MS VPN and local VLans

I have a Server 2003 VPN with three nics, one to a public address one to the main VLAN (10.1.x.x) and a third to a VLAN (10.3.x.x) for getting DHCP addresses. No firewalls involved, all cards are properly configured. Connected users can get to the 10.1 VLAN and the 10.3 VLAN but not any others. i.e. the 10.4 VLAN. It used to work! Even when logged onto the console, I cannot ping the 10.4 gateway. I am at a loss here, any thoughts?

Thanks
John

 

How are you setting up the VLAN's, what is controlling them and what type are they. For example, are you using Cisco switches to create port based VLANs?

It looks as though you are using the VLANs to separate your subnets. (perhaps you have a layer 3 switch - or is that what the server is doing). So I'd start by using TRACERT to see where the problem is occuring.

On one of the PCs on the 10.4 VLAN try

TRACERT {IPADDRESS}

Where {IPADDRESS} is an address on the 10.1.0.0 subnet (So TRACERT 10.1.0.1 for example). How far does it get?

If it fails without getting to a router, then the problem is probably within the PC configuration.

If it gets to the central router (your layer 3 switch or the server) and then fails, the problem is probably the configuation of the router (switch or server).

My guess would be that DHCP isn't giving out the right default gateway addresses.

 

Try installing another NIC m8

Im not to hot on this myself, but from my very basic understanding of this , I thought a different card was needed for each seperate subnet.

I'm about to try this myself ..so any feedback would help me!

Cheers

 

You can assign multiple IP addresses to a single network interface, so you don't need to have one card to each subnet. The additional complication of have multiple cards can make having a NIC per subnet can make it a poor choice.

However, things can be a little more complicated on the VLAN side. It depends how the VLANs are set up and how sophisticated the VLAN switches are. Some allow you to overlap VLANs, in which case multiple VLANs connecting to a single NIC isn't a problem. Other's won't and/or there may be good reason why you'd want to seperate the VLANs (for example, for security reasons).

This highlights that we need more detail of how the VLANs are set up.

 

Did anything change, setup wise? before you lost the other VLAN?

As I said im not to hot with this so any solutions might well help me understand this aspect of networking better.

Cheers

Cheers for the card info Reggie! I'd misread the white paper.