Re: RRAS as VPN Server Configuration Questions... New one...

Hi Bill,

Thanks again for your response. Did you READ my full post???

>The first thing to check is whether any of the routers is capable of
>acting as a VPN server

One of them has VPN Server capability (D-Link DI-824VUP). However, this
does not allow for Domain User authentication and also has to remain on the
inside LAN as it is used for the Wireless AP on the LAN.

>They will be able to access
>the server (because it gets an IP address from the pool for its "internal"
>interface). They will not be able to access LAN machines if you do not
>enable IP routing on the RRAS server.

Please tell me if I'm wrong, but in "ipconfig /all" "IP Routing... Enabled"
and:
> - RRAS
> Configured on 192.168.119.2 using DHCP
> Router - LAN and demand-dial routing and Remote Access Server
> Windows Authentication
> Use the following adapter to obtain DHCP, DNS, and WINS addresses
> for dial-up clients. Adapter: WAN
> Modified Policy to only allow one domain group for Remote Access
> DHCP Relay Agent configured for 192.168.119.2
> WAN interface only
> IGMP
> WAN - IGMP Router
> LAN - IGMP Router

tells me that IP routing is enabled and VPN Clients should have full access
to the network, correct???

> You do not need more than one NIC in the server if it is behind a router
>which has an Internet connection. The router acts as the public interface
>for connection (ie the remote client connects across the Internet to the

This suggestion will NOT work for:
> while keeping unauthenticated VPN traffic OFF the LAN where Client

and

>public interface of the router). The VPN connection is extended to the
>server by forwarding from the router (tcp port 1723 for pptp).

I have on Router #1:
> External Port 1723 Forwarded to Port 1723 on 192.168.118.2 (Router #2)
and on Router #2:
> External Port 1723 Forwarded to Port 1723 on 192.168.119.2 (RRAS)

Thanks,

Mike


.

Relevant Pages

  • Re: VPN Advice...do I need a purchased static ip address on the external interface?
    ... >> Server then that server must have a been assigned a purchased static IP ... >> if I was to try and use Windows 2000 SBS as the server for the VPN, ... >> If I used a router instead then the router would have this purchased IP ... > supports dynamic dns, then users connect to the dynamic dns name and ...
    (comp.dcom.vpn)
  • Re: VPN Tunnel Connects,cant access resources
    ... VPN router is not on your LAN. ... I would run the server with one NIC and set the Linksys to be the ...
    (microsoft.public.windows.server.networking)
  • Re: Possible to secure WEP?
    ... It doesn't have to be a "server". ... this IP cannot be in the same class C IP block as your own LAN. ... To keep it simple, my gateway router, ... Ethernet adapter Local Area Connection: ...
    (alt.internet.wireless)
  • Re: Server/Network setup question
    ... currently the users are getting IP addresses from DHCP on the router. ... SBS server a static IP address in the same range as the router. ... be in a subnet that is different from the SBS LAN (with their own Internet ...
    (microsoft.public.windows.server.sbs)
  • Re: IPSEC routing ?
    ... the Tunnel only see the "outside" of the Tunnel,...nothing sees the inside ... Site-to-Site VPN and Remote Access VPN act totally different..... ... This means the VPN Router behaves just like a regular LAN ...
    (microsoft.public.windows.server.networking)
Loading