Matt_etech
asked on
Can you run VPN server on the same machine as the Web server?
I am currrently running a Web/ E-mail server on a Windows 2000 Server machine. I also need to set up a VPN. After configuring the RRAS, as soon as I started the service, web and email access was gone. As soon as I stopped the service, web and email access was restored. Can a VPN server co-exist on the same machine as the Web/ E-mail or should it always be seperate machines? Thanks.
Most VPN software will cut off all network traffic except the traffic between the two parties participating in the VPN. Personally I would put the VPN on another machine.
To answer your question: yes. Just look at SBS (Microsoft Small Business Server), it is a web server, exchange, SQL, RAS, everything but the kitchen sink all working at the same time.
To give you a direction to look at:
I would watch the services when you start the RRAS and when you stop the RRAS. I might also do some performance counters if you think you might be pushing the bar on the server. Lastly, I would use ethereal on another box and watch the traffic.
To give you a direction to look at:
I would watch the services when you start the RRAS and when you stop the RRAS. I might also do some performance counters if you think you might be pushing the bar on the server. Lastly, I would use ethereal on another box and watch the traffic.
Just so I might be able to give you additional help on this
Is the web IIS?
Is the email Exchange or other?
Is VPN Microsoft's?
When you said email access is gone, do you mean that a LAN workstation cannot access email, that a remote user cannot send email to the box, or that on the server, the email shuts down?
When you said web access shut down, are you able to pull up http:\\localhost?
Also does this happen when you start RRAS or when someone connects to RRAS?
Is the web IIS?
Is the email Exchange or other?
Is VPN Microsoft's?
When you said email access is gone, do you mean that a LAN workstation cannot access email, that a remote user cannot send email to the box, or that on the server, the email shuts down?
When you said web access shut down, are you able to pull up http:\\localhost?
Also does this happen when you start RRAS or when someone connects to RRAS?
Can you run VPN server on the same machine as the Web server? Yes
I am running it, however i am not running E-mail but it should not make a difference. are you running service pack 4? Is it failing on the server or the clients after they are connected?
I am running it, however i am not running E-mail but it should not make a difference. are you running service pack 4? Is it failing on the server or the clients after they are connected?
ASKER
Thanks, thats about what I figured. It is an older machine (p-3 667) and I think putting SBS on it and haveing it run all 3 would be a bit much for it, not to mention the time and trouble of taking it down and re-doing it with SBS. I have another machine that I can allocate to the job. Thanks
ASKER
Fails when the clients try get their email or bring up thier web sites
ASKER
kminfotech, it is IIS, the email is Imail, not exchange (I need multiple domains), and it happens as soon as rras starts, I have not yet actually made a connection
Can you test the services from the localhost?
FYI I wasn't suggesting reinstalling with SBS, just point out that it is possible.
Again, I would check to see if the email was accessible from the localhost and watch the services
Again, I would check to see if the email was accessible from the localhost and watch the services
ASKER
http://localhost brings up the default web site, but none of the others come up. Email does work locally but cannot be access from anywhere else.
So it sounds like the services are working yet just cannot access them. This could be a resource utilization deal or some weirdness with the configuration of the VPN server.
When the VPN server is on, can you ping from it/to it?
When the VPN server is on, can you ping from it/to it?
ASKER
ok, in the RRAS wizard you have to specify wich of the 2 NICs is the internet connection. On a hunch, I switched from the one I was currently using to the other one. Now while the RRAS service is running, the mail works everywhere and the websites work everywhere except from the local host, http://localhost does still bring up the default website though. But now it cannot see the local network, nor can the local network see it. Pings from either direction fail. Any other ideas?
ASKER
yes, from the local machine I can ping both NICs
Do you have 2 different default gateways? 1 for the LAN, 1 for the VPN. This is often the source of many issues.
ASKER
yes, according to some of the documents I have read, one should have the normal gateway, the other should have a blank gateway.
Gotcha.
Can you provide additional detail on this statement?
>But now it cannot see the local network, nor can the local network see it. Pings from either direction fail.
Can you provide additional detail on this statement?
>But now it cannot see the local network, nor can the local network see it. Pings from either direction fail.
ASKER
If you look in Network Places on the local machine, you can no longer see any other machines on the LAN, also the other machines no longer see it. A ping from the local machine to another on the LAN is unsuccesfull (host unreachable) with the same result when pinging this machine from another on the LAN.
Are the VPN NIC and the LAN NIC on the same subnet?
ASKER
yup
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am sure your right but I have had enough. I have another machine that I was going to just use as a file server for the VPN and it already had server 2003 on it. So I will use it as the VPN server and still store the data on it on a second drive. I set it up and seems to be working fine locally, now I just have to figure out how to get through the Smootwall....but thats another forum.
Thank you very much
Thank you very much