VPN with RRAS behind a cisco 1760 router

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi Computer Friends Alike,

I have a problem that hopefully you guys can help with. Here goes. I just
had a T1 installed at my dads office by bellsouth and they gave us a managed
Cisco 1760 router that they do all the port forwarding and NAT configurations
and dont give me any access to. We have a Windows 2003 server that is our
domain controller and an ip of 192.168.1.20 and RRAS is not enabled at the
moment (i did enable it and it messed up everything). Also the server has 2
NIC's and i have one disabled and the other is enabled.

Bellsouth gave us 32 IP's with the T1 and on my request they did a NAT for
the public IP I chose to give the server (70.119.*.*) to the 192.168.1.20 so
we could access our website and mail. Now, everything works without the RRAS
etc., but when I go to install the RRAS so my dad can map a server drive to
his PC at his house to work, everything shuts down. Their office network just
flops basically.

Now, i know MS wants you to use the server as a router also when using the
RRAS and use its NAT but that seems to me like it is using 2 routers which
creates the problem. You are hitting the Cisco 1760 which forwards the NAT
to the server, then the server has RRAS on which makes it like another
router. I have setup RRAS before with no problem and used the VPN feature
before we had the T1 and this new Cisco on our LAN. How can I get this setup
to where the RRAS is installed so my dad can connect via VPN without using
the NAT and creating this other issue of the users not having access to the
internet etc. I would prefer not to enable both NICs considering our server
is behind a pretty good router. I hope I am making sense and thanks for any
help on this issue.
 
You don't need two NICs if you are behind a router. I suspect that you
used the wrong option in the wizard and have installed packet filters on
your only NIC.

All you need to do in RRAS is enable remote access. If the Cisco is
redirecting everything from one public IP to this server, VPN should just
work. Test it by connecting to the server from another LAN machine using the
server's private IP.
 
Hey Bill,

I tried that and kept that 2nd NIC disabled, and only turned on Remote
Access and did not use packet filters. I read about the packet filters and
how they work so I made sure not to enable them.
 
OK. You tried it. What happened? Can you connect from a LAN machine? If
you can connect locally but not remotely, what error messages do you get?
 
Hi Bill,

I am trying to connect to the server from my house via VPN and I am getting
an error 678. I am able to connect via VNC to the server fine and adjust
settings. I have RRAS enabled with just Remote Access on custom checked.
 
Error 678 just means the server didn't reply. Not a great help. Have you
checked the RRAS setup by trying to connect locally?
 
I just got it to give me a new error code. It seems it is getting close to
connecting. It is error 781.
 
In that case, the problem is almost certain to be the router/firewall
blocking something which VPN needs.
 
Hi Bill,

I went back to my dad's office this weekend and fiddled with the server some
more. I have gone through the loops and I wonder if my dns is what is causing
the problem. Let me explain further the scenario and you may be able to
pinpoint the problem.

I have completely disabled RRAS and I just have ICS on now. I can connect
to the server via VNC (remote desktop) but I setup a test ftp on there to see
if I could even connect to that and I can't. Bellsouth has assured me that
they don't block any ports when they enable NAT on the cisco 1760. So with
that said. Here is where there may be an issue. I registered his companies
domain with register.com and I had the domain ip pointing to his server and
the mx record pointing to his domain, but on the dns entries they are both
ns5.register.com. Now on the windows 2003 server that I am trying to get VPN
working on, I have the DNS server installed and I have the (A) record for
server, (CNAME) for the www, and one for mail. I also have a (A) for the
server IP. I also have DNS forwarders enabled and I have our 2 Bellsouth DNS
addresses in the forwarder's ip address list.

They have exchange server on there and they can send but not receive mail
which i thought maybe had to do with the same issue on why my dad can't
access VPN. So to sum it up on the DNS, Register.com has our domain as their
dns names but the A record points to our server public IP. The server has DNS
installed and I added the A, CNAME, and MX records, and the dns forwards are
set to Bellsouths DNS. I hope this information helps. Thanks for your help.
 
Back
Top