Re: NAT help for 'simple' VPN configuration

Tim_Mac wrote:
> hi Philip, Bill, many thanks for the replies.
> firstly to Philip, i removed NAT and ticked 'Basic Firewall Only', and
> i have the same functionality, so that simplifies the matter greatly,
> thanks.
>
> Bill, i do understand about the private internal IP addresses. my
> client connects to the server via it's internal IP when the VPN is
> connected. i mention the external DNS because the client cannot
> browse web sites outside the VPN while it is connected, which is no
> good. the client's have DSL connections, and they connect to the VPN
> by PPTP. the VPN should not disable external internet access.
>
> i read on a microsoft artcle
> (http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/dcf7a6e5-e74f-4308-a6d4-c3b084387465.mspx)
> that you don't need DNS to resolve computer names to IP addresses on a
> VPN, thanks to NetBT Proxy.
> i quote: "The result is that network nodes on network segments that
> are attached to the VPN server (and all connected VPN clients) can
> automatically resolve each other's names without a DNS or WINS
> server."
>
> i can actually browse to \\serverName if i turn off the firewall on my
> XP Pro SP2 test client. but that's not desirable either for obvious
> reasons. once i turn the firewall back on, i can only browse by IP
> address.
>
> any ideas for how to enable computer browsing (by name) with the
> default client XP firewall turned on?
>
> thanks
> tim

I know that Microsoft introduced the NetBT proxy in Server 2003 but I
have never used it. (It wasn't there in W2k). If you don't have a DNS server
on the LAN I would use hosts or lmhosts files on the client for name
resolution.

The Internet browsing is a client setting. By default, all traffic is
redirected to to the VPN link. To keep the default route to the Internet
(split tunnel), you need to clear the "Use default router.." box in TCP/IP
of the client's connection properties. See KB 254231.

The Netbios firewall settings on the server won't worry you. When the
VPN traffic goes through it is still encrypted. The firewall only sees the
PPTP header.

The firewall settings on the client will have to allow file sharing and
allow traffic on the 192.168.0 subnet.


.

Relevant Pages

  • Re: VPN clients unable to connect to other resources.
    ... gateway matches the IP of the remote client, and DNS and WINS point to the ... remote (although it takes close to a minute to connect, ... This is just regular Windows VPN, ... VPN server, remote routing and access running on the SBS 2003 server ...
    (microsoft.public.windows.server.sbs)
  • RE: Problems with connectcomputer and active directory
    ... I understand that you would like to join a remote client to the domain. ... If you have hardware VPN tunnel setup using Linksys or others, ... In this scenario you have to configure the SBS Server computer to enable ... Create a VPN connection to ISA/RRAS on the Internet ...
    (microsoft.public.windows.server.sbs)
  • RE: Remote connectivity problems
    ... do you mean you have added a remote client to SBS ... If you have hardware VPN tunnel setup using Linksys or others, ... In this scenario you have to configure the SBS Server computer to enable ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN clients unable to connect to other resources.
    ... Are you saying that an XP Home PC wouldn't be able to connect to a server share over VPN? ... Can ping the SBS but not the client PCs on the same network. ... gateway matches the IP of the remote client, ...
    (microsoft.public.windows.server.sbs)
  • RE: VPN error 800
    ... I had already done all the testing from the inside of the firewall you ... I narrowed down the problem to the hardware router the client location, ... tried to connect to the server with VPN and it succeded! ...
    (microsoft.public.windows.server.sbs)
Loading