Re: Multihomed server 2000

Bill,

Here's the scenario: I've got one NIC connected to my internal LAN; the plan
was to attach a wireless AP to the other, and only allow VPN connections
through it. The idea was that if I only accepted VPN connections on the
second port, I could control who got wireless access to a much greater
degree.

Now, in theory this seems identical to a classical dial-in configuration:
clients dial in to a modem, through which they establish a VPN which is
routed to internal resources. I'm just substituting an AP for the modem.

What I'm puzzled about is the fact that I can't ping the "wireless"
interface externally. If I ping it from the server console, no problem.
But if I attach my laptop to the interface, set the laptop's IP to
192.168.200.200 and try to ping I get no response. I can see the pings
arriving at the server, but the server doesn't respond. In this test setup
neither the server nor client have firewalls.

Bob Lin asked to see ipconfig reports for both server and client; I've
provided them below :

Server:

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : server
Primary DNS Suffix . . . . . . . : internal.inc.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : internal.inc.com
inc.com

Ethernet adapter Intel: (attached to internal LAN)

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection
Physical Address. . . . . . . . . : 00-03-47-A3-93-5A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.7
Primary WINS Server . . . . . . . : 192.168.0.7

Ethernet adapter Realtek: (wireless AP interface)

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139(A)-based PCI Fast
Ethernet Adapter
Physical Address. . . . . . . . . : 00-40-33-AF-D8-46
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.200.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . :

Client:

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : dpm-lt
Primary DNS Suffix . . . . . . . : internal.inc.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : internal.inc.com
inc.com

Ethernet adapter LAN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 21143 Based PCI Fast Ethernet
Adapter #2
Physical Address. . . . . . . . . : 00-C0-F0-3E-40-C4
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.200.200
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.0.7
151.197.0.38
Primary WINS Server . . . . . . . : 192.168.0.7

Ethernet adapter {61A9DB95-4C1E-4641-A501-274A1D016308}:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NOC Extranet Access Adapter
Physical Address. . . . . . . . . : 44-45-53-54-42-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . :

Thanks for your help.

Regards,
Dean

"Bill Grant" <not.available@online> wrote in message
news:%23xX3l45TGHA.224@xxxxxxxxxxxxxxxxxxxxxxx
Two questions.

1.Why do you want a second NIC in the server? VPN clients connect to a
"virtual" interface. They do not need a separate NIC. On a private LAN the
encapsulated VPN traffic can be directed to the LAN NIC from the
router/NAT-device/firewall.

2. The 192.168.0.5 NIC is connected to the LAN. What is the second NIC
connected to?

DPM wrote:
Hello,

I've got a Win2K server with 2 NICs; one is set to 192.168.0.5 and is
connected to the LAN, the other is set to 192.168.200.1 (both masks
255.255.255.0). The first works fine; I want to use the second for
VPNs, but I can't ping it. It's enabled, I can see pings arriving,
but no response. Any idea why? (No firewalls, BTW).

Thanks for any suggestions.




.

Relevant Pages

  • Re: Running Multiple NICs from 1 PC
    ... NIC is for the LAN running a private IP with subnet of ... then they can not VPN nor ... >access the LAN. ... group reply with a copy of the route table made when both NICs are ...
    (microsoft.public.windowsxp.network_web)
  • VPN Very Slow
    ... Server PC is on a small LAN implemented via a Linksys WRT54G Router ... VPN is implemented using built-in networking of Windows XP: ... - on the client go into Network Connections, ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: Possible DHCP issue with VPN clients
    ... You might want to check both the binding order of the NICs (www and VPN ... connections) and also the default gateway metrics on both. ... all of a sudden this client can't connect. ...
    (microsoft.public.win2000.active_directory)
  • Re: Dual-Network Card VPN Server?
    ... > You should not have two NICs in the same IP subnet. ... > the same subnet as your LAN machines, you only need one NIC in the server. ... >> set up VPN. ...
    (microsoft.public.windows.server.networking)
  • Re: Error 721
    ... compatability problem with Cisco(one of my other connections). ... my regular windows VPN's were working fine. ... VPN link to the www.sail.hr, public IP address, Win2003 Srv Web Edt ... ISA Server [2xLAN adapters] one on DMZ towards corporate LAN, ...
    (microsoft.public.windowsxp.work_remotely)