[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 383
  • Last Modified:

Can you run VPN server on the same machine as the Web server?

I am currrently running a Web/ E-mail server on a Windows 2000 Server machine.  I also need to set up a VPN.  After configuring the RRAS, as soon as I started the service, web and email access was gone.  As soon as I stopped the service, web and email access was restored.  Can a VPN server co-exist on the same machine as the Web/ E-mail or should it always be seperate machines? Thanks.
0
Matt_etech
Asked:
Matt_etech
1 Solution
 
rshooper76Commented:
Most VPN software will cut off all network traffic except the traffic between the two parties participating in the VPN.  Personally I would put the VPN on another machine.
0
 
kminfotechCommented:
To answer your question:  yes.  Just look at SBS (Microsoft Small Business Server), it is a web server, exchange, SQL, RAS, everything but the kitchen sink all working at the same time.

To give you a direction to look at:

I would watch the services when you start the RRAS and when you stop the RRAS.  I might also do some performance counters if you think you might be pushing the bar on the server.  Lastly, I would use ethereal on another box and watch the traffic.
0
 
kminfotechCommented:
Just so I might be able to give you additional help on this

Is the web IIS?
Is the email Exchange or other?
Is VPN Microsoft's?

When you said email access is gone, do you mean that a LAN workstation cannot access email, that a remote user cannot send email to the box, or that on the server, the email shuts down?

When you said web access shut down, are you able to pull up http:\\localhost?

Also does this happen when you start RRAS or when someone connects to RRAS?
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
Mikec200iCommented:
Can you run VPN server on the same machine as the Web server? Yes
I am running it, however i am not running E-mail but it should not make a difference. are you running service pack 4? Is it failing on the server or the clients after they are connected?
0
 
Matt_etechAuthor Commented:
Thanks, thats about what I figured.  It is an older machine (p-3 667) and I think putting SBS on it and haveing it run all 3 would be a bit much for it, not to mention the time and trouble of taking it down and re-doing it with SBS.  I have another machine that I can allocate to the job.  Thanks
0
 
Matt_etechAuthor Commented:
Fails when the clients try get their email or bring up thier web sites
0
 
Matt_etechAuthor Commented:
kminfotech, it is IIS, the email is Imail, not exchange (I need multiple domains), and it happens as soon as rras starts, I have not yet actually made a connection
0
 
kminfotechCommented:
Can you test the services from the localhost?
0
 
kminfotechCommented:
FYI I wasn't suggesting reinstalling with SBS, just point out that it is possible.

Again, I would check to see if the email was accessible from the localhost and watch the services
0
 
Matt_etechAuthor Commented:
http://localhost brings up the default web site, but none of the others come up.  Email does work locally but cannot be access from anywhere else.
0
 
kminfotechCommented:
So it sounds like the services are working yet just cannot access them.  This could be a resource utilization deal or some weirdness with the configuration of the VPN server.

When the VPN server is on, can you ping from it/to it?
0
 
Matt_etechAuthor Commented:
ok, in the RRAS wizard you have to specify wich of the 2 NICs is the internet connection.  On a hunch, I switched from the one I was currently using to the other one.  Now while the RRAS service is running, the mail works everywhere and the websites work everywhere except from the local host, http://localhost does still bring up the default website though. But now it cannot see the local network, nor can the local network see it.  Pings from either direction fail.  Any other ideas?
0
 
Matt_etechAuthor Commented:
yes, from the local machine I can ping both NICs
0
 
kminfotechCommented:
Do you have 2 different default gateways?  1 for the LAN, 1 for the VPN.  This is often the source of many issues.
0
 
Matt_etechAuthor Commented:
yes, according to some of the documents I have read, one should have the normal gateway, the other should have a blank gateway.
0
 
kminfotechCommented:
Gotcha.

Can you provide additional detail on this statement?

>But now it cannot see the local network, nor can the local network see it.  Pings from either direction fail.
0
 
Matt_etechAuthor Commented:
If you look in Network Places on the local machine, you can no longer see any other machines on the LAN, also the other machines no longer see it.  A ping from the local machine to another on the LAN is unsuccesfull (host unreachable) with the same result when pinging this machine from another on the LAN.
0
 
kminfotechCommented:
Are the VPN NIC and the LAN NIC on the same subnet?
0
 
Matt_etechAuthor Commented:
yup
0
 
kminfotechCommented:
That's the problem.  The ping and any data response from email/web are attempting to go out the VPN tunnel and dying.  Give your VPN NIC a public address or a seperate subnet.  Should solve all your worries.
0
 
Matt_etechAuthor Commented:
I am sure your right but I have had enough.  I have another machine that I was going to just use as a file server for the VPN and it already had server 2003 on it.  So I will use it as the VPN server and still store the data on it on a second drive.  I set it up and seems to be working fine locally, now I just have to figure out how to get through the Smootwall....but thats another forum.
Thank you very much
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now