I'm setting up a test lab and here is the current configuration:

• 192.168.86.201 - a windows 2003 machine acting as PDC with AD/DNS/DHCP/WINS.
• 192.168.86.62 - windows 2003 machine is the RRAS server with IAS, also a
  file/print server.
• 192.168.86.6 - gateway/router to internet
• 192.168.86.21 - Windows XP Workstation

Everything works on the internal network, File/Print/AD etc. Whenever a user connects via vpn to the RRAS server remotely using their domain credentials, they are assigned an ip address from the 192.168.86.201 machine along with the wins server address etc.

The vpn user can then ping/access resources on the RRAS server, but cannot ping/access resources of any other machines by name or ip. However, if I ping by name, it does resolve to the correct ip address, just no replies.

I did notice that on the RRAS server the 'internal' interface gets an ip address of 192.168.86.75 when a remote user connects, and the remote user is assigned, for example 192.168.86.71 . The RRAS server responds on both the .62 and .75 ip addresses.

The client also unchecks the 'use remote default gateway option'.

Also, I tried connecting a laptop to the physical network, joining the domain, then going remote and dialing the connection before domain login, and everything seems to work, e.g. browse-able shares via network neighborhood. But I can't really join the domain remotely if I cannot access any other resources.

I really need to monitor traffic to see whats happening to those packets but won't be able to until this weekend. Any help is appreciated, will provide whatever configurations are needed.