Re: Unable to access private network from the VPN (NAT)
- From: "Scott Harding" <scrockel@**NO_SPAM**hotmail.com>
- Date: Fri, 1 Apr 2005 14:53:59 -0700
You need two interfaces on 2 different subnets for this to work.
--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server
"Linh" <Linh@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:AA4D7CDC-F89E-4CB0-910B-0A2C94C356A0@xxxxxxxxxxxxxxxx
> I've actually tired with only one interface... I'll give it a try again
> but
> it wasnt working before... =/
>
> Even before when I was using one interface the only way I could connect to
> specific servers was by clicking on NAT/Basic Filtering and then click on
> the
> interface ...under there you will see a Services and Ports ... I select a
> service or add a port and the ip I want to access and the next time I
> connect
> to the vpn I can access the machine.
>
> I'd like to access all machines without having to do that...
>
> thanks for all the help=) hopefully I can figure this out...
>
> "Bill Grant" wrote:
>
>> I don't understand the last bit. How can you "allow routing on port
>> 22"!
>> IP routing works on IP addresses. Port forwarding/filtering is a
>> completely
>> different thing.
>>
>> In addition, why does the server have two interfaces in the same IP
>> subnet? RRAS does funny things when this is the case. You only need two
>> interfaces if the server if is directly connected to the Internet (ie one
>> public and one private). If you are behind a router, the router is the
>> public interface.
>>
>> I would give the server just one NIC and one IP address. Forward tcp
>> port 1723 from the router to this IP address. This extends the VPN
>> connection to the server. All VPN traffic will be encrypted and
>> encapsulated
>> between the remote client and the server. After it reaches the server it
>> will be decrypted and forwarded to the LAN with its private address.
>>
>> "Linh" <Linh@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:C435BAD7-EC48-42E6-B7D6-172AFA6B735E@xxxxxxxxxxxxxxxx
>> >I have two interfaces on the windows2k3 machine. The first interface is
>> > 192.168.1.181 and the second is .182 (yes they are on the same router)
>> >
>> > I'm connecting to the VPN from an external site (some where over the
>> > internet)
>> > Yes i'm connected to the vpn! The external machine gets an internal ip
>> > address and its able to ping the interfaces on the VPN server. Not
>> > only
>> > that
>> > if I allow routing to 192.168.1.69 on port 22 I can ssh to that machine
>> > from
>> > the external computer. Yes the machine is on the VPN
>> >
>> > Its not an "internet" issue
>> >
>> > "Bill Grant" wrote:
>> >
>> >> Are you sure you are actually connecting by VPN? The symptoms you
>> >> describe fit the case when you are connecting directly through the
>> >> Internet!
>> >>
>> >> If you connect by VPN, your client should be receiving a private
>> >> IP
>> >> address. Its connection to the server should be through the "virtual"
>> >> interface of the server. Any port forwarding settings on the server
>> >> should
>> >> have no effect on this connection. The VPN traffic comes through the
>> >> "public" interface encrypted and encapsulated and is not seen by that
>> >> interface.
>> >>
>> >> "Linh" <Linh@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> news:996258F3-F8E4-4813-906B-1099206896F3@xxxxxxxxxxxxxxxx
>> >> > I'm sorry I guess I was unclear. I'm unable to access the machines
>> >> > on
>> >> > the
>> >> > private interface. I'm unable to ping them. However if I forward
>> >> > ports
>> >> > to
>> >> > these server then i'm able to connect to 192.168.1.machinIP
>> >> >
>> >> > I would like open access to all machines...
>> >> >
>> >> > thanks!
>> >> >
>> >> > "Scott Harding" wrote:
>> >> >
>> >> >> This is typically because of misconfigured DNS/WINS settings. They
>> >> >> won't
>> >> >> be
>> >> >> able to browse through Network neighborhood but should be able to
>> >> >> access
>> >> >> resources by name.
>> >> >>
>> >> >> --
>> >> >> Scott Harding
>> >> >> MCSE, MCSA, A+, Network+
>> >> >> Microsoft MVP - Windows NT Server
>> >> >>
>> >> >> "Linh" <Linh@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> >> news:174AF13F-9D3A-40E2-A292-B3E6F8BC1A73@xxxxxxxxxxxxxxxx
>> >> >> >I have users successfully connecting to the VPN through my public,
>> >> >> >they
>> >> >> >are
>> >> >> > able to access both interfaces on the VPN server however they are
>> >> >> > unable
>> >> >> > to
>> >> >> > access any of the machines on the private network. Within the
>> >> >> > Windows
>> >> >> > 2003
>> >> >> > VPN setup I was able to forward ports to specific machines and
>> >> >> > have
>> >> >> > the
>> >> >> > VPN
>> >> >> > users access that but ideally I would like to give the users
>> >> >> > unrestricted
>> >> >> > access to the private network. Is this possible if so how?
>> >> >> > Private
>> >> >> > network
>> >> >> > is 192.168.1.0/24
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>
.
- Follow-Ups:
- References:
- Unable to access private network from the VPN (NAT)
- From: Linh
- Re: Unable to access private network from the VPN (NAT)
- From: Scott Harding
- Re: Unable to access private network from the VPN (NAT)
- From: Linh
- Re: Unable to access private network from the VPN (NAT)
- From: Bill Grant
- Re: Unable to access private network from the VPN (NAT)
- From: Linh
- Re: Unable to access private network from the VPN (NAT)
- From: Bill Grant
- Re: Unable to access private network from the VPN (NAT)
- From: Linh
- Unable to access private network from the VPN (NAT)
- Prev by Date: Binding order problems suddenly
- Next by Date: Re: Unable to access private network from the VPN (NAT)
- Previous by thread: Re: Unable to access private network from the VPN (NAT)
- Next by thread: Re: Unable to access private network from the VPN (NAT)
- Index(es):
Relevant Pages
|
