apparently the Vista network stack is totally different than XP. i have a gateway to gateway VPN connection that works perfectly in XP but is a total no go in Vista. at first i thought it might be a firewall issue so i shut that off but still get 'destination host unreachable' when i try to ping the other router. this is starting to drive me nuts as to why it doesnt work. i really want to stay in Vista but i have to dual boot to XP to take care of remote access of networks and just unable to in Vista. i am running 64bit Business on this machine [which seems to have other issues as well with the RAID drives on my MOBO but thats a whole other issue]. i tried to disable TCP/IPv6 like suggested somewhere else but no luck. any other suggestions? i have googled this so many ways and can find no answers to this. please help! it is something in Vista. my routers are configured correctly to communicate and do work in XP. i cant even use the client VPN software either... which eventually i will have to figure out a solution to that as my clients upgrade to Vista, but right now i am keeping them in XP until i figure these issues out and the manufacturers release a VPN client that works. i am getting more and more disappointed in Vista with the lack of manufacturers getting drivers working, lack of 64bitapplications,and everything else... the only thing keeping me here is the 8GB RAM i can access on my workstation for multiple applications to access.

Hello, Based on my experience and research, the problem occurred because there were two default gateways set on the two NICs respectively. However, Windows can only use one default gateway at a certain time. The recommended way to set up the VPN server is as follows: 1. Remove the default gateway on the internal NIC. 2. Add static routes on the RRAS server to access the internal subnets. To allow VPN clients to access the Internet, you need to enable NAT on the server and open the corresponding ports on the external NIC. To configure VPN clients to use a separated IP subnet, you can configure the RRAS server to assign IP address from a static IP address pool and advertise the IP subnet on the switch. Hope it helps! If I misunderstood your concern, please feel free to let me know. Cheers, Lionel

you must have two gateways as seperate addresses for it to even connect with the respective gateways. the VPN tunnelsare built into the routers... they are connected and working. so the tunnel is there and in tact. in XP i just can easily access the remote network drives, printers and so forth. in Vista, NADA. there must be some setting in Vista i am overlooking or has changed. i hear CHAP/CHAPv1 is gone in Vista but is that applicable in this situation where i have two hardware VPN endpoints? i also have heard TCPIPv6 messes with it which i disabled on the Vista machine and that didnt work. i havent even bothered to try to get into a VPN client>gateway in Vista yet.

All of my gateway to gateway VPN links are Windows Server 2003 to Windows Server 2003 gateways, and they are all working. I have a BEFSX41 for my home router, and I can establish a VPN connection to other VPN endpoints via IPSec, and they work as well. (I have Vista Ultimate x64.) But there are many factors that could be causing the problem you are having. For gateway to gateway scenarios, you may want to check your local routing table on the Vista machine. I have seen routing tables on Vista that have the wrong Network ID and subnet mask combinations, which will prevent routing from working properly (which includes any gateway to gateway routing). This happens quite frequently if you are using addresses in the 10.x.x.x range on either the local or remote networks. (See below for an example of this anomaly... it occurrs every time with a VPN connection to a 10.x.x.x network.) I hope that this gives you one more place to look... I share your frustration with Microsoft's ignorance with their networking disaster that they call Vista. In case you experience any VPN issues from your Vista box to a RRAS Server, read on... Otherwise, you can ignore the following related information... For VPN issues in general, It should be noted that Microsoft completely destroyed normal VPN functionality in Vista in three key areas: 1) DNS Server addresses are used in reverse order from the order that the server side issues them. Also, you cannot get Vista to correct the problem by statically assigning the addresses since it will still use the addresses provided by the server side before using the static addresses. 2) DNS Domain Name suffixes that are provided by the RRAS server are ignored (but you can manually enter them for each connection as long as you do not need to dynamically assign them based on RADIUS logon credentials, as more complex networks do.) 3) The Network ID and subnet mask values are entered into the local routing table based on the IP address issued by the RRAS server instead of using what the RRAS server gives out. For example, if you are establishing a VPN connection to a network that uses a network of 10.1.1.0/24 (aka 10.1.1.0 mask 255.255.255.0), and then to a second VPN connection to a network that uses 10.2.2.0/24, you will find that you lose connectivity to the first network, even though Vista shows that you are still connected. The truth is that you actually are still connected to both networks, but your routing table is now corrupt. In this example, the routing table should have (among other entries) two routes that look like this (likely with different gatweway and interface addresses): Network Destination Netmask Gateway Interface Metric 10.1.1.0 255.255.255.0 10.1.1.25 10.1.1.27 11 10.2.2.0 255.255.255.0 10.2.2.21 10.2.2.29 11 But in Vista, when you establish the first connection you get this: Network Destination Netmask Gateway Interface Metric 10.0.0.0 255.0.0.0 10.1.1.25 10.1.1.27 11 And, when you establish the second connection, instead of getting a second entry, the first one is overwritten like this: Network Destination Netmask Gateway Interface Metric 10.0.0.0 255.0.0.0 10.2.2.21 10.1.1.29 11 To correct this, even after establishing both VPN connections, you can delete the 10.0.0.0 route entry, and add the two entries that are correct. Once you do that, you will immediately regain access to both remote networks. Has anyone other than myself reported these issues to Microsoft? I think the only way we can get them to fix their broken product is for all of us to call and complain like I have. The more voices that are heard, the more pressure Microsoft be under to fix what they broke. I wish you and everybody else with Vista networking issues the very best. PS - These Operating Systems do not have these problems: Windows XP, Linux, Mac OS, etc...