Solved

VPN  setup in small office using netgear router and 2003 server - worth 750 Points

Posted on 2004-10-15
15
261 Views
Last Modified: 2010-04-12
I have been trying to get this working for a while now with no luck. I am having problems configuring the server with 2 network cards so that the addresses are routed. I have set up NIC1 which is the internal ip range and NIC2 which is supposed to be the external adapter which you connect to via VPN. The VPN is working but the internal network is a mess. I can only configure internal clients to connect to NIC2 so they will be capable of accessing the inet and printing. If they are getting DHCP using the NIC1 address, then I cant get inet access etc. It must be something small but I cant figure it out.

The router appears configured as its passing requests thru to NIC2 on the server and allowing me to connect remotely.

I have a 2nd question open which linked below worth 250 points, totalling 750 points. If you would like to read some history into this problem.

Below is configuration currently: (Taken from 2nd question)
NIC 1: Internal addresses - 192.168.0.99 (Server)
                                        255.255.255.0
           Default Gateway   - None specified
           Preferred DNS server - 192.168.0.99

NIC 2: WAN adapters IP address:  192.168.1.8 (SERVER)
          Subnet Mask:  255.255.255.0
          Default Gateway - 192.168.1.1 - Netgear Router
          Pref DNS Server - 192.168.0.99 (1st NIC on server)

---------------------------
netgear routers ip address: - 192.168.1.1
----------------------------------------------
clients ip address: 192.168.0.15
dns and wins address: 192.168.0.99
router/default gateway: 192.168.1.1

NOTE: when Im on thse server, I CAN NOT ping the router - 100% packet loss
When I am on the cleient I can ping the router, however still can NOT access the interent

If I make the following changes on the local PC with the ip addresses, I can connect to the internet from clients
NEW IP addres on W/S:  192.168.1.20
Default Gateway: 192.168.1.1
DNS: 192.168.1.1 *************** Would not work with DNS server or 192.168.0.99

VPN still works but I have set this IP temporary so I can use internet. I have done as much testing as I could. Can you see where Im going wrong. To me it appears the problem is that NIC1 is not routing to NIC2 when the clients request data.  Do I need a manual entry somewhere??
thanks for your help


Link to the other question for the extra 250 points:
http://www.experts-exchange.com/Networking/Microsoft_Network/Q_21157727.html#12277089
0
Comment
Question by:geo_rge
  • 7
  • 6
15 Comments
 
LVL 23

Expert Comment

by:Tim Holman
Comment Utility
This is wrong:

clients ip address: 192.168.0.15
router/default gateway: 192.168.1.1

The default gateway needs to be on the same subnet as the client.

When you renumber the client to 192.168.1.20, thing work as these clients can see the default gateway.
0
 
LVL 1

Author Comment

by:geo_rge
Comment Utility
just confirming. I should reassign the router an ip of 192.168.0.1?? And the default gateway on the clients will be that also? Ill give that a try. That was my original config but was aksed to change it. Will let u know how it goes. thanks
0
 
LVL 1

Author Comment

by:geo_rge
Comment Utility
Ok I have changed the router config to .0.1 and the NIC 1 default gateway and the LAN is back to the way it was. But not I cant access the VPN. I have tried to remove and re add with no luck. When it asks me which NIC interface to connect to internet, I select NIC 2 which has the IP of 192.168.1.8. In my router, the rules are set to forward requests to IP 192.168.1.8.

Note if I re-run the VPN wizard and select the NIC which connects to the internet as the one being with IP 192.168.0.99 (NIC1) no clients can connect to the server or ping the server- as well as the server unable to ping any clients until the VPN setup is removed or changed to NIC2 adapter.

Current Server NIC configurations:

NIC1:  IP server - 192.168.0.99
          Subnet -    255.255.255.0
       Def Gateway 192.168.0.1
       DNS1            192.168.0.99

NIC2:  IP Server - 192.168.1.8
          Subnet -     255.255.255.0
          DNS1     -   192.168.0.99
(No default gateway set on NIC2  - is that correct?)
0
 
LVL 23

Expert Comment

by:Tim Holman
Comment Utility
I'm a bit lost here...  how do things look - is it like this -

Internet
|
Netgear
192.168.1.1
|
192.168.1.8 (NIC2)
Server
192.168.0.99 (NIC1)
|
192.168.0.15
Client

Do you want your Server to route as well ?

Is your Netgear router capable of being a DHCP server (like mine is) ?

Is your VPN Server NATted to the outside world so that VPN Clients can see it ?

I would recommend something like this:

Internet
|
Netgear
192.168.1.1-----------------------------------
|                                             |
192.168.1.8 (NIC2)             192.168.1.200
Server                                   Client

..so connect the server and client directly to the Netgear hub, and give the client an IP address that can route outwards (192.168.1x).  Or do you have too many clients to do this?  In which case do you have an additional hub ?
0
 
LVL 1

Author Comment

by:geo_rge
Comment Utility
the diagram you drew was what I had originally, but you told me to change the Netgear to be on the same IP range as the clients, thereofre it looks like this:

Internet
|
Netgear
192.168.0.1
|
192.168.0.99 (NIC1)
Server
192.168.1.8 (NIC2)
|
192.168.0.15
Client

My Netgear router is capable of being DHCP server - but would prefer the Server to do it all if possible. I am setting this up in a very small environment, but will be taking this theory into a larger environment which has over 300PCs so I dont want to create too much work if I can avoid it.

I do have an additional HUB-Switch if required, and one is in use connected to the network.

I think the current config I have is what you recommended except I have the .0.1 instead of .1.1.

"Is your VPN Server NATted to the outside world so that VPN Clients can see it ?" - Im not sure what you mean. I could log into my server from the outside world before I changed my settings and I ran the VPN setup wizard, but caused probs as explained earlier with inet not working etc. etc. due to the 2 NICs or something else?
0
 
LVL 1

Author Comment

by:geo_rge
Comment Utility
Im at the stage where I can reconfigure anything - so long as it all works in the end.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 23

Expert Comment

by:Tim Holman
Comment Utility
I would stick with this:

Internet
|
Netgear
192.168.1.1-------------------------
|                                             |
192.168.1.8 (NIC2)             192.168.1.200
Server                                   Client

You don't need an extra NIC for the server as far as I can make out - one NIC is enough for VPN, DHCP, Internet access...
I wouldn't trust the server as a router either - their MTBF is too low, and besides, it's going to be busy doing other things and may end up being a vulnerable, single point of failure for your network.
0
 
LVL 1

Author Comment

by:geo_rge
Comment Utility
The only thing is the VPN wizard specifies you need 2 nics and wont let u continue if u only have one, thats why I installed it in the server? should I just ignore the 2nd NIC?
0
 
LVL 23

Expert Comment

by:Tim Holman
Comment Utility
Have you tried the Netgear ProSafe VPN client instead ?
If the Netgear can be your DHCP and VPN server, then it will cut down your deployment costs....  ;)

Can I also take you back a few steps to this diagram you drew:

Internet
|
Netgear
192.168.0.1
|
192.168.0.99 (NIC1)
Server
192.168.1.8 (NIC2)
|
192.168.0.15
Client

This would NOT work.  

Internet
|
Netgear
192.168.0.1
|
192.168.0.99 (NIC1)
Server
192.168.1.8 (NIC2)
|
192.168.1.15
Client

..but this would (both client and NIC2 are on the SAME subnet).  Client in this case would need default gateway of 192.168.1.8.
0
 
LVL 23

Expert Comment

by:Tim Holman
Comment Utility
Here are instructions on how to set your VPN server up with a single NIC -

http://www.pctechnicians.ca/help/singlenic.html
0
 
LVL 1

Author Comment

by:geo_rge
Comment Utility
Thanks for the info. Ill have a play tomorrow and let you know. I tried setting up the Netgear as VPN server but I had a lot of trouble getting the client to connect... the config. was very involved, unless there is an easier way to do this.

Ill be i touch. Not worried how its set up as long as it works OK in the end
0
 
LVL 1

Author Comment

by:geo_rge
Comment Utility
Sorry for the time taken to get back to you. The VPN using the document as posted does work, but still gives me the original problem I had - the internal network is not the same. I cant browse the internal Network via Net. Neighbourhood, and if I need to access the server, I have to do so using IP address rather than the name of the server. This is why I thought using 2 NICs would solve the problem, unless theres something else I can do with the 1 NIC method. thanks
0
 
LVL 23

Accepted Solution

by:
Tim Holman earned 500 total points
Comment Utility
If DNS is setup on the W2K server, and the VPN clients point to this, then name resolution should work fine ?
If not, setup an LMHOSTS file -

http://support.microsoft.com/?kbid=150800
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Do you have an old router lying around the house that you don’t know what to do with? Check the make and model, then refer to either of these links to see if its compatible. http://www.dd-wrt.com/site/support/router-database http://www.dd-wrt.c…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now