VPN problem

  • Thread starter Thread starter Miha
  • Start date Start date
M

Miha

Hi

We just configured a RRAS VPN server on Win2003 Standard (using default
wizard settings) for 2 etherfaces.
First NIC has our private IP address, also default gateway and DNS entered
in.
Second NIC (for outside access) has only public IP and subnet mask
configured. Default gateway and DNS are left blank.
The problem is, that I can't connect to a VPN server from outside, but if I
add default gateway on a second (public) NIC VPN connection works. Strange,
because all documentation regarding VPN on Win2003 says that default gateway
must be left blank?
Am I doing something wrong or what? If I leave default gateway on a second
NIC, can this cause some kind of security problem or is it allright?

Thanks
Regards
Miha
 
You obviously have an odd setup. The remote client should not see the
private interface of the RRAS server. Does the server have a public IP? Is
it behind a router? Could you give us a simple diagram of your setup with IP
addresses. eg

Internet
|
router?
|
public IP? default gateway?
RRAS
192.168.0.1 dg blank
|
clients
192.168.0.x dg 192.168.0.1
 
Hi

The situation is

internet
|
router 213.157.224.200
|
public NIC 213.157.224.250 dg 213.157.224.200
RRAS
|
private NIC 10.10.10.8 dg 10.10.10.1 (this is dg on our internal router)
|
clients 10.10.62.x dg 10.10.10.1

As I see from your scheme, default gateway on private NIC must be set to
blank, and default gateway on public NIC must be set to router's IP? Am I
right?
Thanks
Regards
Miha
 
OK. That confirms my theory. If you need to add the default gateway to
the internal interface to connect, the client is coming in from your router
at 10.10.10.1 , not from the Internet router at 213.157.224.200 . Where is
the client? What name/IP address is the client using for the VPN server?
 
Hi
Clients are coming from outside, connected directly to public IP of VPN
server 213.157.224.250
I'm just wondering if I need to add a default gateway on internal NIC?
 
The reason for the recommendation to not have a default gateway on the
internal NIC is soundly based. It can often prevent the LAN clients from
accessing the Internet, because traffic goes to the wrong gateway.

A machine can only have one active default gateway. Even if you specify
one for each NIC, only one will be used.

What exactly are you trying to achieve? Having two gateways complicates
the routing. What do your LAN machines use as a default gateway? What is on
the other side of the router at 10.10.10.1 ?
 
Back
Top