Re: W2003 VPN Setup


Thanks! That makes sense.

So I did exactly as described below. I disabled RAS and disabled the
second nic. So now I have a nic configured as 10.0.0.11 with a valid
gateway (the firewall) and DNS servers. I configured RAS as a RAS/VPN
server with defaults. I then allowed connections into RAS as
specified in the help files.

Nothing works now. The server will only ping itself. If I try to
ping anything from that server I get "Destination host unreachable",
including the firewall. I can't ping that server from anywhere.

Did I miss something?
Thanks!



On Tue, 1 May 2007 09:46:58 +1000, "Bill Grant" <not.available@online>
wrote:

If you are behind a firewall/router you do not need two NICs in your
server. The documents you mention assume that the server has a direct
connection to the Internet. The public NIC is the Internet connection and
the private NIC is the LAN interface.

In your case the firewall is your public connection to the Internet.
Remote users trying to connect to your LAN by VPN will need to connect to
the firewall's public interface (by IP address or by name). Your VPN server
sits on the LAN with only one NIC connected to the local LAN. Your
firewall/router can extend the VPN connection to the VPN server on the LAN
by forwarding the VPN traffic to the server's LAN IP.

Disable RRAS and get rid of the extra NIC. Enable RRAS and configure it as
a remote access server. Check that it works by connecting from a workstation
on the LAN to the server's LAN name or IP address. (VPN works fine over any
IP connection).

When this is working, set your firewall to forward VPN traffic (tcp 1723
for pptp) to the LAN IP of your VPN server. If you are using pptp, make sure
that your firewall is not blocking IP protocol 47 (GRE). From an external
machine try to connect using the firewall's external name or IP address.

"Tom wilson" <yeahright@xxxxxxxxxx> wrote in message
news:d5jc33lncdbc6hc609ta9eakpe1lh3dr3d@xxxxxxxxxx
Ok...

I've set the second adapter to 10.0.0.12 without a gateway and it's
connected. The primary and external nic is set to 10.0.0.11 and
mapped externally with the firewall as the gateway. So I need to add
a route? To where for what?

Do I route the second interface to the first? So would I add a route
to the second interface (10.0.0.12) with a destination to the first?
(10.0.0.11)

Thanks!



On 30 Apr 2007 12:43:42 -0700, RC <RichChristy@xxxxxxxxx> wrote:

On Apr 30, 3:18 pm, Tom wilson <yeahri...@xxxxxxxxxx> wrote:
I'm entirely confused by VPN setups. I'm reading through the MS
documents on it but they don't address certain things. A history:

I have a clean W2003 box with 2 nics. One is currently configured as
10.0.0.11 (our DMZ), mapped through our hardware firewall as a public
IP; ie. 207.81.101.11. I believe this is what will accept incoming
VPN connections. Now the MS document seems to indicate the other
adapter should have an internal address. This is where the problem
comes in. Since we have a hardware firewall doing IP mapping, that
would mean both adapters would have internal addresses. I've tried
this and it freaks, telling me I can't have 2 identical gateways.

I ran the RAS setup for VPN and the second adapter is telling me there
is no or limited connectivity. It has a wierd IP address but the
gateway and DNS servers are empty.

Any document from MS assumes I'm not running a hardware firewall and
doesn't apply. Can anyone clear up what I'm supposed to do in this
situation?

Thanks!

You need to set the "external nic" with all of its settings, ie: ip,
subnet mask, default gateway, etc. and set the other nice with just
IP, SM, DNS and leave the DG blank. create a persistant route on the
server that points back to the LAN DG. you can use either routing and
remote access in the vpn setup to accomplish this or you can pull up a
command prompt and setup a persistant route this way "route add"



.

Relevant Pages

  • RE: VPN issue on SBS2003
    ... I understand that you encountered VPN connection issue when you use VPN to ... Internet clients or VPN to external VPN Server from SBS Client computers? ... Configure E-mail and Internet Connection Wizard ... Total GRE packets sent = 1 ...
    (microsoft.public.windows.server.sbs)
  • RE: PPTP VPN connection problems
    ... The problem is that the VPN does not disconnect. ... However after some idle period I can not send packets across the connection. ... A ping to the server would result in "Request timed out". ... If I connect with the VPN client locally to the internet ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN Ports to Open
    ... the VPN connection after you change the firewall before SBS. ... On the server, please stop the Routing and Remote Access service. ... Total GRE packets sent = 1 ...
    (microsoft.public.windows.server.sbs)
  • Re: Windows 2003 VPN Default Gateway Issues
    ... Ethernet adapter Local Area Connection: ... If the VPN server is configured to use a static IP address ... the default gateway on the client is not the problem. ...
    (microsoft.public.windows.server.networking)
  • RE: VPN Connectivity issues through LAN
    ... I understand that you cannot ping SBS after ... you can establish VPN connection from the remote LAN. ... You have to rerun the CEICW to make sure your SBS 2003 server have right ...
    (microsoft.public.windows.server.sbs)