First of all, thank you for reading this and I really hope someone can help and fast! So, here's where my issue begins. A mobile user at work logs in via VPN to access our Exchange server for his email and local network resources (i.e. ACT, Shared Folders, etc...). He's been having problems recently staying connected via the VPN while working wireless. Every 15-20 minutes he gets disconnected. So today, he was working from home and it started acting up. He decided to plug it directly into the switch to by pass working wireless. However, in doing so, he no longer has access to the local network but the VPN still connects and his Outlook still works off Exchange. When he goes to click on any of the mapped network drives it kicks back a "Network Path not found" error. He also cannot ping the domain name or the static private IP (192.169.2.10). The weird thing is, RRAS still recognizes him up as a connected user and assigns an IP. I ran an ipconfig on the server and it kicked back this. PPP adapter RAS Server (Dial In) Interface: Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 192.168.2.69 Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : Ethernet adapter Local Area Connection 2: Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 192.168.2.10 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.2.1 Should the adapters be listed on different subnets like that?

Yes, the adapters should be seperated. The PPP adapter RAS Server (Dial In) interface is the adapter used for the VPN clients that connect to your network. It would be beneficial to see the IPCONFIG results for the VPN user during the connectivity issues.Visit my blog: anITKB.com, an IT Knowledge Base.

Here's the ipconfig from the user's side. Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Belkin IP Address. . . . . . . . . . . . : 192.168.2.29 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.2.1 PPP adapter Panamerica: Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 192.168.2.70 Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : 192.168.2.70

Your clients HOME network subnet should not be the same as the one you are using for RRAS VPN services. You should go to your RRAS server and choose a different subnet for RRAS VPN that you know your users are not using at home, possibly a 172.16.x.x subnet since it is unlikely users at home will configure their home routers to use that range. it appears that it may be a simple routing issue from the client side. You can verify that with using TCP/IP tools such as TRACERT to verify where the packets go. For example, in the above configuration what happens if you ping 192.168.2.10? do you see the traffic leaving through the PPP adapter or stay within the home network. ROUTE PRINT should reveal more info about the local routing table on the home system. Visit my blog: anITKB.com, an IT Knowledge Base.

Not quite sure what you mean by changing the subnet. I mean, I understand the concept, but when our router uses NAT doesn't it automatically assign the 192.168.x.x ? As for when I ping 192.168.2.10, it times out. Here's the copy of ROUTE PRINT =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x2 ...00 1e 37 23 d1 6b ...... Broadcom NetLink (TM) Gigabit Ethernet - Packet Scheduler Miniport 0x100004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.29 21 0.0.0.0 0.0.0.0 192.168.2.70 192.168.2.70 1 server ip 255.255.255.255 192.168.2.1 192.168.2.29 20 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 169.254.0.0 255.255.0.0 192.168.2.29 192.168.2.29 30 192.168.2.0 255.255.255.0 192.168.2.29 192.168.2.29 20 192.168.2.29 255.255.255.255 127.0.0.1 127.0.0.1 20 192.168.2.70 255.255.255.255 127.0.0.1 127.0.0.1 50 192.168.2.255 255.255.255.255 192.168.2.29 192.168.2.29 20 192.168.2.255 255.255.255.255 192.168.2.70 192.168.2.70 50 224.0.0.0 240.0.0.0 192.168.2.29 192.168.2.29 20 224.0.0.0 240.0.0.0 192.168.2.70 192.168.2.70 1 255.255.255.255 255.255.255.255 192.168.2.29 192.168.2.29 1 255.255.255.255 255.255.255.255 192.168.2.70 192.168.2.70 1 Default Gateway: 192.168.2.70 =========================================================================== Persistent Routes: None

Based on the ROUTE PRINT, you have an entry: 192.168.2.0 (DEST) 255.255.255.0 (SM) 192.168.2.29 (GW) 192.168.2.29 (INTERFACE) Which means that anything destined for the 192.168.2.x, other than .29 & .70 goes to the gateway 192.168.2.29, not the PPP adapter gateway of 192.168.2.70. Since you internal corporate network is also in the 192.168.2.x range, packets destined for 192.168.2.x wont cross over the PPP adapter. According to your ROUTE table, the packet should stay on your local network. Nothing to do with NAT. In the RRAS configuration, you can specify another subnet range for remote clients (the PPP adapter). Normally with RRAS, either you have the RRAS server use a specific pool of IPs for DHCP for the clients or you configure RRAS to use a corporate DHCP server to issue IPs. Or, on your home network, use a different subnet range (anything other than 192.168.2.x). I would expect that either of these solutions will fix the issue. Visit my blog: anITKB.com, an IT Knowledge Base.

It's been so long since I've done any type of subnetting, anything other than 192.168.2.x would work? So say i.e. 192.168.3.x or 192.168.1.x etc...? Can my PPP adapter and local NIC be on different subnets? My gut feeling says no, but? Wouldn't it be easier to change the subnet on the client's side instead if changing it on the server and router side?

The PPP and NIC can and probably should be on different subnets. The network is defined by the mask so if you are using a /24 (255.255.255.0), 192.168.3.x is on a different network than 192.168.2.x. Just to make sure everything else is working as expeted, if you attempt to reach say google.com, you are able to correct? Traffic destined for any network outside of 192.168.2.x should be leaving through the client's PPP adapter (according to your ROUTE table). Visit my blog: anITKB.com, an IT Knowledge Base.