construction something like a vpn

  • Thread starter Thread starter Todd Tucker
  • Start date Start date
T

Todd Tucker

ok guys here is the deal. there is point A which is
currently equippend with static IP DSL which is connected
to a linksys router which goes to a 10/100 netgear hub
which goes to a number of computers (all but one running
wxppro the one is running w2k server it is not currently
the dhcp server the router is doing that. now there are
points 1-5 all which have computers running xpprosome of
these locations have 2 computers networked to each other
both still running xp pro. i have set the w2kserver comp
to accept dialin ras from points 1-5 and it will connect.
the dailing computer then has internet access through this
ras connection but is not able to talk to the other
computers at point A. (Points 1-5 have NO internet access,
no ISP)I need to make points 1-5 call into the server at
point A (it has 5 modems and 5 phonelines points 1-5 have
one modem and phoneline each) and connect as a peer on the
network - so like it would be the same as an ethernet
cable from point a to points 1-5 except MUCH slower and i
need the points 1-5 that have multiple computers networks
to all connect to the network at point A over the one
computer at each of the points 1-5 that dials in to point
A. I know this is complex and ISP is not an option at
points 1-5. ill check back and add clarification as
needed . sorry it is so confusing. THanks in advance.

BTW if you thinkb that one of the other BBS would be
better suited to this post let me know, thanks
 
Are you able to ping the machines with IP address? It could be a name
resolution issue.

To clarify on the setup you have,

Point A has internet connectivity through a DSL modem connected to a LinkSys
router. The other side of the LinkSys router has a few machines receiving
the addresses from the DHCP on the LinkSys router. One of the machines is
W2K Server acting as the dial-in server (through Modems). Points 1-5 do
dial-up connection to W2K and access the rest of the machines and internet
via the connection.

If this is not the case, give us the network diagram.
 
This can be done. Normally you need a server at either end to pull this
off, but you can do it with one server, as long as the server is at the
"answering" end of the connection.

The basic problem is that when a user dials in for a normal "client
server" type connection, the server only sets up a host route back to the
calling client. Only traffic for the calling machine is sent over the dialup
connection. Traffic for clients behind this machine is not forwarded over
the link. To get traffic for machines behind the calling machine to use the
link, you need extra routing on the server. This is difficult, because you
don't know the address to use for the route until the client connects!

The basic technique you use is the one used to establish a
router-to-router connection (as described in many Microsoft documents). Your
"calling" machine is not a RRAS router, but it can be made to look like one,
if you stick to certain limitations. Here is what you need.
1. The IP subnet of the "calling" site needs to be different from the
"answering" site (and each other "calling" site).
2. You need to set up a demand dial interface on the server for each
remote site which needs to connect. You do not need to use the dial on
demand feature. What you really need is a named interface which you can use
as a symbolic name for the connection, to which you can attach the required
routes. The routes become active when something connects to the interface.

Here is an outline of how you would configure one site. Call it site A
with an IP subnet of 192.168.21.0/24 . On the server, check that "allow a
remote router to dial in" is allowed. Configure a demand dial interface (say
remotea) on the server. Set up an account called remotea with dialup access
allowed. Create a static route (using the wizard) for destination
192.168.21.0 and netmask 255.255.255.0 using this interface. (Note that you
will need to configure this interface to dialup to the machine in site A,
even though you always intend to connect from the other end. The system
assumes that the "caller" is another RRAS router).

At the calling end, ensure that the machine dialing in has IP routing
enabled and is the default gateway of the local LAN. In its dialling
properties, configure it to call modem 1 on your server using remotea as its
username (ie the username must match the name of the demand dial interface
on the server).

When the client dials in it will connect to the demand dial interface
(because its username matched the interface name). The static route then
becomes active, and the server has a route to 192.168.21.0 through the
dialup link. Because the calling machine has a default route through the
link, the two sites can now route over the connection, using their local
private IP addresses..

Note that if the site has only one machine, the normal client-server
dialup is sufficient, because no extra routing is required at the server. A
host route does all that is required. You only need additional routing to
reach a subnet behind the calling machine.

Bill Grant
MVP - Networking
 
Back
Top