Prev: Long filenames not supported..
Next: Enable software to work in Domain user account.
From: Neil Rashbrook on 2 Jul 2010 11:47
I notice that by default the VPN subnet mask as configured by SBS 2008
does not respect the CIDR subnet mask on the LAN. This means that you
can't VPN from a 10.0.0.0/24 LAN via two NAT routers to a 10.10.10.0/24
LAN because the routing table gets two routes for 10.0.0.0 instead of a
route for 10.0.0.0 and a route for 10.10.10.0. Is this by design? Should
I change RRAS to use a static address pool (e.g. 10.0.0.2-8/24), or will
that cause other problems?
From: Joe on 2 Jul 2010 14:47
On 02/07/10 16:47, Neil Rashbrook wrote:
> I notice that by default the VPN subnet mask as configured by SBS 2008
> does not respect the CIDR subnet mask on the LAN. This means that you
> can't VPN from a 10.0.0.0/24 LAN via two NAT routers to a 10.10.10.0/24
> LAN because the routing table gets two routes for 10.0.0.0 instead of a
> route for 10.0.0.0 and a route for 10.10.10.0. Is this by design? Should
> I change RRAS to use a static address pool (e.g. 10.0.0.2-8/24), or will
> that cause other problems?

It may cause other problems. When the VPN shares the LAN DHCP pool, the
VPN is bridged to the LAN rather than routed. If it's different, with
SBS2003 you needed to explicitly arrange routing, and SBS2008 may be the
same.

I have a preference for avoiding the 10. network altogether, as I've
seen quite a few funnies where it has been used. In the Old Days, 10.
was by definition a Class A network, i.e. a /8 CIDR block, and some
firmware/software seemed to have this hardcoded in. When I kept the
subnet mask to /8, all was well. Using /8, of course, means there is
only the one 10. network, which makes routing problematic. The network
classes haven't been used for a long time, but you never know how much
software still contains fragments of old code.

Windows 7 still has edlin...

--
Joe
 | 
Pages: 1
Prev: Long filenames not supported..
Next: Enable software to work in Domain user account.