Re: Small network to Net setup suggestions.

You can certainly do what you're attempting with just two NICs and a server.

Just turn up RRAS with a NAT interface, make sure the external side of NAT
is the Internet NIC and workstations are using the server as their gateway IP, and
things will pretty much just work on their own.

I personally do not like having any computer - and especially a server - directly connected
to a public Internet wire. I consider it a de facto security problem. (The problem is
that software solutions can easily become misconfigured, leading to direct
exposure.) With a hardware NAT box, I know positively that traffic has to
pass through it to get to the server, so I worry less about what gets misconfigured.
This of course is entirely your call.

If you want VPN, be sure to get a router that supports VPN passthrough, or better, a
device that supports VPN in the hardware.

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.


"Ren. B" <RenB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:3E863619-7482-4E33-8D5B-A170A878AB35@xxxxxxxxxxxxxxxx
> Thanks for the response Steve. Making a little more progress. Unfortunately
> I've been out of the "routing" part of things for a long long time. Does this
> basic setup
> seem locical? or do I need to head back to the book store for some routing
> 101 and also get a real net guy? I can ping and tracert everywhere locally
> but can't get Net.
>
>
> {"Internet"}
> |
> |
> Switch
> |
> Server - DNS -> 192.168.1.5
> DHCP -> 192.168.1.6
> |-> Workstations
>
> Our server is just one of those Dell 2850 w/ (2) built in ethernet ports
> so I was first hoping to get it all done with just Win2K3 to keep costs low
> but secuirty and being able to VPN in from home are paramount.
>
> Its definately still my NAT. Next step is probably to just get a simple
> device for it.
>
> "Steve Duff [MVP]" wrote:
>
>> You will be better off spending the $50 for a simple NAT router. It is inherently
>> more secure and also simpler to configure and diagnose when things aren't working.
>>
>> There will be no real advantage to you from what you've described in getting a
>> business-grade Cisco router, though they are of course first-rate units. If you need
>> for example VPN access, and/or have a need for a lot of customization in your
>> routing, that would be a choice. If you don't know IOS, a Cisco router can become
>> a formidable adversary.
>>
>> The most likely source of your problem is that the default gateway IP is set incorrectly
>> on the workstations, or the server isn't able to reply back to the workstation because
>> NAT is incorrectly setup in RRAS, or is not setup at all. The default gateway should be
>> the internal LAN IP of the server. The external NAT interface should be configured as
>> the other NIC on the public side in RRAS.
>>
>> Open a CMD prompt and do a "tracert" from a workstation to your ISPs DNS server IP.
>> When the output turns to "* * *", that's where the circuit is broken. Either the data isn't getting
>> to that hop, or that hop can't route a response back to you. Once you know where it is failing,
>> figuring out why is usually not too hard.
>>
>> Steve Duff, MCSE, MVP
>> Ergodic Systems, Inc.
>>
>> "Ren. B" <RenB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:E13DA14C-35DB-40F4-8886-3DAF5B467FC1@xxxxxxxxxxxxxxxx
>> > Greetings All,
>> >
>> > I apologize for a rather rookie question. I'm rather new to MSFT for our
>> > networking. Basically, I have a small critical network I have to get up on
>> > the net. I have Win2K3 STD and I think I have DHCP and DNS w/ AD setup and
>> > working correctly. Although I'm very new to AD.. The 3 work stations are
>> > getting they're 192.196.1.x IP's, but can't they can't see the net. I do have
>> > routing enabled and believe most things are correct there. Looking to see if
>> > anyone has set up a similar network w/ Verizion's DSL service and ran into
>> > any "got ya's"..
>> >
>> > Also woundering if I'm better off using a small Cisco router and FW instead
>> > of Win2K3's internal routing, NAT and FW..
>> >
>> > Any help or suggestions would be greately appreciated.
>> >
>> > Ren
>>
>>
>>


.

Relevant Pages

  • Re: VPN Error 733, Event Log Error 20050 with SBS 2003 - revisited
    ... the VPN from within the LAN with anti-virus ... It seems that I need to look at repairing the whole of RRAS. ... disable or uninstall any antivirus software on the RRAS Server. ... check if there are some firewall between remote VPN client and RRAS server. ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN and LAN conflicts
    ... After connecting to the RRAS, the server should have PPTP IP information. ... Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net ... > connections, applying computer settings and applying your personal settings) ...
    (microsoft.public.win2000.ras_routing)
  • Re: Bizzare ISA2004 VPN Issues, Please help
    ... Rebooted the server. ... I then manually opened RRAS, configured it to accept PPTP VPN connections. ...
    (microsoft.public.isa)
  • Re: RRAS on W2K3
    ... If I connect to the ISP using the RRAS ... Not much connection here. ... the same server? ... Networking, Internet, Routing, VPN Troubleshooting on ...
    (microsoft.public.windows.server.networking)
  • Re: VPN Error 733, Event Log Error 20050 with SBS 2003 - revisited
    ... First, we need to ensure the RRAS is running in a clean environment, make ... SBS Server from the LAN client directly by following this KB: ... How to configure a VPN connection to your corporate network in Windows XP ... the CEICW Wizard and the remote access wizard. ...
    (microsoft.public.windows.server.sbs)
Quantcast