Re: VPN server with a firewall

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: "Robert L [MS-MVP]" <noreply@xxxxxxxxxxx>
Date: Mon, 16 May 2005 11:33:27 -0600

Assuming you have two NICs, they should not be the same subnet. Also, I would use NAT instead of firewall.

For more and other information, go to http://howtonetworking.com.

Don't send e-mail or reply to me except you need consulting services. Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.

"Eric Baines" <EricBaines@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:51E1DBA7-5F7F-4E17-9141-5A2EEBCEBB9C@xxxxxxxxxxxxx...
I have a Windows 2003 VPN server that is working fine. My trouble is that I
just can't integrate the thing with my firewall. Has anyone succeeded in
doing this?

MS recommend putting it in front or behind the firewall. But I can't get
this to work because both network cards must sit on the same subnet, and so
just route around each other.

My firewall people say I should make it a single card VPN server and put it
in the DMZ, behnind a NAT. I have done this, and PPTP works fine - but IPsec
doesn't work in this configuration.

The more I do this, the more I think MS VPN server is incompatible with a
Firewall. Can anyone help?

References:
- VPN server with a firewall
  - From: Eric Baines

Prev by Date: Re: Split tunnel
Next by Date: Re: Split tunnel
Previous by thread: VPN server with a firewall
Next by thread: internal network access via vpn
Index(es):
- Date
- Thread

Relevant Pages

Re: New 2003 Server - Cannot Reach Outside Network
... Posting on MS newsgroup will benefit all readers and you may get more help. ... > the server was blocked. ... I am able to get connectivity (both ping and network ... I am behind a Sonicwall SoHo3 firewall. ...
(microsoft.public.windows.server.networking)
Re: VPN Server not as a gateway.
... interfaces and sit between the outside line and the internal network. ... What I want is a vpn server I can just attach to the lan switch with ... install than a gateway/ firewall install. ...
(comp.os.linux.networking)
Re: RRAS configuration
... My personal opinion is that if all your network is reachable from the ... It is the simplest routing setup because the firewall is already the ... > VPN server and connecting to it then the network behind it. ...
(microsoft.public.windows.server.networking)
Re: XP VPN Server / NT 4 Server PDC
... This posting is provided "AS IS" with no warranties. ... machine elsewhere on the internal LAN as a VPN server. ... logged on I can see all the network computers and the NT PDC, ...
(microsoft.public.windowsxp.network_web)
RE: Microsoft Win2k VPN server placement
... I agree with your point on firewall policy, ... Whether on the internal network alone, or attached to the public network ... the output from the VPN server may not be on the ... with only one account having dial-in permissions (and not the admin ...
(Focus-Microsoft)