Re: How to configure for Two different IP subnets

Bill,

Thank you for the detail inputs.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Bill Grant" <not.available@online> wrote in message news:ONzZ6yDOHHA.4992@xxxxxxxxxxxxxxxxxxxxxxx
As Bob said there are a lot of issues involved here. Active Directory is
really overkill for a setup like that. You don't need it to allow an
incoming VPN connection and running RRAS on a DC is definitely not
recommended. The other major problem you strike with AD is DNS.

If you really want to run a domain behind a workgroup, it can be done.
It can even be done using the DC as the router (otherwise Small Business
Server wouldn't work) but it is not simple or straightforward. It certainly
doesn't work using the default setup wizard in Server 2003. It becomes even
more difficult if you also configure the DC as a VPN server.

If you only want a second IP subnet using the Windows server as a
router, things are simpler. You can configure the router as a normal LAN
router (but this will mean you need to add extra routing to the Linksys so
that it knows how to find your internal subnet). If you can't or don't wish
to fiddle with the Linksys, you need to configure the server as a NAT
router. This solves the routing problem on the Linksys because all traffic
going to the Linksys from your internal subnet is using the 192.168.1.x
address of the server (because of NAT).

The network config is like this.

Internet
|
Linksys
192.168.1.1
|
workgroup machines
192.168.1.x dg 192.168.1.1
|
192.168.1.n dg 192.168.1.1
RRAS
10.10.1.1 dg blank
|
workstations
10.10.1.x dg 10.10.1.1

If you configure the RRAS router for NAT routing should just work.
Without NAT (ie LAN routing only) you need a static route on the Linksys to
send the traffic for the inner subnet to the internal router. ie

10.10.0.0 255.255.0.0 192.168.1.n

"Robert L [MVP - Networking]" <noreply@xxxxxxxxxxx> wrote in message
news:eyMVtGDOHHA.5064@xxxxxxxxxxxxxxxxxxxxxxx
We have many issues with this configuration. Here are two:

1. You should not enable RRAS on a DC. Check this link for more details.

Name resolution on VPN
Connection issues on DC, ISA, DNS and WINS server as VPN server How to
assign DNS and WINS on VPN client manually Name resolution Issue in a VPN
client ...
http://www.chicagotech.net/nameresolutionpnvpn.htm - Jan 12, 2007 -

case Studies - VPN error 721 and 800
Connection issues on DC, ISA, DNS and WINS server as VPN server .... To
assign the DNS and WINS to a VPN client for name resolution, you should
configure VPN ...
http://www.chicagotech.net/VPN/vpncase800.htm


2. You don't need two NICs for VPN. How to may help,

How to setup VPNHow to setup Windows 2003 as VPN server with one NIC How to
setup VPN on w2k server with one NIC How to use PPTP through a Cisco PIX ...
http://www.howtonetworking.com/Windows/vpnsetup.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"Jeff" <jefffby@xxxxxxxxx> wrote in message
news:fYwqh.1217$G23.126@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Just wondering if someone can please explain how I can get two different
ip
subnets working? I have been googling, reading the newsgroups, and
reading
books but I just can not figure out how to make this work.

I have Windows server 2003 and here is what i am trying to setup:

INTERNET
|
LINKSYS ROUTER - PPOE CONNECTION TO DSL INTERNAL IP 192.168.1.1
|
|-WORKGROUP (WIFE AND DAUGHTER LEFT HERE (THEY WOULD KILL ME IF
THIER
INTERNET CONNECTION WAS UNAVAILABLE DUE TO MY PLAYING)
|
WINDOWS SERVER 2003
DOMAIN CONTROLLER - MYDOMAIN.LOCAL - WANT THIS AS IP 10.10.1.1
DNS
DHCP - set to give out ip ranges of 10.10.1.10 to 10.10.1.20
computer connecting to domain or vpn in should get a 10.10.1.x address
RRAS - (TO BE ABLE TO VPN IN) I BELIEVE THIS IS WHERE I GET
THE SERVER NAME OF JEFF1.MYDOMAIN.LOCAL
WINS
FILE SERVER

This is where I can not get it to work, from my understanding i need two
nic cards in server.

NIC 1 - LOCAL AREA CONNECTION 1 - I believe this is the one that i set my
domain up on static IP 10.10.1.1 subnet 255.255.0.0 (no default gateway?)
under advance tabs DNS=JEFF1 10.10.1.1 alternate is
given
one from my isp, WINS=JEFF1 10.10.1.1

NIC 2 - LOCAL AREA CONNECTION 2 - I believe this is the one that i set
pointing to my Linksys Router static IP 192.168.1.2 subnet 255.255.255.0
default gateway 192.168.1.1
under advance tabs DNS= 192.168.1.2 alternate given
from
one from isp, WINS=192.168.1.2


When configuring the Domain Controller, DNS, DHCP, RRAS, and WINS I just
ran
the wizards and went with the settings it provided but when all was said
and
done it would not work. I could not see anyone on the 192.168 network,
could not get to the Domaine from the 192.168 network. Active Directory
freaked out on me to where I could not even access it it just kept saying
there was an error. It was like it was not seeing the
JEFF1.MYDOMAIN.LOCAL
server for some reason.

Any way I played with so many settings that I could think of from reading
the books or some articles i found on the web that i completely hosed it.
So I reformatted the drive and reloaded windows server and have left it
there before adding any roles or anything untill maybe I could get some
help
in understanding what settings I need to make and where. Like I said I
have
been searching found alot kind of referencing what I am trying to do but
as
of yet been able to find anything that kind of explains step by step or
shows examples of what the settings are suppossed to look like. Only
thing
I can figure out is this must be so easy that there does not need to be
any
explainations on the settings, but for the life of me I can not figure it
out.

So if anyone could kindly explain how/what to set this up or knows where
there is a pretty good detailed guide that I could follow I would
appreciate
it.

Thanks, Jeff


Relevant Pages

  • Re: 2K RRAS not routing for vpn clients
    ... Posting the results of ipconfig /all and routing table in RRAS server may help. ... Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net ...
    (microsoft.public.win2000.ras_routing)
  • RE: VPN Issue
    ... 317025 You Cannot Connect to the Internet After You Connect to a VPN Server ... | first done with a standard usb broadband modem on XP Professional. ...
    (microsoft.public.windows.server.sbs)
  • Re: Sometimes it works sometimes it doesnt (VPN data issues)
    ... NIC1 "Internet" is set to ... (the IP of the external firewall) and the DNS is set to ... A connection between the VPN server and the VPN client xxx.xxx.xxx.xxx ...
    (microsoft.public.windows.server.networking)
  • RE: VPN Error code 800 HELP!
    ... Can you visit Internet and OWA on SBS server? ... Just one PC get error code 800 connecting VPN connecting to SBS? ...
    (microsoft.public.windows.server.sbs)
  • RE: Sharing VPN client connection
    ... as a VPN server, configure the internal clients to connect the remote ... office by VPN connection and then access to the Internet from the Remote ... Enable internal clients to access the Internet. ... On the server, go to My Network Places, click New Connection Wizard. ...
    (microsoft.public.windows.server.sbs)
Loading