Win2k3 AD VPN , Can connect, cannot access resources

[joeyadms]

Ok I have tried this on 3 different machines, 2 of which are 2k3, 1 being XP pro. None have worked here at the office, however as a test, I tried the same steps on my home network with XP Pro and everything works flawlessly.

Here are the PC's:
DC1 - 192.168.86.201 - VPN Server
DC1 - 192.168.86.10 - Server PPTP Connection
SERVER - 192.168.86.203 - Web Server
PC1 - 192.168.1.3 - Home Workstation
PC1 - 192.168.86.11 - Workstation PPTP Connection

I used RRAS from admin tools to create a remote access server for Active Directory, (ive also used the new connection approach ignoring AD and using local accounts), and forwarded TCP 1723, IP 47 on the router. There are no firewalls enabled. I've allowed Dial-in access for some users in AD.

Now at home, when I try a VPN connection to the office, it connects perfectly. However, I cannot access any resources on the office network, not by IP or anything. The only thing I can ping is x.x.86.10 which is the PPTP connection on the VPN Server, and the VPN server can ping x.x.86.11 which is the workstations PPTP connection, but that is where it stops.

The VPN Server has 1 ethernet adapter. As you can see from the routing above, the networks are not in conflict, and as I said going from work to home is perfect.

Thanks for any help.

 

[ITPangaeaArchitect]

ok i cant begin enough to tell you how much of a HUMONGOUS security hole you opened up. RRAS needs to come off the DC, no matter what....this is just a hugely bad idea with even bigger security implications.

it sounds to me like the IP settings for incoming clients are off, as is the routes between the RRAS interface and the internal network.

Again, this is a MAJORLY BAD CONFIGURATION that should be done away with immediately.

-Brandon Wilson
MCSE:Security00/03
MCSA:Messaging00
MCSA:Security03
A+