Setting up a VPN Gateway on a Win2K server

  • Thread starter Thread starter Timbo
  • Start date Start date
T

Timbo

I have a Dell server with 2 NICS that I have configured as a RAS server
on Win2K server. I can connect to the server through a VPN connection
but it appears that I am being assigned the wrong subnet mask and
gateway address. The external NIC is the one that I am connecting to
and it has a standard Class C address. The Internal NIC also has a
standard address but is to assign private addresses of 192.168.x.x,
which we are allowing through our firewall. Does anyone have
experience with this? I could sure use some help!

Thanks,
Tim
 
Open RRAS snap-in, right-click the server that is handling the VPN and
choose Properties. Go to the IP tab and specify range of IPs to hand
out
 
1. The subnet mask and gateway address that you see are not causing your
problem. They are correct. You are using a point-to-point connection, so the
gateway address for the client is its "received" IP address (ie the address
it receives from the VPN server).

2. You do not need to allow the private IP addresses to pass through your
firewall. Private addresses cannot cross the Internet, so they can't come
through in any case! When the VPN data comes through the firewall it is
encrypted and encapsulated, so the firewall doesn't see its private address.
It only sees the public IP of the wrapper.

3. Are you sure it isn't a name resolution problem. Can you contact a LAN
machine using its IP address? If you can, routing is working.
 
Well, let's take the firewall out of the picture since I am testing
internally and not going through it. If you look at the configuration
below, maybe it will help. I do not see anyway that I can navigate my
network with a gateway and mask that are different than my LAN
addresses.

Thanks in advance for your help!

Tim


PPP adapter VPN:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-55-45-08-01-40
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.7.3
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 192.168.7.3
DNS Servers . . . . . . . . . . . : 204.x.x.x
204.x.x.x
 
What are the IP addresses used on the LAN? If they are 192.168.7.x/24
it should just work. If they are in a different IP subnet, you will need to
enable LAN routing on the server and route the two subnets through that.
 
The ip addresses on the LAN are 204.193.x.x, so they are different.
The mask on the LAN is 255.255.255.0, again different. Where on the
server can I route the two subnets?

Thanks in advance,
Tim
 
That isn't really a VPN then. VPN stands for Virtual Private Network,
and 204.193 is a public IP set!

What exactly are you trying to do? Why did you think you needed two NICs
in the server? The VPN connection is made to a "virtual" interface on the
server. The second NIC is doing nothing. You only need two NICs if the
server is directly connected to both a private and public network.

Disable the second NIC in the server. Enable IP routing on the server so
that it can route between the LAN and "virtual" interfaces.

What is the default gateway setting of the machines on the 204.193
subnet? The firewall? If so, you will need to add a static route to the
firewall to "bounce" traffic for 192.168.7.0 to the RRAS router's LAN IP.
(Otherwise it will try to go out the Internet gateway and be lost). The RRAS
router will then forward it over the point to point back to the remote
client.
 
Back
Top