My current setup is this. I have a Cisco Pix 506E firewall used to connect to my local network, using Cisco VPN client, and it works fine when users connect. I setup a remote access server, with VPN, in order for my users to validate themselves on the domain after the Cisco connection. The RRAS server has only one network card. Our office has a VPN connection with our head office which works fine when on the local network but I have problems with remote users trying to access the head office through our VPN when they are away from the office.
My local network IP is 192.168.203.0 and the head office is 10.0.0.0. My server IP is 192.168.203.14 (NIC IP) My RRAS configuration has Routing (LAN and demand dial routing) and remote access server enabled. On the IP settings I have allow IP based remote access and demand dial connections enabled and IP-Routing disabled. My port configuration on the windows RAS server is 20 PPTP connections and none for the rest of the ports. My IP routing settings are as follows: My general settings are the local area connection has the IP of the NIC on the server, the internal connection has an IP assigned by the DHCP server and the loopback connection. I don’t have any static routes configured. DHCP relay is enabled and IGMP version 3 is enabled. My remote access policy is NAS port type matches Virtual VPN and windows group matches domain users.
What I want to do is to be able to get my remote users to access the head office VPN. I had it working at one point. When the users would log in to the Windows VPN, they could access the head office and the internet. But, I was trying to tweak it a bit and have since lost the ability to connect to the internet and the head office. I have been trying to get it back for a few months but I have not been successful.
Another problem is at one point I had IP-routing enabled on the server (right click the server name, select properties and click on IP) and when a remote user connects, after 30 seconds, the user could only gets a response from the RAS server and no other part of my local network. The RAS server can be pinged (the NIC IP) but any other IP address get timed out. Disabling that solved that problem however, when a user is at the head office and tries to connect to get validated by my RAS server, I get the same problem when IP-routing is disabled. I have to enable it to get the user at the head office to access other IP’s. BTW the users at head office only need to validate on our network to do their timesheet.
My local network IP is 192.168.203.0 and the head office is 10.0.0.0. My server IP is 192.168.203.14 (NIC IP) My RRAS configuration has Routing (LAN and demand dial routing) and remote access server enabled. On the IP settings I have allow IP based remote access and demand dial connections enabled and IP-Routing disabled. My port configuration on the windows RAS server is 20 PPTP connections and none for the rest of the ports. My IP routing settings are as follows: My general settings are the local area connection has the IP of the NIC on the server, the internal connection has an IP assigned by the DHCP server and the loopback connection. I don’t have any static routes configured. DHCP relay is enabled and IGMP version 3 is enabled. My remote access policy is NAS port type matches Virtual VPN and windows group matches domain users.
What I want to do is to be able to get my remote users to access the head office VPN. I had it working at one point. When the users would log in to the Windows VPN, they could access the head office and the internet. But, I was trying to tweak it a bit and have since lost the ability to connect to the internet and the head office. I have been trying to get it back for a few months but I have not been successful.
Another problem is at one point I had IP-routing enabled on the server (right click the server name, select properties and click on IP) and when a remote user connects, after 30 seconds, the user could only gets a response from the RAS server and no other part of my local network. The RAS server can be pinged (the NIC IP) but any other IP address get timed out. Disabling that solved that problem however, when a user is at the head office and tries to connect to get validated by my RAS server, I get the same problem when IP-routing is disabled. I have to enable it to get the user at the head office to access other IP’s. BTW the users at head office only need to validate on our network to do their timesheet.
