Share internet through a VPN with NAT

[Hans Meyer]

Hello,

I want to tunnel an internet-connection through a VPN:

In order to secure my WLAN, I want to restrict the wireless traffic to
VPN only. I'm running a server with three network interfaces: One for my
LAN (none-wireless), one for my WLAN and one for the DSL-modem. The
server is running with Windows Advanced Server 2000. The internet is
shared with NAT. The problem is: For security reasons (I don't trust
WEP) I want to restrict the WLAN-network interface to VPN-connections
only. But this means that the mobile clients can't access the internet
via NAT. My Question: How do I have to configure the server, so the
internet is shared through the VPN?

Some additional info:
IP of none-wireless-network-card: 192.168.1.20
IP of WLAN-network-card: 192.168.2.20
VPN-Server may use IPs: 172.16.1.200-172.16.1.254

I think the server should work as a gateway not on 192.168.2.20 (as he
does now), but on 172.16.1.x, so the clients can find it. But I don't
know how to configure NAT in that way.

I couldn't find any docu from MS about this case that the clients should
access the internet through the vpn.

I would be very grateful if someone could help me with the issue (I
already spent several days with this problem).

Thanks
Hans

 

[Bill Grant]

The problem is that, if RRAS and NAT are on the same machine, the remote
client traffic is not sent to NAT. Only the LAN interface is an input to
NAT, and there is no way in the RRAS console to make the "internal"
interface (which the remote clients use) an input to NAT as well. This has
been fixed in Server 2003.

In W2k you must use a netsh command to make the internal interface an
input to NAT.

netsh routing ip nat add interface internal private