Re: Unable to access private network from the VPN (NAT)

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

I don't understand the last bit. How can you "allow routing on port 22"!
IP routing works on IP addresses. Port forwarding/filtering is a completely
different thing.

In addition, why does the server have two interfaces in the same IP
subnet? RRAS does funny things when this is the case. You only need two
interfaces if the server if is directly connected to the Internet (ie one
public and one private). If you are behind a router, the router is the
public interface.

I would give the server just one NIC and one IP address. Forward tcp
port 1723 from the router to this IP address. This extends the VPN
connection to the server. All VPN traffic will be encrypted and encapsulated
between the remote client and the server. After it reaches the server it
will be decrypted and forwarded to the LAN with its private address.

"Linh" <Linh@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C435BAD7-EC48-42E6-B7D6-172AFA6B735E@xxxxxxxxxxxxxxxx
>I have two interfaces on the windows2k3 machine. The first interface is
> 192.168.1.181 and the second is .182 (yes they are on the same router)
>
> I'm connecting to the VPN from an external site (some where over the
> internet)
> Yes i'm connected to the vpn! The external machine gets an internal ip
> address and its able to ping the interfaces on the VPN server. Not only
> that
> if I allow routing to 192.168.1.69 on port 22 I can ssh to that machine
> from
> the external computer. Yes the machine is on the VPN
>
> Its not an "internet" issue
>
> "Bill Grant" wrote:
>
>> Are you sure you are actually connecting by VPN? The symptoms you
>> describe fit the case when you are connecting directly through the
>> Internet!
>>
>> If you connect by VPN, your client should be receiving a private IP
>> address. Its connection to the server should be through the "virtual"
>> interface of the server. Any port forwarding settings on the server
>> should
>> have no effect on this connection. The VPN traffic comes through the
>> "public" interface encrypted and encapsulated and is not seen by that
>> interface.
>>
>> "Linh" <Linh@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:996258F3-F8E4-4813-906B-1099206896F3@xxxxxxxxxxxxxxxx
>> > I'm sorry I guess I was unclear. I'm unable to access the machines on
>> > the
>> > private interface. I'm unable to ping them. However if I forward
>> > ports
>> > to
>> > these server then i'm able to connect to 192.168.1.machinIP
>> >
>> > I would like open access to all machines...
>> >
>> > thanks!
>> >
>> > "Scott Harding" wrote:
>> >
>> >> This is typically because of misconfigured DNS/WINS settings. They
>> >> won't
>> >> be
>> >> able to browse through Network neighborhood but should be able to
>> >> access
>> >> resources by name.
>> >>
>> >> --
>> >> Scott Harding
>> >> MCSE, MCSA, A+, Network+
>> >> Microsoft MVP - Windows NT Server
>> >>
>> >> "Linh" <Linh@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> news:174AF13F-9D3A-40E2-A292-B3E6F8BC1A73@xxxxxxxxxxxxxxxx
>> >> >I have users successfully connecting to the VPN through my public,
>> >> >they
>> >> >are
>> >> > able to access both interfaces on the VPN server however they are
>> >> > unable
>> >> > to
>> >> > access any of the machines on the private network. Within the
>> >> > Windows
>> >> > 2003
>> >> > VPN setup I was able to forward ports to specific machines and have
>> >> > the
>> >> > VPN
>> >> > users access that but ideally I would like to give the users
>> >> > unrestricted
>> >> > access to the private network. Is this possible if so how? Private
>> >> > network
>> >> > is 192.168.1.0/24
>> >>
>> >>
>> >>
>>
>>
>>


.

Relevant Pages

  • Re: 1 NIC v. 2 NICS & remote access questions from beginner
    ... a remote user I would recommend using a secure VPN. ... VPN funcionality I`ll tend to use that, ... the firewall for each service to the SBS server. ... >> assigned to its LAN port. ...
    (microsoft.public.windows.server.sbs)
  • Re: Cant Telnet
    ... I have a SBS2000 server at my office with 2 nics, Zyxel prestige DSL modem, ... VPN Software to establish a VPN to my office. ... "Cannot open the VPN connection. ... > standard port for telnet, other service such SMTP VPN will use different ...
    (microsoft.public.windows.server.sbs)
  • Re: Please Help Site-To-Site without ISA
    ... You can configure more than one site to site VPN connection on the ... You set up a new demand-dial interface and configure a new site to ... public IP of the VPN server at the second site on the front. ... to router connection. ...
    (microsoft.public.windows.server.networking)
  • Dungeon Siege - Server behind Sygate NAT with Port Forwarding - HELP!
    ... I have an in depth NAT question with port forwarding from LAN/WAN ... for the game on the server. ... first, and then my LAN clients connect, they will lose sync after about 2 ... coming in on DSL interface? ...
    (comp.security.firewalls)
  • SBS2008 RRAS service causes other servcies to crash
    ... I have an SBS2008 server which has been working fine for about 3 months. ... So I rebooted in safe mode and have disabled RRAS and alls well except my users who use VPN are not happy. ... VPN Port Status Error.The system process should listen on Port 1723, but that port is owned by the process. ...
    (microsoft.public.windows.server.sbs)