I'd trying to setup our Win 2K8 R2 as a site-to-site RRAS server. Here is the current configuration:
HQ (192.168.0.x/24):
-Server 192.168.0.20
-Server's RRAS virtual interface 192.168.0.103
-User "site1" is assigned a static dial-in IP of 192.168.0.91, and a static dial-in route for 192.168.91.0/24 is also setup in active directory user panel)
Site 1 (192.168.91.x/24):
-Router (vpn client) 192.168.91.1
-Set to "dial" HQ as user site1
-VPN NAT turned OFF
What happens "right":
-Connection works fine
-Server auto-assigns the vpn client 192.168.0.91
-Server RRAS virtual interface (192.168.0.103) shows a new ARP entry for 192.168.0.91
-Server auto-adds a static route:
*Destination/netmask 192.168.91.0/24
*Gateway 192.168.0.91 (vpn client's address)
*Interface 192.168.0.103 (server rras virtual interface)
Now the problem:
-From site1's router (vpn client), I can ping any device on the 192.168.0.0/24 subnet. I assume this is because they are responding to the device they see as 192.168.0.91
-From site1's network, devices can send pings to any 192.168.0.0/24 device, but get no response
-From site1's network, devices can successfully ping 192.168.0.91
-From HQ server (vpn server), I can successfully ping 192.168.0.91
-From HQ server, ping attempts to any device on 192.168.91.0/24 subnet, including 192.168.91.1, return "General failure".
Thoughts? More info required?
HQ (192.168.0.x/24):
-Server 192.168.0.20
-Server's RRAS virtual interface 192.168.0.103
-User "site1" is assigned a static dial-in IP of 192.168.0.91, and a static dial-in route for 192.168.91.0/24 is also setup in active directory user panel)
Site 1 (192.168.91.x/24):
-Router (vpn client) 192.168.91.1
-Set to "dial" HQ as user site1
-VPN NAT turned OFF
What happens "right":
-Connection works fine
-Server auto-assigns the vpn client 192.168.0.91
-Server RRAS virtual interface (192.168.0.103) shows a new ARP entry for 192.168.0.91
-Server auto-adds a static route:
*Destination/netmask 192.168.91.0/24
*Gateway 192.168.0.91 (vpn client's address)
*Interface 192.168.0.103 (server rras virtual interface)
Now the problem:
-From site1's router (vpn client), I can ping any device on the 192.168.0.0/24 subnet. I assume this is because they are responding to the device they see as 192.168.0.91
-From site1's network, devices can send pings to any 192.168.0.0/24 device, but get no response
-From site1's network, devices can successfully ping 192.168.0.91
-From HQ server (vpn server), I can successfully ping 192.168.0.91
-From HQ server, ping attempts to any device on 192.168.91.0/24 subnet, including 192.168.91.1, return "General failure".
Thoughts? More info required?