Re: Windows 2K RRAS VPN on DMZ can't authenticate users
From: Phillip Windell (_at_.)
Date: 05/25/04
- Next message: rua17: "weird logon in windows 2003"
- Previous message: Jim Ziogas: "Re: ICS dialing without request from client"
- In reply to: David Hodgson: "Re: Windows 2K RRAS VPN on DMZ can't authenticate users"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 25 May 2004 11:32:35 -0500
OK.
-- Phillip Windell [MCP, MVP, CCNA] www.wandtv.com "David Hodgson" <david.hodgson@vianet.co.uk> wrote in message news:c8vrhj$nl6$1$8302bc10@news.demon.co.uk... > it's ok, it was the client side's security options where it was only set to > allow CHAP > > "David Hodgson" <david.hodgson@vianet.co.uk> wrote in message > news:c8vqoa$3jb$1$8300dec7@news.demon.co.uk... > > >How can it be part of the domain when it is out in the DMZ?" > > > > because when it uses AD to authenticate users it needs to be on the same > > domain (right or wrong?) > > > > >All 65,000+ of them? What's the point in having the Firewall? > > > > I should have said all the ports are open between the VPN Server and the > > Internal network, it's then controlled via ACL's to allow only that server > > to connect to our internal network, it can't be spoofed cause it's got an > > internal IP. > > this is common practise. > > > > > Firewalls perform NAT and create "trusted" and "untrusted" networks. The > > DMZ > > > is "untrusted" and the LAN is "trusted". The DMZ is never supposed to > see > > > the LAN, and therfore can never "authenticate". > > > > DMZ can see the LAN in certain circumstances, ie doing what I'm doing, > > Exchange FE/BE servers etc. > > > > It's a Remote Access VPN with clients connecting to it using PPTP nothing > > more. > > > > I only asked why the server in question can't authenticate a user when it > > has complete access to my internal network. > > > > > > "Phillip Windell" <@.> wrote in message > > news:uNJAhymQEHA.3732@TK2MSFTNGP11.phx.gbl... > > > "David Hodgson" <david.hodgson@vianet.co.uk> wrote in message > > > news:c8vn3a$rb6$1$8300dec7@news.demon.co.uk... > > > > I have a Windows 2K RRAS VPN server which in my DMZ, it is part of the > > > > domain and the > > > > > > How can it be part of the domain when it is out in the DMZ? > > > > > > > firewall between the DMZ and the Internal network has all the > > > > ports open between the DMZ network and the Internal network. > > > > > > All 65,000+ of them? What's the point in having the Firewall? > > > > > > > My clients when connecting to this server get a 919 error "the remote > > > > computer refused to be authenticated....." at the "Verifying username > > and > > > > password" > > > > > > Firewalls perform NAT and create "trusted" and "untrusted" networks. The > > DMZ > > > is "untrusted" and the LAN is "trusted". The DMZ is never supposed to > see > > > the LAN, and therfore can never "authenticate". > > > > > > > Also the VPN server cannot get a browse list of the whole domain, > looks > > > like > > > > it's just broadcasting on the DMZ and picking up computers there. > (don't > > > > know if this has anything to do with the above?) > > > > > > That is exactly what it is supposed to do in that environment. > > > > > > You will have to explain the intent a little better here. Just because > > you > > > say you *have* a VPN Server in the DMZ doesn't explain how you intend to > > use > > > it and how you expect it to perform. There are several types of VPN > > "models" > > > that all behave differently and are used in different types of > > > situations,...and the types aren't "cross-compatible". > > > > > > Virtual Private Networking with Windows Server 2003: Deploying > > Site-to-Site > > > VPNs > > > > > > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/vpndpls2.mspx > > > > > > Virtual Private Networking with Windows 2000: Deploying Router-to-Router > > > VPNs > > > > > > http://www.microsoft.com/windows2000/server/evaluation/features/deplyr2rvpn.asp > > > > > > Virtual Private Networking with Windows 2000: Deploying Remote Access > VPNs > > > > > > http://www.microsoft.com/windows2000/techinfo/planning/incremental/vpndeploy.asp > > > > > > Microsoft Windows Server 2003 Remote Access/VPN Server Role > > > > > > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/serverroles/remoteaccessserver/default.mspx > > > > > > Overview of Deploying Dial-up and VPN Remote Access Servers > > > > > > http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/all/deployguide/en-us/dnsbf_vpn_mcnx.asp > > > > > > > > > -- > > > > > > Phillip Windell [MCP, MVP, CCNA] > > > www.wandtv.com > > > > > > > > > > > > > > >
- Next message: rua17: "weird logon in windows 2003"
- Previous message: Jim Ziogas: "Re: ICS dialing without request from client"
- In reply to: David Hodgson: "Re: Windows 2K RRAS VPN on DMZ can't authenticate users"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
