Re: Unable to access private network from the VPN (NAT)

---

• From: "Linh" <Linh@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Sat, 2 Apr 2005 17:15:02 -0800

---

To be honest that doesnt make sense since you can run the VPN from one
interface... Bill what is your take =)

"Scott Harding" wrote:

> You need two interfaces on 2 different subnets for this to work.
>
> --
> Scott Harding
> MCSE, MCSA, A+, Network+
> Microsoft MVP - Windows NT Server
>
> "Linh" <Linh@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:AA4D7CDC-F89E-4CB0-910B-0A2C94C356A0@xxxxxxxxxxxxxxxx
> > I've actually tired with only one interface... I'll give it a try again
> > but
> > it wasnt working before... =/
> >
> > Even before when I was using one interface the only way I could connect to
> > specific servers was by clicking on NAT/Basic Filtering and then click on
> > the
> > interface ...under there you will see a Services and Ports ... I select a
> > service or add a port and the ip I want to access and the next time I
> > connect
> > to the vpn I can access the machine.
> >
> > I'd like to access all machines without having to do that...
> >
> > thanks for all the help=) hopefully I can figure this out...
> >
> > "Bill Grant" wrote:
> >
> >> I don't understand the last bit. How can you "allow routing on port
> >> 22"!
> >> IP routing works on IP addresses. Port forwarding/filtering is a
> >> completely
> >> different thing.
> >>
> >> In addition, why does the server have two interfaces in the same IP
> >> subnet? RRAS does funny things when this is the case. You only need two
> >> interfaces if the server if is directly connected to the Internet (ie one
> >> public and one private). If you are behind a router, the router is the
> >> public interface.
> >>
> >> I would give the server just one NIC and one IP address. Forward tcp
> >> port 1723 from the router to this IP address. This extends the VPN
> >> connection to the server. All VPN traffic will be encrypted and
> >> encapsulated
> >> between the remote client and the server. After it reaches the server it
> >> will be decrypted and forwarded to the LAN with its private address.
> >>
> >> "Linh" <Linh@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> news:C435BAD7-EC48-42E6-B7D6-172AFA6B735E@xxxxxxxxxxxxxxxx
> >> >I have two interfaces on the windows2k3 machine. The first interface is
> >> > 192.168.1.181 and the second is .182 (yes they are on the same router)
> >> >
> >> > I'm connecting to the VPN from an external site (some where over the
> >> > internet)
> >> > Yes i'm connected to the vpn! The external machine gets an internal ip
> >> > address and its able to ping the interfaces on the VPN server. Not
> >> > only
> >> > that
> >> > if I allow routing to 192.168.1.69 on port 22 I can ssh to that machine
> >> > from
> >> > the external computer. Yes the machine is on the VPN
> >> >
> >> > Its not an "internet" issue
> >> >
> >> > "Bill Grant" wrote:
> >> >
> >> >> Are you sure you are actually connecting by VPN? The symptoms you
> >> >> describe fit the case when you are connecting directly through the
> >> >> Internet!
> >> >>
> >> >> If you connect by VPN, your client should be receiving a private
> >> >> IP
> >> >> address. Its connection to the server should be through the "virtual"
> >> >> interface of the server. Any port forwarding settings on the server
> >> >> should
> >> >> have no effect on this connection. The VPN traffic comes through the
> >> >> "public" interface encrypted and encapsulated and is not seen by that
> >> >> interface.
> >> >>
> >> >> "Linh" <Linh@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> >> news:996258F3-F8E4-4813-906B-1099206896F3@xxxxxxxxxxxxxxxx
> >> >> > I'm sorry I guess I was unclear. I'm unable to access the machines
> >> >> > on
> >> >> > the
> >> >> > private interface. I'm unable to ping them. However if I forward
> >> >> > ports
> >> >> > to
> >> >> > these server then i'm able to connect to 192.168.1.machinIP
> >> >> >
> >> >> > I would like open access to all machines...
> >> >> >
> >> >> > thanks!
> >> >> >
> >> >> > "Scott Harding" wrote:
> >> >> >
> >> >> >> This is typically because of misconfigured DNS/WINS settings. They
> >> >> >> won't
> >> >> >> be
> >> >> >> able to browse through Network neighborhood but should be able to
> >> >> >> access
> >> >> >> resources by name.
> >> >> >>
> >> >> >> --
> >> >> >> Scott Harding
> >> >> >> MCSE, MCSA, A+, Network+
> >> >> >> Microsoft MVP - Windows NT Server
> >> >> >>
> >> >> >> "Linh" <Linh@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> >> >> news:174AF13F-9D3A-40E2-A292-B3E6F8BC1A73@xxxxxxxxxxxxxxxx
> >> >> >> >I have users successfully connecting to the VPN through my public,
> >> >> >> >they
> >> >> >> >are
> >> >> >> > able to access both interfaces on the VPN server however they are
> >> >> >> > unable
> >> >> >> > to
> >> >> >> > access any of the machines on the private network. Within the
> >> >> >> > Windows
> >> >> >> > 2003
> >> >> >> > VPN setup I was able to forward ports to specific machines and
> >> >> >> > have
> >> >> >> > the
> >> >> >> > VPN
> >> >> >> > users access that but ideally I would like to give the users
> >> >> >> > unrestricted
> >> >> >> > access to the private network. Is this possible if so how?
> >> >> >> > Private
> >> >> >> > network
> >> >> >> > is 192.168.1.0/24
> >> >> >>
> >> >> >>
> >> >> >>
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>
.

---

• Follow-Ups:
  • Re: Unable to access private network from the VPN (NAT)
    • From: Bill Grant

• References:
  • Unable to access private network from the VPN (NAT)
    • From: Linh
  • Re: Unable to access private network from the VPN (NAT)
    • From: Scott Harding
  • Re: Unable to access private network from the VPN (NAT)
    • From: Linh
  • Re: Unable to access private network from the VPN (NAT)
    • From: Bill Grant
  • Re: Unable to access private network from the VPN (NAT)
    • From: Linh
  • Re: Unable to access private network from the VPN (NAT)
    • From: Bill Grant
  • Re: Unable to access private network from the VPN (NAT)
    • From: Linh
  • Re: Unable to access private network from the VPN (NAT)
    • From: Scott Harding

• Prev by Date: Re: Unable to access private network from the VPN (NAT)
• Next by Date: Re: windows server 2003 required for L2TP VPN?
• Previous by thread: Re: Unable to access private network from the VPN (NAT)
• Next by thread: Re: Unable to access private network from the VPN (NAT)
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Please Help Site-To-Site without ISA ... You can configure more than one site to site VPN connection on the ... You set up a new demand-dial interface and configure a new site to ... public IP of the VPN server at the second site on the front. ... to router connection. ... (microsoft.public.windows.server.networking) Re: Unable to access private network from the VPN (NAT) ... Port forwarding/filtering is a completely ... why does the server have two interfaces in the same IP ... This extends the VPN ... The first interface is ... (microsoft.public.win2000.ras_routing) Re: problem with VPN running on static IP address ... I'm interested in what you said about being able to access the vpn server ... through the "virtual" interface. ... I've gotten the vpn to connect, but looking at the routes it gives me I ... It is similar to a RAS connection, ... (microsoft.public.windows.server.networking) Re: What doesnt lend itself to OO? ... The whole idea that a subsystem is just ... > The first line exists in the server. ... objects between client and server i.e. as far as the client code is ... > external interface is the traditional input interface whose ... (comp.object) Re: Please Help Site-To-Site without ISA ... The VPN traffic must go out through the default gateway. ... NICs in the server if they all connect to the Linksys. ... "dialup" type connection and at the demand-dial interface for a router to ... router connection. ... (microsoft.public.windows.server.networking)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Win2000  > microsoft.public.win2000.ras_routing  > 2005-04