Re: VPN - desparate housewife part 2
- From: "Bill Grant" <not.available@online>
- Date: Sat, 2 Jul 2005 12:43:05 +1000
That makes things a bit clearer. Your RRAS server does not need to know
about the public IP of the router, so disable the second NIC in the server
and only use the one with a private (192.168.1.x) address. Its default
gateway will be automatically set to 192.168.1.254 if it gets ite config
from DHCP on the router.
First make sure that all the clients and the server can access the
Internet through the DSL router. Next check that you can make a VPN
connection from a LAN client to your VPN server using its LAN IP. This will
check that your VPN server is correctly set up to allow VPN access. Any
problems with authorisation or policies can then be fixed locally.
The standard setup for a VPN server using two NICs assumes that the
server is directly connected to the Internet. In your case, your Internet
connection is via a NAT router. You only need one NIC in the server because
the router acts as your Internet connection.
When you have your VPN server working correctly on the LAN, you can
enable VPN connection from the Internet by programming your router. The
remote clients connect through the Intenet to your router's public interface
and the router forwards the information across the LAN to your VPN server.
Exactly how you do this depends on your router. (They all seem to use very
different config screens). What you need to do is forward PPTP (tcp port
1723) from the router to the server. This extends the VPN connection from
the router to the server.
The other problem you may meet is GRE. The data crossing the VPN link is
encrypted and encapsulated. The encapsulation protocol used is GRE (Generic
Routing Encapsulation). If your router is programmed to block GRE, no data
will be transferred and the connection will close. This usually shows up as
error 721. If you strike this problem you will need to find out how to allow
GRE. It might be mentioned by name, by protocol number (it is IP protocol
47) or it may be listed as pptp pass-through mode or even as VPN
pass-through mode.
Debora wrote:
> Bill thanks again for help and understanding. You can see the
> desparation. Our Broadband Router(4 ports) has IP of 81.138.11.230,
> the Server NIC (internet) .225 and Server NIC (LAN) 192.168.1.10. The
> Gateway IP 192.168.1.254 was taken from the LAN settings, showed IP
> as gateway, if that makes sense. When NIC(internet) settings entered
> I assumed Gateway as above. I originally had NIC(internet) Gateway as
> Router IP .230 but changed it as VPN not working (this is where I
> feel a mistake made). The NIC(internet) is connected to Router port
> and NIC(lan) is connected to hub which in turn is connected to
> Router. The Router acts as DHCP for local LAN, Server has static
> IP(.10) range.All PC connected to hub.-- --Bill I hope you can help
> me as I'm attempting RRAS/VPN but as you can see initial setup may be
> at fault. If you need any more info please ask. Extremely grateful,
> Debora x.
>
> "Bill Grant" wrote:
>
>> That doesn't really make any sense. If the server is supposed to
>> access the Internet through a router at 192.168.1.254, why does it
>> have a NIC with a public address (81.138.119.225 )? Does this NIC
>> connect to anything?
>>
>> If the 81.138 NIC has a connection to the Internet you do not
>> need to use the router. If your router is the only connection to the
>> Internet, you do not need the second NIC with a public IP.
>>
>> So the first thing we need to know is what is the NIC with the
>> public address actually doing? If it is doing nothing, disable it
>> and use the router at 192.168.1.254 as your default gateway. If it
>> is connected to a public network you can use it as your Internet
>> connection.
>>
>> Debora wrote:
>>> Sorry for joke title. I posted weeks ago 6/17 (thanks BIll) and need
>>> more basic help. I have read lots of literature (this is effectively
>>> my server training) but basic questions about setup remain.-- --
>>> I have a Win Server 2000 (DNS/AD not DHCP) we use only for file
>>> store and it has 2 NIC's. NIC1(Internet) has static public IP
>>> 81.138.119.225 with Gateway as 192.168.1.254 , NIC2 (lan) IP
>>> 192.168.1.10 static from Router DHCP without Gateway entered.--
>>> --Vpn client is receiving IP from list 192.168.1.25-32 and connects
>>> to NIC1(internet) 81.138.119.225 works fine (only by IP address).
>>> Can view shared files only if I map drive using NIC (lan)
>>> 192.168.1.10 IP. i.e. \\192.168.1.10\Opendata etc.-- --Basic
>>> questions (this is the desparate part): What IP do I use to view
>>> shared files (it doesn't seem right to use .10)? Do I need to have
>>> vpn server name resolved anywhere? Internet cannot be browsed from
>>> vpn server is this an issue I need to do something about?-- -- I
>>> have more but please for now can anyone help me. If more info
>>> required please tell me. Debora x.
>>>
>>> Real basic questions are
.
- Follow-Ups:
- Re: VPN - desparate housewife part 2
- From: Debora
- Re: VPN - desparate housewife part 2
- References:
- Re: VPN - desparate housewife part 2
- From: Bill Grant
- Re: VPN - desparate housewife part 2
- From: Debora
- Re: VPN - desparate housewife part 2
- Prev by Date: Re: HELP! RAS & DHCP!
- Next by Date: Re: VPN - desparate housewife part 2
- Previous by thread: Re: VPN - desparate housewife part 2
- Next by thread: Re: VPN - desparate housewife part 2
- Index(es):
Relevant Pages
|
