RESOLUTION: When you use the Routing and Remote Access Server Setup Wizard to configure RRAS as a VPN server, Input and Output filters are automatically configured on the external network adapter to process only VPN traffic and disable all ports and protocols except protocol 47 (GRE), TCP port 1723 for PPTP Outbound/Inbound, UDP 500 for ISAKMP and UDP 1701 for L2TP. For consultants, refer to case RL060204.

Can't access the Internet after enabling VPN

Cause: RRAS enables Input and Output filters by default.

Resolution: To allow pinging to and from the external NIC, add Inbound and Outbound filters to the adapter to allow Internet Control Message Protocol (ICMP) packets to be processed on the adapter. To do this, go to Routing and Remote Access>IP Routing>General. In the right pane, right-click the adapter that has been configured as the external adapter, and then click Properties>Input Filters>Add. In the Protocol box, click ICMP. Click Output Filters, and then repeat the previous three steps.

Connectivity issue after enabling VPN in multihomed server

Symptoms: after you enable VPN on a server as a router or with two or more NICs, you may experience some issues. 1) the internal computers can't access the Internet; 2) outside VPN clients can't access the VPN server; 3) can't access the server using TS and VNC form the internal or outside.

Causes: for the security reason, the RRAS modify the routing table and enable incoming VPN connections only so that no other forward packets over the interface except PPTP or L2TP traffic. For consultants, refer to case 090804RL.