asked on

configure a 2003 server VPN with only one network card

I'm thinking about setting up RRAS on a 2003 server to create VPN connections. We have another VPN solution but I'd like to explore other options. The way the network is set up now, all my servers are behind a firewall and only use one network adapter. I'd rather not reconfigure the entire network, so I want to use what is already set up. A lot of what I read though, the RRAS needs to use two NIC's. However, how difficult is it to set up a server with only one NIC as a VPN server? Anyone know of any good tutorials and/or walkthroughs? Anyone with experience doing this?

mikeleebrla

yes you can do it with only 1 NIC. I have done it but there is a trick to doing it. please forgive me since im going from memory here. first just install plain vanilla RRAS with no options set. Once you have RRAS installed then go back and configure the VPN. which server are you going to be using as the DHCP server to give out the IPs? Ive only done it where another server is the DHCP server. it may be possible to use the same server for both VPN and DHCP, but ive never done it. this page has 4 or 5 guides on how to set it up. Remember that if you are using a PPTP VPN (the easiest to setup) you will have to allow TCP port 1723 and the GRE protocol to come through your firewall (this is sometimes called protocol 47) but do not get this confused with TCP port 47 as they are two seperate things alltogether. allowing tcp port 47 through will do nothing for you.

when you say "all my servers are behind a firewall and only use one network adapter" do you mean you just have one public IP exposed? if so then you will have to forward GRE to your VPN server (which your router might not be able to do)

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/rmotevpn.mspx

when you get to step 11 in the VPN section, just pick your one existing NIC.

2hype

I think you need 2 NICS to enable VPN on a Windows Server. The NIC'S will also have to be on diffrent IP Ranges. I have not seen of way to create a VPN with only 1 Nic.

FreemanWhite

ASKER

Sorry for the confusion, I should clarify "all my servers are behind a firewall and only use one network adapter"..........My firewall does the public ip translation. I guess what I'm trying to explain is I have no perimeter network....just a firewall a router and all the servers behind the firewall.

mikeleebrla

2hype, no you dont need two nics,,, as i stated in my initial post it can be done with one since ive done it. I actually VPN into it every day, so i know it can be done.

mikeleebrla

how many public IPs do you have? do you have a "spare" public IP so you can to a 1 to 1 static mapping to the VPN server's private IP? that would be best.

FreemanWhite

ASKER

Yes, I have a few spare one's. How about if I were to use a server with an existing public IP? Could I just add a mapping in the sonicwall for PPTP that goes to that server? I found another article that says to use the private ip as the internet interface, and then configure the firewall to translate PPTP traffic sent to the public ip to the internal interface.....which I belive you're describing as well.

ASKER CERTIFIED SOLUTION

mikeleebrla

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

FreemanWhite

ASKER

Thank you, I will give this a shot, it sounds straightforward, but we all know what happenes when those words are spoken!

mikeleebrla

yeah,,, i had to do mine a few times with different options before it let me do it with only one NIC, but it can be done, but to the best of my memory the trick was to install a plain RRAS server first with nothing configured and then setup the VPN