Hello,

We have the following scenario: a stand-alone Win2k3svr with Exchange 2003
is located at a server center in the internet (IS); another win2k3svr is
located in our office (OS). The OS establishes the site-to-site VPN
connection with the IS so the clients in the office can access their
mailboxes. Both servers run an ISA2000 for security reasons.

Since there is not record in the event log I can only tell the symptoms of
the problem:

For a long time it just worked fine. Since a couple of days the clients
cannot access their mailboxes or any other resources (e.g. SMB) on the IS.
Routing protocols do look like always and are correct on both sites. No
errors occur in the event log, the connection establishes just fine as usual.
So as I said, the clients in the office cannot access the resources, but from
the OS I can access everything on the IS (I always try to access the c$-share
by using the servers IP, not FQDN as a test). On the other side, the IS
cannot access anything on the office network, not the OS it self nor anything
behind that router.

Another symptom is: If I establish a VPN-connection directly from a client
to the IS then everything works fine – so I first assumed that there must be
a problem with the routing table, but see for yourself:

Office server:
OS-IP (internal): 192.168.10.1
OS-RRAS-IP: 192.168.10.50
OS-IP on IS vpn: 192.168.20.51

Routing table on the OS:

Netzwerkziel Netzwerkmaske Gateway Schnittstelle Metrik
0.0.0.0 0.0.0.0 59.6.176.254 59.6.176.127 20
59.6.176.0 255.255.255.0 59.6.176.127 59.6.176.127 20
59.6.176.127 255.255.255.255 127.0.0.1 127.0.0.1 20
59.255.255.255 255.255.255.255 59.6.176.127 59.6.176.127 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.10.0 255.255.255.0 192.168.10.1 192.168.10.1 20
192.168.10.1 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.10.50 255.255.255.255 127.0.0.1 127.0.0.1 50
192.168.10.53 255.255.255.255 192.168.20.51 192.168.20.51 1
192.168.10.255 255.255.255.255 192.168.10.1 192.168.10.1 20
192.168.20.0 255.255.255.0 0.0.0.0 192.168.20.51 1
192.168.20.0 255.255.255.0 192.168.10.53 192.168.20.51 1
192.168.20.51 255.255.255.255 127.0.0.1 127.0.0.1 50
192.168.20.255 255.255.255.255 192.168.20.51 192.168.20.51 50
211.234.119.35 255.255.255.255 59.6.176.254 59.6.176.127 20
224.0.0.0 240.0.0.0 59.6.176.127 59.6.176.127 20
224.0.0.0 240.0.0.0 192.168.10.1 192.168.10.1 20
224.0.0.0 240.0.0.0 192.168.20.51 192.168.20.51 50
255.255.255.255 255.255.255.255 59.6.176.127 59.6.176.127 1
255.255.255.255 255.255.255.255 192.168.10.1 192.168.10.1 1
255.255.255.255 255.255.255.255 192.168.20.51 192.168.20.51 1
Standardgateway: 59.6.176.254

Internet server:
IS-IP (internal): 192.168.20.1
IS-RRAS-IP: 192.168.20.50
IS-IP on OS vpn: 192.168.10.53

Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 211.234.119.33 211.234.119.35 10
59.6.176.127 255.255.255.255 211.234.119.33 211.234.119.35 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.10.0 255.255.255.0 192.168.20.51 192.168.10.53 1
192.168.10.53 255.255.255.255 127.0.0.1 127.0.0.1 50
192.168.10.255 255.255.255.255 192.168.10.53 192.168.10.53 50
192.168.20.0 255.255.255.0 192.168.20.1 192.168.20.1 10
192.168.20.1 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.20.50 255.255.255.255 127.0.0.1 127.0.0.1 50
192.168.20.51 255.255.255.255 192.168.10.53 192.168.10.53 1
192.168.20.255 255.255.255.255 192.168.20.1 192.168.20.1 10
211.234.119.32 255.255.255.240 211.234.119.35 211.234.119.35 10
211.234.119.35 255.255.255.255 127.0.0.1 127.0.0.1 10
211.234.119.255 255.255.255.255 211.234.119.35 211.234.119.35 10
224.0.0.0 240.0.0.0 192.168.10.53 192.168.10.53 50
224.0.0.0 240.0.0.0 192.168.20.1 192.168.20.1 10
224.0.0.0 240.0.0.0 211.234.119.35 211.234.119.35 10
255.255.255.255 255.255.255.255 192.168.10.53 192.168.10.53 1
255.255.255.255 255.255.255.255 192.168.20.1 192.168.20.1 1
255.255.255.255 255.255.255.255 211.234.119.35 211.234.119.35 1


I am using the RRAS since many years and I experienced various problems,
which at least presented me some records in the event log. Since I don’t get
any error messages I am really clueless how to solve that problem.

Any clue?

Best regards,
Daniel.