Re: RRAS as VPN Server Configuration Questions...
- From: "Bill Grant" <not.available@online>
- Date: Sat, 7 Jan 2006 10:30:59 +1100
If you don't want to use the server as the DG for the network it should
only have one NIC. It is just another machine on the LAN, and it doesn't do
any routing.
Mike B. wrote:
> Bill,
>
> Thanks for the reply. However, I do not want the server to be the
> default gateway for the LAN. The server has enough to do.
>
> DHCP is configured to hand out 192.168.20.1 (Router #2) as the
> default gateway (003 Router) on the LAN, as well, (004 Time Server),
> (005 Name Servers), (006 DNS Server), (007 Log Servers), (042 NTP
> Servers), and (044 WINS/NBNS Servers) point to the Server
> (192.168.20.2) and finally (015 DNS Domain Name) is abc.local.
>
> The public NIC #2 on the server should only be used for VPN
> Services. DHCP and DNS are only configured to service NIC #1, and DNS
> is forwarding to the ISP. As well, the Server is using the local DNS.
>
> RRAS is configured to use the DHCP and look at NIC #1 for DCHP,
> DNS, and WINS addresses for dial-up clients. The DHCP Relay Agent
> has been configured with the Server (192.168.20.2)
>
> Thanks,
>
> Mike B.
> I.D.M. Technologies
> Milwaukee, WI, USA
>
>
> "Bill Grant" <not.available@online> wrote in message
> news:%238KTsxkEGHA.140@xxxxxxxxxxxxxxxxxxxxxxx
>> If you want to run the server as a router/remote access server
>> and be the gateway for your LAN, there should be no connection
>> between the DSL router and the switch. Only the server's "public"
>> NIC should connect to the DSL router. You will also need a static
>> route on the DSL router to forward traffic for 192.168.20.0/24 to
>> the Windows server (so that it can deliver it on the LAN. The
>> router's only private NIC is in 192.168.10 , so it does not know
>> where 192.168.20 is. Without a static route it will use its
>> default, which is back out to the Internet!). The setup would look
>> like this.
>>
>> Internet
>> |
>> public IP
>> DSL router (static route 192.168.20.0 255.255.255.0
>> 192.168.10.2) 192.168.10.1
>> |
>> 192.168.10.2 dg 192.168.10.1
>> server
>> 192.168.20.1 dg blank
>> |
>> workstations
>> 192.168.20.x dg 192.168.20.1
>>
>> Because of AD, every machine (including the sever itself) should
>> use the local DNS server. This server should be configured to
>> forward to a public DNS service (such as your ISP) to resolve public
>> addresses. DNS relay through a router is not compatible with AD. AD
>> uses DNS to find local SRV records and they are only fould in your
>> local DNS.
>>
>> Mike B. wrote:
>>> Hi all,
>>>
>>> I have a client with a single Windows 2000 Advanced Server
>>> controlling a local domain (abc.local). This very small company (1
>>> Server, 4 Workstations and 2 Laptops) CANNOT afford a second server.
>>> However, they wish to enable remote access (VPN). I have configured
>>> the network in the following way:
>>>
>>> Cable/DSL Modem
>>> |
>>> Router #1
>>> | \
>>> | \
>>> | \
>>> Router #2 Server
>>> | /
>>> | /
>>> | /
>>> Switch
>>> |
>>> Rest of network
>>>
>>> Router #1:
>>> WAN IP: Dynamic (Set by ISP - FOR NOW, client will get static IP
>>> after RRAS working)
>>> (IP, Mask, Gateway and DNS configured through ISPs DHCP)
>>> LAN IP: 192.168.10.1
>>> LAN Mask: 255.255.255.0
>>> DNS Relay: Enabled
>>> Everything blocked Except:
>>> IPSec Passthrough Enabled
>>> PPPoE Passthrough Enabled
>>> PPTP Passthrough Enabled
>>> Ext.Port TCP 1723 Forwarded to
>>> Int.Port TCP 1723 on Server NIC #2: 192.168.10.2
>>>
>>> Router #2:
>>> WAN IP: 192.168.10.10
>>> WAN Mask: 255.255.255.0
>>> WAN Gateway: 192.168.10.1
>>> LAN IP: 192.168.20.1
>>> LAN Mask: 255.255.255.0
>>> DNS Relay: Enabled
>>> Everything blocked
>>>
>>> Server:
>>> NIC #1: configured and connected to internal network via Switch
>>> (intranet) NIC #1 IP: 192.168.20.2
>>> NIC #1 Mask: 255.255.255.0
>>> NIC #1 Gateway: 192.168.20.1
>>> NIC #2: configured and connected to external network via Router #1
>>> (internet)
>>> NIC #2 IP: 192.168.10.2
>>> NIC #2 Mask: 255.255.255.0
>>> OS: Windows 2000 Advanced Server (All updates applied)
>>> PDC - abc.local
>>> Active Directory
>>> DHCP - Scope (192.168.20.10 - 192.168.20.250)
>>> DNS - Standard Files; NOT Active Directory Stored
>>> WINS
>>> Routing And Remote Access - * currently disabled *
>>>
>>> At this point everything is working beautifully! Then I configure
>>> RRAS. During setup I choose Remote Access NOT VPN Server, because I
>>> read VPN Server mode is for a stand-alone server not a PDC. With
>>> just that configured everything is still working fine (internal
>>> workstations have access to the internet and can browse locally) and
>>> remote clients can connect. However, remote clients cannot even
>>> ping internal workstations, all they see is the server. When
>>> attempting to ping an internal workstation from the remote client
>>> by name, the name is resolved to an IP address. So, I'm assuming
>>> that the clients are resolving (seeing) the DNS and this is a route
>>> problem? I know I can NOT put a default gateway on NIC #2 to point
>>> at NIC #1, so I've tried adding a route from NIC #2 to the loopback
>>> (127.0.0.1)?
>>>
>>> The BIG QUESTION, is everything I need to configure to get this
>>> working in RRAS GUI or do I need to configure routes manually
>>> through "route add -p"??? The smaller BIG QUESTION is can anybody
>>> please help with specifics not generics?
>>>
>>> Thanks in advance for any assistance,
>>>
>>> Mike B.
>>> I.D.M. Technologies
>>> Milwaukee, WI, USA
.
- References:
- RRAS as VPN Server Configuration Questions...
- From: Mike B.
- Re: RRAS as VPN Server Configuration Questions...
- From: Bill Grant
- Re: RRAS as VPN Server Configuration Questions...
- From: Mike B.
- RRAS as VPN Server Configuration Questions...
- Prev by Date: Frustrating VPN Problem
- Next by Date: Re: Remote Access and Error 20082
- Previous by thread: Re: RRAS as VPN Server Configuration Questions...
- Next by thread: Re: RRAS as VPN Server Configuration Questions...
- Index(es):
Relevant Pages
|
Loading
