• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 377
  • Last Modified:

configure a 2003 server VPN with only one network card

I'm thinking about setting up RRAS on a 2003 server to create VPN connections. We have another VPN solution but I'd like to explore other options. The way the network is set up now, all my servers are behind a firewall and only use one network adapter. I'd rather not reconfigure the entire network, so I want to use what is already set up. A lot of what I read though, the RRAS needs to use two NIC's. However, how difficult is it to set up a server with only one NIC as a VPN server? Anyone know of any good tutorials and/or walkthroughs? Anyone with experience doing this?
0
FreemanWhite
Asked:
FreemanWhite
  • 5
  • 3
1 Solution
 
mikeleebrlaCommented:
yes you can do it with only 1 NIC.  I have done it but there is a trick to doing it.  please forgive me since im going from memory here. first just install plain vanilla RRAS with no options set.  Once you have RRAS installed then go back and configure the VPN.  which server are you going to be using as the DHCP server to give out the IPs?  Ive only done it where another server is the DHCP server.  it may be possible to use the same server for both VPN and DHCP, but ive never done it.  this page has 4 or 5 guides on how to set it up.  Remember that if you are using a PPTP VPN (the easiest to setup) you will have to allow TCP port 1723 and the GRE protocol to come through your firewall (this is sometimes called protocol 47) but do not get this confused with TCP port 47 as they are two seperate things alltogether. allowing tcp port 47 through will do nothing for you.

when you say "all my servers are behind a firewall and only use one network adapter" do you mean you just have one public IP exposed? if so then you will have to forward GRE to your VPN server (which your router might not be able to do)

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/rmotevpn.mspx

when you get to step 11 in the VPN section, just pick your one existing NIC.
0
 
2hypeCommented:
I think you need 2 NICS to enable VPN on a Windows Server.  The NIC'S will also have to be on diffrent IP Ranges.  I have not seen of way to create a VPN with only 1 Nic.
0
 
FreemanWhiteAuthor Commented:
Sorry for the confusion, I should clarify "all my servers are behind a firewall and only use one network adapter"..........My firewall does the public ip translation. I guess what I'm trying to explain is I have no perimeter network....just a firewall a router and all the servers behind the firewall.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
mikeleebrlaCommented:
2hype, no you dont need two nics,,, as i stated in my initial post it can be done with one since ive done it. I actually VPN into it every day, so i know it can be done.
0
 
mikeleebrlaCommented:
how many public IPs do you have?  do you have a "spare" public IP so you can to a 1 to 1 static mapping to the VPN server's private IP?  that would be best.
0
 
FreemanWhiteAuthor Commented:
Yes, I have a few spare one's. How about if I were to use a server with an existing public IP? Could I just add a mapping in the sonicwall for PPTP that goes to that server? I found another article that says to use the private ip as the internet interface, and then configure the firewall to translate PPTP traffic sent to the public ip to the internal interface.....which I belive you're describing as well.
0
 
mikeleebrlaCommented:
yes it is best not to have the server "directly" have a public IP, but to have it NATed (either 1-to-1 or using PAT), that way people aren't connecting directly to your server but rather going through your router/firewall.  in a NAT setup the server would have a private IP  (what you see on the NIC's properties) and then the router/firewall would simply map a public IP to that servers public IP. for example

public            private
169.1.2.3     172.25.1.2

so any requst going to 169.1.2.3 would be "forwarded" or sent to 172.25.1.2

0
 
FreemanWhiteAuthor Commented:
Thank you, I will give this a shot, it sounds straightforward, but we all know what happenes when those words are spoken!
0
 
mikeleebrlaCommented:
yeah,,, i had to do mine a few times with different options before it let me do it with only one NIC, but it can be done, but to the best of my memory the trick was to install a plain RRAS server first with nothing configured and then setup the VPN
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now