I'm trying to setup an SSTP VPN on Windows Server 2012 which works fine when I connect from the same subnet as the RAS server but does not work when I configure PAT or when I try to route the traffic via my router.
My setup:
Server 2012 standard
Two NICs, one in subnet A the other in subnet B. The NIC in subnet A has a default gateway configured, the other does not and is not used for the VPN.
Cisco 1941
No ACLs enabled, both interfaces configured with a rather standard config:
interface Vlan4
ip address 10.1.4.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
I've tried disabling the adjust-mss commands and the virtual-reassembly in commands but this did not solve the problem.
The error log on the client says the following:
The Secure Socket Tunneling Protocol service could not configure the route to the VPN server, which is required for the proper functioning of the VPN connection. The detailed error message is given below. Correct the problem and try again. The parameter is incorrect.
The server event log displays the following:
The user DOMAIN\eric connected on port VPN1-127 on 13-8-2013 at 11:56 and disconnected on 13-8-2013 at 11:56. The user was active for 0 minutes 18 seconds. 1299 bytes were sent and 304 bytes were received. The reason for disconnecting was user request. The tunnel used was WAN Miniport (SSTP). The quarantine state was 'not nap-capable'.
When I try to connect from a different subnet the connection fails which leads me to think that there might be something in the cisco router that is causing this issue. I've ran wireshark to see the packet flow and right after the connection completes the client stops sending packages to the server. The strange thing is that the windows UI shows that the "sent" packages on the client keeps increasing but the "received" stays at a static number after the authentication process.
Any ideas?
