Re: PLEASE HELP-Router to RRAS Problem

Hi Leythos,

Scrub the last messaqge i sent and have got this-thanks so much for sticking
with me on this :)

I will get back to you to let you know how i got on!

Take care and thanks again,

Paul

"Leythos" wrote:

On Sun, 18 Mar 2007 08:43:05 -0700, fieldy wrote:

Hi Leythos,

As i had stated earlier in the post, i am using Dual Nic config due to the
fact the fact that i may be possibly be bringing up ISA so that i can go down
a Branch Server route in the future, but in the meantime are you saying that
because of this i would not be able to successfully complete a Router to
Router VPN?

If you are using a VPN Router and DUAL Nics then you've got a MESS of
routing to setup and make work. You've not said if the VPN router is on
the External NIC or the Internal NIC, but I'm going to guess that it's on
the External NIC - that means you have to setup some firewall rules to
allow it inside your network - and it means you have to have at least
three subnets - total PITA.

ISA, I'll get in trouble for this, but firewalls don't belong on
non-dedicated servers - they best serve protection on a dedicated firewall
ONLY box. A better solution is a Firewall Appliance that has built-in
VPN/BOVPN services.

Also, i am using different subnets on the VPN at each end, so do not
understand what you are refering to when asking me to do this as i had stated
that in my last 4 posts?

See above - you need a subnet for the External NIC, a subnet for the
Internal NIC, and one for the remote office. After all of that, you need
to setup some means for the remote office to know that the local internal
network exists (because you put the VPN device on the external nic is my
guess)

If i was to go back to Single nic config, can you tell me what i would
do different to make this work?

Yes, this would be drop-in simple, easy, work great, last long time,
johnny be good.....

Remote office
VPN Appliance 2
WAN - your public FIXED IP(s)
LAN - 192.168.128.0/24
ROUTER - 192.168.128.1/24
DNS - 192.168.8.10
Set device to issue IP 192.168.128.100-199/14
Set device to issue DNS 192.168.8.10
Manually set their DNS Zone to yoursbscompany.local

Local office
VPN Appliance 1
WAN - your public FIXED IP(s)
LAN (single NIC) 192.168.8.0/24
Router - 192.168.8.1/24
DNS - 192.168.8.10 (SBS Server)

SBS Server - 192.168.8.10

Yea, I moved your subnets around because I never use 192.168.0 or
192.168.1 or 192.168.2 for anything - those ranges are often found as the
faults in some devices.

Make sure that you have ALL fowarding disabled except SMTP, RWW, HTTPS on
the ROUTER 1 device - forward those to the 192.168.8.10 Server.

Make sure that you use the wizards on the SBS box, make sure that you
reboot the routers.

Once you do this it will allow you full access between local/remote
subnets via the VPN - I've setup about 450+ of these and I've use the 318
in about 30 solutions.

A WatchGuard x550e with web blocker (content filtering) and 1 year of live
security is less than $1500 if I remember right, and it will protect your
server much better, but the 318 is a nice device.

--
Leythos
spam999free@xxxxxxxxxx (remove 999 for proper email address)

.

Relevant Pages

  • Re: Urgent! New router and big disaster
    ... NIC, you need to specify an external DNS server for DNS, instead of the ... Both NICs should point to his internal IP for DNS. ... forward ports to it reliably in the router. ...
    (microsoft.public.windows.server.sbs)
  • Re: Still cant connect to RWW or OWA remotely
    ... No Phantom NICs as far as I can see. ... that it can not find the server. ... Configure your Router as an Eithernet Bridge. ... Once you have this then configure the Routers Firewall and Port ...
    (microsoft.public.windows.server.sbs)
  • Re: Still cant connect to RWW or OWA remotely
    ... No Phantom NICs as far as I can see. ... that it can not find the server. ... Configure your Router as an Eithernet Bridge. ... Once you have this then configure the Routers Firewall and Port ...
    (microsoft.public.windows.server.sbs)
  • Re: Still cant connect to RWW or OWA remotely
    ... laptop plugged into port on DSL router. ... service, e-mail, and RWW is available to all users on the network. ... The server is a SBS2003 SP1 Standard box without ISA, ... of the two NICs by clicking the Advanced tabs, it won't open that box, ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN Advice...do I need a purchased static ip address on the external interface?
    ... >> Server then that server must have a been assigned a purchased static IP ... >> if I was to try and use Windows 2000 SBS as the server for the VPN, ... >> If I used a router instead then the router would have this purchased IP ... > supports dynamic dns, then users connect to the dynamic dns name and ...
    (comp.dcom.vpn)