Windows 2003 with VPN behind DSL

  • Thread starter Thread starter rt
  • Start date Start date
R

rt

Hello,

You would think with all the information available I could get this working
but I can't so here I am asking for help.

Here is what I have:

ActionTec 1524 DSL Modem.
PPPT is automatic and I've forwarded TCP/UDP for port 1723 to NIC at
192.168.0.201 (see below) on the server.
Enabled IPSec and L2TP
Gate address is 192.168.0.1

Server
NIC 1: 192.168.0.200 (Local Area Connection)
NIC 2: 192.168.0.201 (Setup as VPN interface in RRAS)

I don't want the server to act as a router for internal machines; the only
thing it does is provide an internal web, file server and supports remote
users via VPN.

When I setup a client VPN connection I can find the server but eventually
get error 721.

Other:
ISP is QWest
Firewall is off.

Thanks,

Rick
 
You should not assign the same IP range to these two NICs. You can enable NAT to separate the LAN and VPN. this how to may help,

How to setup vpn on 2003 as router
How to setup VPN and NAT on Windows Server 2003 as a router. Pre-requirement:.
1. Two network interface cards. 2. One static public IP on the outside NIC. ...
www.howtonetworking.com/VPN/2003vpn1.htm

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Hello,

You would think with all the information available I could get this working
but I can't so here I am asking for help.

Here is what I have:

ActionTec 1524 DSL Modem.
PPPT is automatic and I've forwarded TCP/UDP for port 1723 to NIC at
192.168.0.201 (see below) on the server.
Enabled IPSec and L2TP
Gate address is 192.168.0.1

Server
NIC 1: 192.168.0.200 (Local Area Connection)
NIC 2: 192.168.0.201 (Setup as VPN interface in RRAS)

I don't want the server to act as a router for internal machines; the only
thing it does is provide an internal web, file server and supports remote
users via VPN.

When I setup a client VPN connection I can find the server but eventually
get error 721.

Other:
ISP is QWest
Firewall is off.

Thanks,

Rick
 
Bob,

Thanks for the reply but I'm not sure how to proceed. If my DSL sits at 192.168.0.1 (obviously inside) and I move the server "internet NIC" to say 192.168.1.200 is it possible to route simply to/from the DSL. I see how I could change the gate address 192.168.1.1 but then I would need to route through the server for the other clients, which I've done, but don't want to do this time.

Thanks,

Rick
You should not assign the same IP range to these two NICs. You can enable NAT to separate the LAN and VPN. this how to may help,

How to setup vpn on 2003 as router
How to setup VPN and NAT on Windows Server 2003 as a router. Pre-requirement:.
1. Two network interface cards. 2. One static public IP on the outside NIC. ...
www.howtonetworking.com/VPN/2003vpn1.htm

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Hello,

You would think with all the information available I could get this working
but I can't so here I am asking for help.

Here is what I have:

ActionTec 1524 DSL Modem.
PPPT is automatic and I've forwarded TCP/UDP for port 1723 to NIC at
192.168.0.201 (see below) on the server.
Enabled IPSec and L2TP
Gate address is 192.168.0.1

Server
NIC 1: 192.168.0.200 (Local Area Connection)
NIC 2: 192.168.0.201 (Setup as VPN interface in RRAS)

I don't want the server to act as a router for internal machines; the only
thing it does is provide an internal web, file server and supports remote
users via VPN.

When I setup a client VPN connection I can find the server but eventually
get error 721.

Other:
ISP is QWest
Firewall is off.

Thanks,

Rick
 
If you do not need the server to be a router for the LAN machines, only
give it one NIC. It willn be in the same IP subnet as the LAN machines. You
can access it from the Internet by using port forwarding on the router. The
remote users would connect to the router's public interface but the VPN
connection would be extended to the server. Not sure about L2TP but it works
fine with PPTP.

A second NIC is only required if you want the server to be in two
different IP subnets (eg private and public or private and DMZ). You can use
the router as your public interface.
 
Can you use just one NIC.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Bob,

Thanks for the reply but I'm not sure how to proceed. If my DSL sits at 192.168.0.1 (obviously inside) and I move the server "internet NIC" to say 192.168.1.200 is it possible to route simply to/from the DSL. I see how I could change the gate address 192.168.1.1 but then I would need to route through the server for the other clients, which I've done, but don't want to do this time.

Thanks,

Rick
You should not assign the same IP range to these two NICs. You can enable NAT to separate the LAN and VPN. this how to may help,

How to setup vpn on 2003 as router
How to setup VPN and NAT on Windows Server 2003 as a router. Pre-requirement:.
1. Two network interface cards. 2. One static public IP on the outside NIC. ...
www.howtonetworking.com/VPN/2003vpn1.htm

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Hello,

You would think with all the information available I could get this working
but I can't so here I am asking for help.

Here is what I have:

ActionTec 1524 DSL Modem.
PPPT is automatic and I've forwarded TCP/UDP for port 1723 to NIC at
192.168.0.201 (see below) on the server.
Enabled IPSec and L2TP
Gate address is 192.168.0.1

Server
NIC 1: 192.168.0.200 (Local Area Connection)
NIC 2: 192.168.0.201 (Setup as VPN interface in RRAS)

I don't want the server to act as a router for internal machines; the only
thing it does is provide an internal web, file server and supports remote
users via VPN.

When I setup a client VPN connection I can find the server but eventually
get error 721.

Other:
ISP is QWest
Firewall is off.

Thanks,

Rick
 
RRAS didn't like just one NIC. I used a custom setup with one NIC but
couldn't get that to work either.

Thanks,

Rick
 
you should be able to setup custom setup. If not, try to setup incoming connection. or check this how to,

How to setup VPN
How to create an incoming networking connection. You can configure an incoming
connection to accept the following connection types: (modem, ISDN, X.25), ...
www.howtonetworking.com/Windows/vpnsetup.htm

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
RRAS didn't like just one NIC. I used a custom setup with one NIC but
couldn't get that to work either.

Thanks,

Rick
 
OK, I got it. Turns out the DSL modem needed an upgrade to pass GRE.

Additionally, only 1 NIC was required. If your setup is similar to mine all
you do is disable RRAS, create a new connection, select custom, incoming and
then VPN and ! there it is.

Thanks,

Rick
 
Back
Top