Q

VPN setup nixed Internet access

This Content Component encountered an error

I've set Microsoft's VPN Server in Windows 2000. I believe I am having problems with static routes. If I follow Microsoft's instructions on how to set up the routes, I can connect to the VPN server, log in and access local machines on the LAN OK -- but I cannot access the Internet (this is a requirement for the server). My static routes are set up as follows:

Dest: 10.1.0.0 (internal LAN class)
Mask: 255.255.0.0
Gateway: 10.1.0.1 (LAN Firewall)
Interface: "Intranet" (NIC connected to LAN)
Metric: 1
View: Both

Dest: 0.0.0.0
Mask: 0.0.0.0
Gateway: 10.1.0.1
Interface: "Internet" (NIC Connected to Internet)
Metric: 1
View: Both

Note: I've also yanked the default gateway from the NIC connected to the internal LAN.

If I follow the above configuration I can connect just fine but cannot access the Internet. If I change the second static route's interface to "intranet," certain VPN clients CAN connect.

These clients are ones who are on the same Internet subnet as the VPN server (subnet being public addresses from our ISP). I've tested it and confirmed that the traffic is indeed going through the VPN, then out our firewall.

Any ideas on how to fix this? It is just weird. I go home to my DSL line and it either doesn't connect or tells me I need a certificate. However, if I change the static route (second one) to the MS correct config, I can connect no issues. (So I don't think it's a certificate issue.)

Any ideas would be GREATLY appreciated. I am pulling my hair out over this one.
You can't access the Internet with a 10.x.x.x address, because that's a private non-routable address. Of course you know it's a private address, because that's why you picked it for the VPN. This is good practice. However, to get to the public Internet, you'll need to translate that IP address somehow. The standard ways of doing this are to send requests through a NAT (Network Address Translation) device. Fortunately, Windows 2000 does include NAT capabilities. You should be able to configure NAT so that it translates the source IP address of requests from your 10.x.x.x private network to the public IP address assigned by your ISP. Good luck.

This was first published in October 2002

Dig deeper on Microsoft Windows 2000 Server Administration

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close