Trying to Setup VPN on W2K Server

  • Thread starter Thread starter Mark
  • Start date Start date
M

Mark

Hi,

Sorry to repost this to the group, but I thought I was on the right tack and
home free. Seems I am not.

Hello,

I am trying to setup a VPN on my server.

I start to run "Configure and Enable Routing and Remote Access" I run into a
snag. As I go through the screens I come to a place to "Specify the
Internet Connection that the Server Uses". Here I show my LAN connection
(this is the NIC in the server.. it has two IP addresses) and another line
showing <No Internet Connection>. When I select the LAN card I get "You
have chosen the last available connection as the internet. A VPN Server
requires one connection to be used as the private network connection" I
can't seem to go any further. If I select "no internet connection" I can't
seem to get anything to work.

I can browse from the server to the net just fine. I also have a router in
place where the gateway is 192.168.0.1...

Thanks for any help of suggestions!
 
Doug,

Thanks for the link to the doc! VERY HELPFUL!

After looking this over, it speaks of having two NICS. Would you happen to
know what are the pros and cons of this
would be?

This is the way I have the network now:

Linksys VPN Router (doing NAT & Firewall) xxx.xxx.xxx.xxx --> 10.0.0.1 -->
to switch
Switch --> W2K Server 10.0.0.10 (DHCP,DNS.DC)
Switch --> Workstations 10.0.0.100-150

If it would be wise to add another NIC, how would I config it?

Thanks again for the help!!!
Mark
 
OK.. well after reading and doing this "step-by-step" is just doesn't work.
All the docs I have read my this sound so simple, but I believe there really
is more to it. I just ran across an article in the Microsoft KB that speaks
about additional security and creating filters for VPN.

The services start but there are things missing as I look through the
settings. One things missing are my "internal settings.

Under IP Routing, General my internal connection is showing non-operational.
Also under IGMP my internal interface is blank (showing -) so I don't see
how this all works. Maybe I am reading to much into this, but I don't see
how my internal interface and can blank for this to work.

How can I add this interface?

Thanks,
Mark
 
The article you read about filtering is to manage traffic on the external IP
to allow traffic only for pptp or l2tp to enter the VPN server. Since you
have a single nic and are behind a firewall you should not do such. Make
sure you have assigned an IP address pool to the VPN server of at least 21
IP addresses to accommodate the default 20 ports and one for the "virtual"
adapter for the VPN server for your lan network address. The info for the
internal adapter is probably normal when there are no connections to the VPN
server. Look in Event Viewer to see if any pertinent problems have been
recorded in the event log to help troubleshoot problems. The best way to
tell if it is working is to try to connect to the VPN server via the
internal lan by having one of your computers point to the internal lan IP
address of the VPN server in the properties of the VPN client connectoid and
verify that the lan VPN client can ping the VPN server. Use the IP address
first to rule out a name resolution problem. Also in the VPN connectoid
properties select pptp as the server type to connect to instead of auto.
Start out with pptp as l2tp is more complex to configure and will not work
over a NAT router into the network. --- Steve
 
Also, do not be confused by documentation for a dual NIC situation where the
interfaces are customarily referred to as external vs. internal. This is
not the same thing as the Routing and Remote Access interface called
'internal'. This is a virtual interface and you do not configure it. See:

http://support.microsoft.com/default.aspx?scid=kb;en-us;241398

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I
 
Thanks Guys!

I seem to have it working just fine internally, however trying to get
through the firewall (Linksys Router) is another. I have forwarded port
1723 to the server, but GRE seems to be the hang up. I don't know how to
config the router to allow this to work.

Here is what I found:

Note: 47 is a protocol number and not TCP port. The protocol name is GRE.
It'll make a big difference when configuring your firewall or router.

OK, so how to I allow it then ?

Thanks,
Mark


Thanks again,
Mark
 
not.available@online said:
Thanks Guys!

I seem to have it working just fine internally, however trying to get
through the firewall (Linksys Router) is another. I have forwarded port
1723 to the server, but GRE seems to be the hang up. I don't know how to
config the router to allow this to work.

Here is what I found:

Note: 47 is a protocol number and not TCP port. The protocol name is GRE.
It'll make a big difference when configuring your firewall or router.

OK, so how to I allow it then ?

Linksys has a FAQ for this - and it will be different depending on the
version of the router and firmware.

Basically, you need to forward TCP and/or UDP port 47 inbound to the
server through the router. I've seen this on both Linksys and D-Link
routers (all different versions). As I said, it will be different -
sometimes you need to forward TCP+UDP 1723 and 47 to the server other
times you need to only do TCP 1723 and TCP 47.....

Take a look at the FAQ's on VPN on the linksys website, it will work.
 
Back
Top