Re: Cannot make connection with RAS server behind firewall.
- From: "James McIllece [MS]" <jamesmci@xxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 11 Sep 2007 11:00:12 -0700
=?Utf-8?B?Sm9obiBO?= <JohnN@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
news:80E4317D-D899-4733-83CD-58FE1E7B65AB@xxxxxxxxxxxxx:
I have been struggling to get my remote access server to work. The
symptoms are somewhat inconsistent, and Iâ??m guessing that I missed
something major here.
I have two servers behind my firewall, a netopia 3386-ENT. One is
providing web and mail services, and the other is a domain controller.
Both are W2K3 fully patched.
Our ISP issued us a /248 network giving us 6 usable IP addresses.
The netopia is part of an enterprise network comprised of three site
to site VPNs, both connecting to this network. The VPNs connect using
a PPTP connection.
Iâ??m trying to get users to authenticate to the domain controller
using RAS, and Iâ??ve assigned one of the public IP addresses to pass
PPTP back to the domain controllerâ??s private IP address. Most of
the time, it doesnâ??t even establish a connection. Sometimes it
does, but only one person can use it. Of course, if I tell the
router to pass all PPTP connections back to the domain controllerâ??s
internal address, none of the VPNs work. Iâ??m stumped. Iâ??m pretty
sure that this is a firewall issue, as the VPN connections work fine
from inside the network.
Thanks for your help in advance.
Hi there --
The scenario as you describe it is very confusing.
Are you saying you have two branch offices and one main office and the two
branch offices are connected via PPTP based site to site VPN to the main
office?
If so, are both branch offices connecting to the same VPN server at the
main office? Are these persistent connections or dial on demand
connections?
You state that you want users to be authenticated using a RAS connection,
but it is unclear where the users are located -- are you talking about
people RASing in from home, or are you talking about people who are at the
branch office locations?
If you are talking about the branch office locations and you have a site to
site VPN between the branch office and the main office, users do not need
to use RAS (and should not) -- the site to site VPN creates a tunnel
through which all traffic flows between the sites. All you have to do is
get that working and when users log onto their domain member machines they
will be authenticated by the closest DC, you don't need any extra
connectiods or anything. (This assumes that you have your IP addressing set
up correctly with DHCP, that DNS is working, etc.)
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
.
- Follow-Ups:
- Prev by Date: Re: IP Address Change
- Next by Date: Re: Help with Owner of a romaing profile folder
- Previous by thread: Re: IP Address Change
- Next by thread: Re: Cannot make connection with RAS server behind firewall.
- Index(es):
Relevant Pages
|
