geo_rge
asked on
VPN tweaking under Server 2003
I have set up MS server 2003 to act as a VPN. I have 2 NICs in the server as required. Note the VPN DOES work and allows me to connect to the server when I am remotely so I must have done something correct, BUT I am having a few small problems.
Its actually one problem effecting everything else. For example, when I try and print - set up a TCP/IP printer from the server, it wont print. I cant even ping the printer form the server it says not found but I can ping and print to this printer from another PC on the network.
Same for trying to connect to another PC remote management - appears that the network card is not routing the internal requests.
Setup of the server ips are below. thanks. NOTE that NIC 2 had to be set up this way in order for the interent to work. DHCP is running from the server and the internet is working from a Netgear Firewall Router - hence the default gateway address. I have opened up the ports to allow VPN as this works, but I have missed something small? HELP! Thanks
NIC1 - Internal network card as configured for VPN
192.168.0.99 - IP address
255.255.255.0 - Subnet mask
192.168.0.1 - default gateway
192.168.0.99 - Preferred DNS
NIC2 - card which it uses to connect to VPN externally
192.168.0.8 - IP address
255.255.255.0 - Subnet Mask
192.168.0.99 - Preferred DNS server
NOTE if I disable the 2nd NIC, I can then ping the remote printer etc etc but stops my VPN connectivity.
Its actually one problem effecting everything else. For example, when I try and print - set up a TCP/IP printer from the server, it wont print. I cant even ping the printer form the server it says not found but I can ping and print to this printer from another PC on the network.
Same for trying to connect to another PC remote management - appears that the network card is not routing the internal requests.
Setup of the server ips are below. thanks. NOTE that NIC 2 had to be set up this way in order for the interent to work. DHCP is running from the server and the internet is working from a Netgear Firewall Router - hence the default gateway address. I have opened up the ports to allow VPN as this works, but I have missed something small? HELP! Thanks
NIC1 - Internal network card as configured for VPN
192.168.0.99 - IP address
255.255.255.0 - Subnet mask
192.168.0.1 - default gateway
192.168.0.99 - Preferred DNS
NIC2 - card which it uses to connect to VPN externally
192.168.0.8 - IP address
255.255.255.0 - Subnet Mask
192.168.0.99 - Preferred DNS server
NOTE if I disable the 2nd NIC, I can then ping the remote printer etc etc but stops my VPN connectivity.
ASKER
Thanks for that! Ill change the setup and let youk now how I go. The Remote gateway is the Netgear Firewall Router - is this O.K? Do I set up a 2nd DHCP scope on the server to allocate IPs for the 2nd NIC cards ip range?
Ill have a play in the mantime and let you know.
Ill have a play in the mantime and let you know.
I don't think you'll need a second scope, if only two connection, the server's nic and the router which are fixed ip addresses.
ASKER
Error 800 - unable to connect to VPN server after making the changes as explained.
The new IPs now look like this?
NIC1 - Internal network card as configured for VPN
192.168.0.99 - IP address
255.255.255.0 - Subnet mask
192.168.0.1 - default gateway
192.168.0.99 - Preferred DNS
NIC2 - card which it uses to connect to VPN externally
192.168.1.8 - IP address
255.255.255.0 - Subnet Mask
192.168.0.99 - Preferred DNS server
I have also changed the router rules to route packets on port 1723 and 500 to IP address 192.168.1.8 which is the newly configured Extn IP address.
Since changing the 2nd NCs IP addresss, I have removed VPN and reinstalled. The server can now print and see internal IPs yet now I cant connect to it. Is there anything missing? thanks
The new IPs now look like this?
NIC1 - Internal network card as configured for VPN
192.168.0.99 - IP address
255.255.255.0 - Subnet mask
192.168.0.1 - default gateway
192.168.0.99 - Preferred DNS
NIC2 - card which it uses to connect to VPN externally
192.168.1.8 - IP address
255.255.255.0 - Subnet Mask
192.168.0.99 - Preferred DNS server
I have also changed the router rules to route packets on port 1723 and 500 to IP address 192.168.1.8 which is the newly configured Extn IP address.
Since changing the 2nd NCs IP addresss, I have removed VPN and reinstalled. The server can now print and see internal IPs yet now I cant connect to it. Is there anything missing? thanks
The router's address must be in the same network as the second nic if the topology is like this:
router ?=192.168.1.xx
|
| Nic 2 192.168.1.8
server
| Nic 1 192.168.0.99
|
|
internal network 192.168.0/24
Let me know if this is the topology.
router ?=192.168.1.xx
|
| Nic 2 192.168.1.8
server
| Nic 1 192.168.0.99
|
|
internal network 192.168.0/24
Let me know if this is the topology.
ASKER
ok - makes a bit more sense. My current router IP address is 192.168.0.1 - youre suggesting I need to change this to 192.168.1.1?
does the default gateway which will then become 192.168.1.1 go on NIC1, NI2 or both?
does the default gateway which will then become 192.168.1.1 go on NIC1, NI2 or both?
ASKER
I will try if this works for testing purposes, but I have a network which it needs to happen which has over 400 Pcs. If I do this it means Im changing the internal IP address list to accomodate this? Which means reconfig of printers etc etc. If this is the only way, then thats fine. Is there an alternative to make things easier?
The default gateway for the internal network will be server's first nic, if the topology is how I designed. It's a litle strange topoly, you practically have two routers in the network, two of them connected thru vpn. Usually the topology looks like this:
router----------------swit
|
internal network
and the default gateway is the router
router----------------swit
|
internal network
and the default gateway is the router
ASKER
OK its getting confusing but This is whats happened.
NIC 1: Internal addresses - 192.168.0.99 (Server)
Default Gateway - 192.168.1.1
Preferred DNS server - 192.168.0.99
NIC 2: IP address: 192.168.1.8
Subnet Mask: 255.255.255.0
Default Gateway - 192.168.1.1
Pref DNS Server - 192.168.0.99
AND I have changed the routers IP to 192.168.1.1
these are all the fields which are filled in only on the server. This allows me Inet connectivity from the server itself, but not from the workstations. AND if I turn on VPN access, I seem to loose connectivity from the server.
If you can help me through this I will double the points :) Appreciate your help
NIC 1: Internal addresses - 192.168.0.99 (Server)
Default Gateway - 192.168.1.1
Preferred DNS server - 192.168.0.99
NIC 2: IP address: 192.168.1.8
Subnet Mask: 255.255.255.0
Default Gateway - 192.168.1.1
Pref DNS Server - 192.168.0.99
AND I have changed the routers IP to 192.168.1.1
these are all the fields which are filled in only on the server. This allows me Inet connectivity from the server itself, but not from the workstations. AND if I turn on VPN access, I seem to loose connectivity from the server.
If you can help me through this I will double the points :) Appreciate your help
First you must use dhcp to announce the workstations the new default gateway thet will be the server's nic1, because the workstations does'n't connect directly to the router, and do a ipconfig /release followed by ipconfig /renew (or just restart) the stations. I guess you have a workstation to test that. Leave vpn disabled for now, and see if you get Internet access from the workstation after changing the default gateway.
ASKER
NIC 1: Internal addresses - 192.168.0.99 (Server)
255.255.255.0
Default Gateway - 192.168.1.1
Preferred DNS server - 192.168.0.99
After making the above changes, and hit OK to save them the messages below appeared:
Warning the default gateway is not on the same network segment (subnet) that is defined by the ip address and subnet mask. do you want to save this config. when hit yes, the next box appeared see below
Warning - multiple default gateways are intended to provide redundancyto a single network (such as intranet or the internet) they will not function properley when the gateways are on 2 seperate, disjoint networks (such as one on your intranet and on the internet). do you want to save this config. YES was selected.
NIC 2: WAN adapters IP address: 192.168.1.8
Subnet Mask: 255.255.255.0
Default Gateway - 192.168.1.1
Pref DNS Server - 192.168.0.99
netgear routers ip address: - 192.168.1.1
clients ip address: 192.168.0.15
dns and wins address: 192.168.0.99
router: 192.168.1.1
NOTE: when Im on thse server, I CAN NOT ping the router - 100% packet loss
When I am on the cleient I can ping the router, however still can NOT access the interent
Please note that I can now connect to the server using VPN with the changes but the internal network - cant get out to the internet!
If I make the following changes on the local PC with the ip addresses, I can connect to the internet, but not the server or internal network.
NEW IP addres on W/S: 192.168.1.20
Default Gateway: 192.168.1.1
DNS: 192.168.1.1 *************** Would not work with DNS server or 192.168.0.99
VPN still works but I have set this IP temporary so I can use internet. I have done as much testing as I could. Can you see where Im going wrong. To me it appears the problem is that NIC1 is not routing to NIC2 as the server cant ping the router? Do I need a manual entry somewhere??
thanks for your help
Don't assign a default gateway to the nic of the server connected to the lan. See the scheme:
router 192.168.1.1
|
server's nic 1 192.168.1.8
server's nic 2 192.168.0.99
|
workstation 192.168.0.xxx/DNS: 192.168.0.99/Default gateway: 192.168.0.99
This configuration works if you have a dns installed on the server (it's better to have one).
For Internet access you must enable ICS on the 192.168.1.8 nic.
router 192.168.1.1
|
server's nic 1 192.168.1.8
server's nic 2 192.168.0.99
|
workstation 192.168.0.xxx/DNS: 192.168.0.99/Default gateway: 192.168.0.99
This configuration works if you have a dns installed on the server (it's better to have one).
For Internet access you must enable ICS on the 192.168.1.8 nic.
ASKER
If I enable ICS on the NIC2 - it will change the IP address from 192.168.1.8 to 192.168.0.1 which will cause all kind of confudion?
I have done as above, aove and the W/S DHCP has been changed to match the above settings you sent me - same problem. I cant connect to the internal network without the PC being in the 192.168.1.xx address. Cant connect using ip addresses either when the PC has a .0.xx range address.
I have done as above, aove and the W/S DHCP has been changed to match the above settings you sent me - same problem. I cant connect to the internal network without the PC being in the 192.168.1.xx address. Cant connect using ip addresses either when the PC has a .0.xx range address.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You will connect to the server from remote using the new 192.168.1.8 address.