Problem solve Get help with specific problems with your technologies, process and projects.

VPN setup nixed Internet access

I've set Microsoft's VPN Server in Windows 2000. I believe I am having problems with static routes. If I follow Microsoft's instructions on how to set up the routes, I can connect to the VPN server, log in and access local machines on the LAN OK -- but I cannot access the Internet (this is a requirement for the server). My static routes are set up as follows:

Dest: (internal LAN class)
Gateway: (LAN Firewall)
Interface: "Intranet" (NIC connected to LAN)
Metric: 1
View: Both

Interface: "Internet" (NIC Connected to Internet)
Metric: 1
View: Both

Note: I've also yanked the default gateway from the NIC connected to the internal LAN.

If I follow the above configuration I can connect just fine but cannot access the Internet. If I change the second static route's interface to "intranet," certain VPN clients CAN connect.

These clients are ones who are on the same Internet subnet as the VPN server (subnet being public addresses from our ISP). I've tested it and confirmed that the traffic is indeed going through the VPN, then out our firewall.

Any ideas on how to fix this? It is just weird. I go home to my DSL line and it either doesn't connect or tells me I need a certificate. However, if I change the static route (second one) to the MS correct config, I can connect no issues. (So I don't think it's a certificate issue.)

Any ideas would be GREATLY appreciated. I am pulling my hair out over this one.
You can't access the Internet with a 10.x.x.x address, because that's a private non-routable address. Of course you know it's a private address, because that's why you picked it for the VPN. This is good practice. However, to get to the public Internet, you'll need to translate that IP address somehow. The standard ways of doing this are to send requests through a NAT (Network Address Translation) device. Fortunately, Windows 2000 does include NAT capabilities. You should be able to configure NAT so that it translates the source IP address of requests from your 10.x.x.x private network to the public IP address assigned by your ISP. Good luck.

Dig Deeper on Legacy operating systems

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.