Windows 2003 Server (RRAS)

[Deploysrs]

I have Routing and Remote access configured on my Windwos 2003 Domain Controller. Its setup to do PPTP and to give out IP address range from 192.168.1.200 to 192.168.1.211. I do not have the Domain controller running DHCP. Instead I have the Netgear VPN Firewall Router Running DHCP with range 192.168.1.1 up to 192.168.1.254 with mask 255.255.255.0. I did reserve ip range .200 to .211 not to be used so that Routing and Remote Access can use it.

My problem is this, Everyone can connect to Routing and remote access fine. But if someone at home connects to the (RRAS) and they have the same IP address range 192.168.1.1 on the network at home they aren't abel to view the network at all. I did notice if you change the home network address to like 10.0.1.1 network range they can. I do understand the problem some what. I know that if your connected to the (RRAS) and you look for a network share at lets say 192.168.1.10 its going to look locally to the home router and not the (RRAS) office network. My only problem with this is that the home routers are factory defaulted to use 192.168.1.1 to 192.168.1.254 range. How can I make (RRAS) work without having people change the home network address and with out changing my network Office address to a different IP range.

[FAT64]

I don't think you can. As far as I remember, VPN networks must use different subnets each end.

[cluberti]

I don't think you can. As far as I remember, VPN networks must use different subnets each end.

That is correct, you cannot VPN into a network running the same IP addressing scheme as your own, otherwise routing fails completely (which is why you see that changing the IP range on the client resolves the issue). Sometimes this can be avoided via static routes and breaking up one subnet or the other into smaller subnets, but that's a pain and easily avoided if you set your domain network config differently than you expect clients to use. To this end, you should try to use nonstandard private ranges when setting up networks (like 10.200.x.x or 172.29.x.x instead of 192.168.x.x), because most home routers default to a subnet in the 192.168.x.x range. This will save you much trouble in the future - and reconfiguring your domain network to a nonstandard private subnet like 172.29.x.x or 10.200.x.x if you're using DHCP for clients and static IPs for servers is very easy and should only take a few hours of downtime to change over and get up and running again.

[Deploysrs]

I don't think you can. As far as I remember, VPN networks must use different subnets each end.

That is correct, you cannot VPN into a network running the same IP addressing scheme as your own, otherwise routing fails completely (which is why you see that changing the IP range on the client resolves the issue). Sometimes this can be avoided via static routes and breaking up one subnet or the other into smaller subnets, but that's a pain and easily avoided if you set your domain network config differently than you expect clients to use. To this end, you should try to use nonstandard private ranges when setting up networks (like 10.200.x.x or 172.29.x.x instead of 192.168.x.x), because most home routers default to a subnet in the 192.168.x.x range. This will save you much trouble in the future - and reconfiguring your domain network to a nonstandard private subnet like 172.29.x.x or 10.200.x.x if you're using DHCP for clients and static IPs for servers is very easy and should only take a few hours of downtime to change over and get up and running again.

Thanks for the help everyone. I now know that I should setup a network that is going to run RRAS in a different Subnet then the default 192.168.1.1. (Problem Solved)