Re: VPN - desparate housewife part 2

Bill, I'm extremely grateful for your help. I have also read a lot of your
replies to others and I finally believe I have 'got' this Remote Access. I
plan to start again when in office with approp. wizard.

I will disable NIC (internet), run RRAS wizard with 'Remote Access'
selection, NOT Vpn selection, setup Router with approp. ports and GRE(see
below), and testing as you stated.

Further to your reply and further study of the Router guide states a VPN
server can be hosted but to allow Vpn client inbound the "Allow all
applications" rules must be selected. All traffic is then directed to Server.
The Server will be placed in DMZ mode, the Router will still provide Stateful
Packet Inspection (Denial of Service/Attack Detection etc) but recommends
another firewall be in place.

I want to ask some more and hope your patience is still intact. 1. Is my
thinking about right or have I missed it again. 2. With your solution and
Router guidance, it will still allow for normal Lan access to server for Lan
clients (being brave I assume YES as there are now NO blocking filters on
NIC)? 3. I assume that our 5 Static IPs and 2nd NIC are really useless for
this setup? 4. Lastly, do you feel it is important for a further firewall
which will probably be software one.

Bill thanks again for your invaluable help and advise. If I get this to work
I will ask my boss to send you some sort of fee for my server training and
RRAS setup help. I will post post again with outcome. (I hope I haven't
broken any rules or offended you.) Debora x.

"Bill Grant" wrote:

> That makes things a bit clearer. Your RRAS server does not need to know
> about the public IP of the router, so disable the second NIC in the server
> and only use the one with a private (192.168.1.x) address. Its default
> gateway will be automatically set to 192.168.1.254 if it gets ite config
> from DHCP on the router.
>
> First make sure that all the clients and the server can access the
> Internet through the DSL router. Next check that you can make a VPN
> connection from a LAN client to your VPN server using its LAN IP. This will
> check that your VPN server is correctly set up to allow VPN access. Any
> problems with authorisation or policies can then be fixed locally.
>
> The standard setup for a VPN server using two NICs assumes that the
> server is directly connected to the Internet. In your case, your Internet
> connection is via a NAT router. You only need one NIC in the server because
> the router acts as your Internet connection.
>
> When you have your VPN server working correctly on the LAN, you can
> enable VPN connection from the Internet by programming your router. The
> remote clients connect through the Intenet to your router's public interface
> and the router forwards the information across the LAN to your VPN server.
> Exactly how you do this depends on your router. (They all seem to use very
> different config screens). What you need to do is forward PPTP (tcp port
> 1723) from the router to the server. This extends the VPN connection from
> the router to the server.
>
> The other problem you may meet is GRE. The data crossing the VPN link is
> encrypted and encapsulated. The encapsulation protocol used is GRE (Generic
> Routing Encapsulation). If your router is programmed to block GRE, no data
> will be transferred and the connection will close. This usually shows up as
> error 721. If you strike this problem you will need to find out how to allow
> GRE. It might be mentioned by name, by protocol number (it is IP protocol
> 47) or it may be listed as pptp pass-through mode or even as VPN
> pass-through mode.
>
> Debora wrote:
> > Bill thanks again for help and understanding. You can see the
> > desparation. Our Broadband Router(4 ports) has IP of 81.138.11.230,
> > the Server NIC (internet) .225 and Server NIC (LAN) 192.168.1.10. The
> > Gateway IP 192.168.1.254 was taken from the LAN settings, showed IP
> > as gateway, if that makes sense. When NIC(internet) settings entered
> > I assumed Gateway as above. I originally had NIC(internet) Gateway as
> > Router IP .230 but changed it as VPN not working (this is where I
> > feel a mistake made). The NIC(internet) is connected to Router port
> > and NIC(lan) is connected to hub which in turn is connected to
> > Router. The Router acts as DHCP for local LAN, Server has static
> > IP(.10) range.All PC connected to hub.-- --Bill I hope you can help
> > me as I'm attempting RRAS/VPN but as you can see initial setup may be
> > at fault. If you need any more info please ask. Extremely grateful,
> > Debora x.
> >
> > "Bill Grant" wrote:
> >
> >> That doesn't really make any sense. If the server is supposed to
> >> access the Internet through a router at 192.168.1.254, why does it
> >> have a NIC with a public address (81.138.119.225 )? Does this NIC
> >> connect to anything?
> >>
> >> If the 81.138 NIC has a connection to the Internet you do not
> >> need to use the router. If your router is the only connection to the
> >> Internet, you do not need the second NIC with a public IP.
> >>
> >> So the first thing we need to know is what is the NIC with the
> >> public address actually doing? If it is doing nothing, disable it
> >> and use the router at 192.168.1.254 as your default gateway. If it
> >> is connected to a public network you can use it as your Internet
> >> connection.
> >>
> >> Debora wrote:
> >>> Sorry for joke title. I posted weeks ago 6/17 (thanks BIll) and need
> >>> more basic help. I have read lots of literature (this is effectively
> >>> my server training) but basic questions about setup remain.-- --
> >>> I have a Win Server 2000 (DNS/AD not DHCP) we use only for file
> >>> store and it has 2 NIC's. NIC1(Internet) has static public IP
> >>> 81.138.119.225 with Gateway as 192.168.1.254 , NIC2 (lan) IP
> >>> 192.168.1.10 static from Router DHCP without Gateway entered.--
> >>> --Vpn client is receiving IP from list 192.168.1.25-32 and connects
> >>> to NIC1(internet) 81.138.119.225 works fine (only by IP address).
> >>> Can view shared files only if I map drive using NIC (lan)
> >>> 192.168.1.10 IP. i.e. \\192.168.1.10\Opendata etc.-- --Basic
> >>> questions (this is the desparate part): What IP do I use to view
> >>> shared files (it doesn't seem right to use .10)? Do I need to have
> >>> vpn server name resolved anywhere? Internet cannot be browsed from
> >>> vpn server is this an issue I need to do something about?-- -- I
> >>> have more but please for now can anyone help me. If more info
> >>> required please tell me. Debora x.
> >>>
> >>> Real basic questions are
>
>
>
.

Relevant Pages

  • RE: VPN connection not passing the password auth stage.
    ... I understand that when you try to establish a VPN ... connection, the connection fails in the process of verifying the ... PPTP client and a PPTP server. ... The router must be able to pass Generic ...
    (microsoft.public.windows.server.sbs)
  • Re: static routing
    ... Connections work going out from inside the router, ... I'll have to remove the router and connect the server directly to the cable ... A static route has been added that matches the subnet ...
    (microsoft.public.windows.server.networking)
  • RE: VPN issue on SBS2003
    ... I understand that you encountered VPN connection issue when you use VPN to ... Internet clients or VPN to external VPN Server from SBS Client computers? ... Configure E-mail and Internet Connection Wizard ... Total GRE packets sent = 1 ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN Error 778
    ... Then run the Remote Access Wizard for VPN setup. ... Then try to VPN from a port on the router. ... I'm running EZtrust antivirus on the server, ... using a wireless connection, one a desktop using an ethernet ...
    (microsoft.public.windows.server.sbs)
  • Re: Please Help Site-To-Site without ISA
    ... A VPN connection does not really connect to any NIC. ... connection and at the demand-dial interface for a router to router ... or am I stuck with the NIC that is the VPN server? ...
    (microsoft.public.windows.server.networking)