Enabling VPN in RRAS Causes Connection Issues to Remote Networks (243374)



The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server

This article was previously published under Q243374

SYMPTOMS

RRAS does not forward packets over the interface that is selected as the "Internet" interface after you enable Virtual Private Network (VPN). Network traffic is forwarded over the VPN connections and the internal LAN connection normally.

CAUSE

When you enable RRAS, the Setup Wizard lets you choose one of the following options:
  • Internet connection server
  • Remote access server
  • Virtual private network (VPN) server
  • Network router
  • Manually configured server
If you choose one of these options, RRAS is configured just for the functionality each option describes. If you select VPN server, you configure RRAS to accept incoming VPN connections. This secures the interface you select by implementing filters that only accept PPTP or L2TP traffic. Then, RRAS does not forward packets on that interface unless they are PPTP or L2TP.

RESOLUTION

If you want your server to be a VPN server and also act as a router, follow these steps:
  1. In the Setup wizard, click Manually configured server.
  2. After you enable RRAS, click to select the Enable this computer as a Router check box to manually configure it in RRAS server properties.
  3. To accept PPTP or L2TP connections, right-click Ports in RRAS Manager, and then click Properties.
  4. Click WAN Miniport (PPTP), and then click Configure.
  5. Click to select the Remote access connections (inbound only) check box. Repeat steps 4-5 for WAN Miniport (L2TP).
NOTE: If you choose not to enable any packet filtering on the interface connected to the Internet, you are opening your VPN server to attack from the Internet.

STATUS

This behavior is by design.

Modification Type:MajorLast Reviewed:11/13/2003
Keywords:kbnetwork kbprb KB243374