Re: Win2K RRAS/VPN Help
- From: "DMF" <me@xxxxxxxxxxxxx>
- Date: Sun, 28 Aug 2005 23:50:21 -0700
Bill Grant wrote...
> 1) Yes, having two NICs in the same IP subnet is a bad idea (especially
> if you try to configure different gateway settings on the NICs). It is
> also unnecessary and doesn't do anything useful. But if you disable NIC2,
> you will need to change the port forwarding on the router so that it
> forwards the VPN traffic to NIC 1. You should not need to change anything
> on the server itself.
That's what I was hoping but I disabled NIC#2 and told RRAS to use
NIC#1 which went fine. However, the RRAS was set to distribute
*.201 thru *.225 IPs for VPN clients. Included in that setting was a
reference to the *.192 NIC#2 IP and I could not change it so that it
referred to NIC#1 IP *.2 so I gave up. There was also a choice to
use DHCP but I did not want to make any drastic changes since the
company boss was on a trip to Boston and I didn't really want to risk
knocking the VPN out of commission ;-)
Next time I go back I will get more details on the *.192 reference that
I could not change.
> This probably won't solve all of your problems. Your server will still
> be multihomed (ie have two interfaces) when a VPN client connects
> (because of the "internal" RRAS interface 192.168.1.200 which is the
> endpoint of VPN connections). This causes duplicate names and
> browsing problems.
Hmmm... now I am confused because I have seen other sites with
RRAS using *.200 and clients getting *.200+ IPs. I thought that the
duplicate names and browsing problems were coming from NIC#2
with the *.192 address on the same subnet as the *.2 address both
in the Server PC.
> The simplest way to fix this is to disable Netbios over TCP/IP on the
> RRAS internal interface. The details are given near the end of KB
> 292822.
Okay, I will look into that. I also read a site that suggested that if File
and Print sharing is deselected for the secondary NIC then two NICs
can co-exist in the same server without generating errors.
> 2) The person who set it up obviously didn't grasp the situation.
I realized that pretty quickly ;-)
> If all the machines are using the Linksys as their default gateway they
> can all plug into the same switch. (NIC2 should be disabled and not
> plugged into anything). The present setup would only make some sense
> if the Linksys and the router were in a different IP subnet from the LAN
> clients. This is a feasable solution but is not the one you are set up
> for. In
> that case, the LAN clients would use the server's LAN NIC as their
> default gateway, not the Linksys.
Disabling NIC#2 is my (short-term) goal right now but I was afraid of
knocking VPN access out of commision. I think that long term the way
I want to set it up is to get NIC#2 one of the static, public DSL addresses
with VPN only filter on it and use a different public DSL address for the
WAN side of the Linksys which would provide FW/DHCP/NAT to LAN
side clients and Server providing on NIC#1 AD/DNS/FileShare and on
NIC#2 RRAS/VPN
> How about DNS? Are the clients set up to use the DC as their DNS
> server? And is the server set to forward to a public DNS (such as your
> ISP)?
Seems to work okay... Server is AD/DNS with forward set to the ISPs
public DNS so clients look to Server for DNS and can access the Internet
and shared local resources. However, lost shared drives and Internet
disconnects are common LAN/client side -- a reboot fixes the problem.
I'm going back to this site tomorrow and will collect more info. I really
appreciate you help here, Bill. Thanks.
Regards,
David
.
- Follow-Ups:
- Re: Win2K RRAS/VPN Help
- From: Bill Grant
- Re: Win2K RRAS/VPN Help
- References:
- Win2K RRAS/VPN Help
- From: DMF
- Re: Win2K RRAS/VPN Help
- From: Bill Grant
- Win2K RRAS/VPN Help
- Prev by Date: Re: Win2K RRAS/VPN Help
- Next by Date: Cannot access VPN host server itself
- Previous by thread: Re: Win2K RRAS/VPN Help
- Next by thread: Re: Win2K RRAS/VPN Help
- Index(es):
Relevant Pages
|
