Re: Unable to access private network from the VPN (NAT)

Tech-Archive recommends: Speed Up your PC by fixing your registry

If you use two NICs, they need to be in different IP subnets. Whether
you use one NIC or two depends on how you configure the LAN. They will both
work.

With one NIC, the server is just another machine on the LAN and uses the
router as the gateway (as do the other LAN machines). With two NICs, the
server becomes the default gateway for the LAN. The"public" NIC connects to
the router on a different IP subnet. You need to use this setup if you want
to use the server to filter traffic between the LAN and the outside world.
In the one NIC model, you would need to do that at the router.

Linh wrote:
> To be honest that doesnt make sense since you can run the VPN from one
> interface... Bill what is your take =)
>
> "Scott Harding" wrote:
>
>> You need two interfaces on 2 different subnets for this to work.
>>
>> --
>> Scott Harding
>> MCSE, MCSA, A+, Network+
>> Microsoft MVP - Windows NT Server
>>
>> "Linh" <Linh@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:AA4D7CDC-F89E-4CB0-910B-0A2C94C356A0@xxxxxxxxxxxxxxxx
>>> I've actually tired with only one interface... I'll give it a try
>>> again but
>>> it wasnt working before... =/
>>>
>>> Even before when I was using one interface the only way I could
>>> connect to specific servers was by clicking on NAT/Basic Filtering
>>> and then click on the
>>> interface ...under there you will see a Services and Ports ... I
>>> select a service or add a port and the ip I want to access and the
>>> next time I connect
>>> to the vpn I can access the machine.
>>>
>>> I'd like to access all machines without having to do that...
>>>
>>> thanks for all the help=) hopefully I can figure this out...
>>>
>>> "Bill Grant" wrote:
>>>
>>>> I don't understand the last bit. How can you "allow routing on
>>>> port 22"!
>>>> IP routing works on IP addresses. Port forwarding/filtering is a
>>>> completely
>>>> different thing.
>>>>
>>>> In addition, why does the server have two interfaces in the
>>>> same IP subnet? RRAS does funny things when this is the case. You
>>>> only need two interfaces if the server if is directly connected to
>>>> the Internet (ie one public and one private). If you are behind a
>>>> router, the router is the public interface.
>>>>
>>>> I would give the server just one NIC and one IP address.
>>>> Forward tcp port 1723 from the router to this IP address. This
>>>> extends the VPN connection to the server. All VPN traffic will be
>>>> encrypted and encapsulated
>>>> between the remote client and the server. After it reaches the
>>>> server it will be decrypted and forwarded to the LAN with its
>>>> private address.
>>>>
>>>> "Linh" <Linh@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>>>> news:C435BAD7-EC48-42E6-B7D6-172AFA6B735E@xxxxxxxxxxxxxxxx
>>>>> I have two interfaces on the windows2k3 machine. The first
>>>>> interface is 192.168.1.181 and the second is .182 (yes they are
>>>>> on the same router)
>>>>>
>>>>> I'm connecting to the VPN from an external site (some where over
>>>>> the internet)
>>>>> Yes i'm connected to the vpn! The external machine gets an
>>>>> internal ip address and its able to ping the interfaces on the
>>>>> VPN server. Not only
>>>>> that
>>>>> if I allow routing to 192.168.1.69 on port 22 I can ssh to that
>>>>> machine from
>>>>> the external computer. Yes the machine is on the VPN
>>>>>
>>>>> Its not an "internet" issue
>>>>>
>>>>> "Bill Grant" wrote:
>>>>>
>>>>>> Are you sure you are actually connecting by VPN? The symptoms
>>>>>> you describe fit the case when you are connecting directly
>>>>>> through the Internet!
>>>>>>
>>>>>> If you connect by VPN, your client should be receiving a
>>>>>> private IP
>>>>>> address. Its connection to the server should be through the
>>>>>> "virtual" interface of the server. Any port forwarding settings
>>>>>> on the server should
>>>>>> have no effect on this connection. The VPN traffic comes through
>>>>>> the "public" interface encrypted and encapsulated and is not
>>>>>> seen by that interface.
>>>>>>
>>>>>> "Linh" <Linh@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>>>>>> news:996258F3-F8E4-4813-906B-1099206896F3@xxxxxxxxxxxxxxxx
>>>>>>> I'm sorry I guess I was unclear. I'm unable to access the
>>>>>>> machines on
>>>>>>> the
>>>>>>> private interface. I'm unable to ping them. However if I
>>>>>>> forward ports
>>>>>>> to
>>>>>>> these server then i'm able to connect to 192.168.1.machinIP
>>>>>>>
>>>>>>> I would like open access to all machines...
>>>>>>>
>>>>>>> thanks!
>>>>>>>
>>>>>>> "Scott Harding" wrote:
>>>>>>>
>>>>>>>> This is typically because of misconfigured DNS/WINS settings.
>>>>>>>> They won't
>>>>>>>> be
>>>>>>>> able to browse through Network neighborhood but should be able
>>>>>>>> to access
>>>>>>>> resources by name.
>>>>>>>>
>>>>>>>> --
>>>>>>>> Scott Harding
>>>>>>>> MCSE, MCSA, A+, Network+
>>>>>>>> Microsoft MVP - Windows NT Server
>>>>>>>>
>>>>>>>> "Linh" <Linh@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>>>>>>>> news:174AF13F-9D3A-40E2-A292-B3E6F8BC1A73@xxxxxxxxxxxxxxxx
>>>>>>>>> I have users successfully connecting to the VPN through my
>>>>>>>>> public, they
>>>>>>>>> are
>>>>>>>>> able to access both interfaces on the VPN server however they
>>>>>>>>> are unable
>>>>>>>>> to
>>>>>>>>> access any of the machines on the private network. Within the
>>>>>>>>> Windows
>>>>>>>>> 2003
>>>>>>>>> VPN setup I was able to forward ports to specific machines and
>>>>>>>>> have
>>>>>>>>> the
>>>>>>>>> VPN
>>>>>>>>> users access that but ideally I would like to give the users
>>>>>>>>> unrestricted
>>>>>>>>> access to the private network. Is this possible if so how?
>>>>>>>>> Private
>>>>>>>>> network
>>>>>>>>> is 192.168.1.0/24


.

Relevant Pages

  • Win2k3 LAN Routing Questions
    ... I'm trying to divide a LAN into two segments to relieve congestion: ... I've set up RRAS on a dual-homed Win2k3 member server and installed the LAN ... I can ping both NICs from hosts on each segment, ... Interface 1 ...
    (microsoft.public.windows.server.networking)
  • Re: Remote Desktop Problem
    ... There is a wizard in the Server Management Console on SBS box for changing your LAN IP ... >> Your Internal and External NICs are on the Same subnet and that won't work. ... >> Frank McCallister SBS MVP ... >>> DNS Servers are the ISP IP's. ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003 Premium, Multi-Homed, Problem with OMA
    ... All I needed to do was have the gateway on the LAN NIC set to use the ... uses a single network connection" on the Router Connection page. ... Both NICs have static IP's, the ISP router has port forwarding ... had the LAN or ISP address in the DNS settings. ...
    (microsoft.public.windows.server.sbs)
  • Re: Multiple OS/2 PEERLAN help please
    ... not to introduce IP interface to the whole LAN. ... address setup and plugged into the local LAN. ... The two NICs will be on different networks so routing *ought* to sort ...
    (comp.os.os2.misc)
  • Re: SBS 2003 - dual nics connectivity problem
    ... sbs 2003 servers, both with a nic for wan and a nic for lan. ... The problem is that after a day or so of running with both nics ...
    (microsoft.public.windows.server.sbs)