 1. Configure the RRAS server for your VPN clients, please refer to the KB article: http://support.microsoft.com/kb/323381 2. Add a static route to access 2nd Local network in the RRAS console. a) Click Start, point to Administrative Tools, and then click Routing and Remote Access. b) In the console directory, click your_server_name. c) Expend IP routing, select the Static Routes. d) Right click the right panel, choose New Static Routes. e) Choose the Interface to RRAS servers internal network card, fill in Destination 192.168.15.0, Network mask 255.255.255.0, Gateway 192.168.10.x (RRAS servers internal network card IP address here), Metric 1, OK Wilson Jia - MSFT

Hi Wilson, thank you for your reply. I'm sorry but I've given the incorrect info here. Our local IP addr is 221.8.1.x/24 and the other IP that I want the remote access users to get to is 192.168.15.x/24 network. Sorry for the confusion guys. Hope this clear up things. Pls advise, thks.

Hi,In this case, you can change the Static Routes GatewayIPto 221.8.1.x/24 according to the intruction step e. Thanks.Wilson Jia - MSFT

Thanks Wilson. It didn't work. When I tried VPN into our network, I cannot ping the 192.168.15.x network.

Hi X_user, Can you ping the 192.168.15.x/24 network from the RRAS server successfully?Wilson Jia - MSFT

Hi Wilson, no I cannot ping the 192.168.15.x network.

Hi, Thanks for the response. You may try to assign a second static IP 192.168.15.x/24 on your RRAS server internal network card. Ensure the RRAS VPN server is able to access both 192.168.15.x/24 and 221.8.1.x/24 subnet. Then try the VPN client again. Wilson Jia - MSFT

Hi, I think I have the same problem too. my rras server external ip address is 172.20.30.67/24 (G:172.20.30.1) that can reach from an public ip address and rras internal ip address is 172.20.20.131/25 (G:172.20.20.129) and ip pool is 172.20.20.135-140/25 when one of my vpn clients makes a vpn connection to the server, he can ping internal ip subnet ( 172.20.20.131/25 ) but cannot ping other internal ip subnets such as 172.20.31.0/24.in my case rras server can ping other internal subnets throuh DG. the "Use Default Gateway on remote network" option on vpn connection of client is enabled. I guess that I have to write a static route on my vpn server. can anybody tell me what route i have to write exactly?