?
Solved

Setup VPN on Windows 2003 Small Business Server with two network cards behind a firewall

Posted on 2006-06-01
7
Medium Priority
?
414 Views
Last Modified: 2010-04-12
Hi,

I'm not that advanved in networking and it's my first time to touch this VPN stuff. What we would like to do is set up a VPN in our workplace for our employees to access the servers files frm home. I've tried implementing it myself with what i've read in articles but i have no luck. Here's my settings

Linksys RV082 Dual Broadband Router
- IP 172.16.0.1 with dual WAN
- Subnet 255.255.255.0

Server with DNS, DHCP, AD, DC, IIS and File services. Now to install a VPN
- with dual Network Cards

NIC1:
IP 192.168.0.5
Subnet 255.255.255.0
Gateway 192.168.0.5
DNS 192.168.0.5
WINS 192.168.0.5

NIC2:
IP 172.16.0.5
Subnet 255.255.255.0
Gateway 172.16.0.1
DNS 192.168.0.5
WINS none

The network setup is like this

Internet -> Router -> (NIC2) Server
Then from the Router -> Switch -> (NIC1) Server
Then from the Switch -> Workstations

When i tried this setup, the LAN worked perfectly, i was able to login using the AD of the server from the workstations and use the DHCP from the server to get an IP.

However my workstations could not connect to the internet.

At this point too, i had the VPN set up but i haven't tried to connect from outside the network. I guess once i'm passed this part i can play around with the VPN.

I need help. Thanks.
0
Comment
Question by:marcomaranao
  • 3
  • 2
5 Comments
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16809284
>>"However my workstations could not connect to the internet."
If you are going to use 2 network adapters (you can easily do this with only on if you wish), you should change the physical configuration to:
Internet -> Router -> (NIC2) Server
Switch -> (NIC1) Server  (do not connect switch to router for this scenario)
Then from the Switch -> Workstations
Then you will need to configure Routing and Remote Access to enable and configure NAT (Network Address Translation) on the server. This will control the flow of traffic from the LAN to the WAN, and it will also allow you to configure the VPN. With small Business server it is always best to use the wizards. Not only do they walk you through the steps, but there are so many integrated parts to SBS that it is best to allow it to look after these additional features for you. To start the wizard open the Server management tool, click on Internet and e-mail. Then choose "Connect to the Internet" to set up the Internet connection and NAT for the internal users. Once complete, click on "Configure Remote Access" to configure the VPN.

On the RV042 you will also set up forwarding of port 1723 traffic to 172.16.0.5 and on the router check "enable PPTP Pass-through"

The other option for the VPN is to use the Linksys QuickVPN client that is included with the RV042. Doing so means you do not have to configure port forwarding or set up the VPN on the SBS.
0
 

Author Comment

by:marcomaranao
ID: 16809517
I just thought of that right after i wrote this question. So now i'm just going to use 1 nic and use the router as the VPN and not set it up on the Win03SBS. But this is a good answer for me in the future if ever i would need to set one up without the VPN router. Thanks.

So this is my settings now. On the RV082 router, i enabled the PPTP server and set up a user. I was able to connect remotely using the credentials that i set up on the router.

On our server, we have a file service running, however, when i try to access the server it and enter the new credentials to access the network, it tell sme that i do not have permission. Where do i go and set the permissions so that a user can access the file service through the VPN?

Thanks again.
0
 
LVL 78

Accepted Solution

by:
Rob Williams earned 1000 total points
ID: 16809585
If the connecting user's computer is not a member of the domain try:
1) add the domain and suffix to the advanced TCP/IP properties of their network adapter under DNS next to "DNS suffix for this connection" such as  mydomain.abc
2) have the user connect using the domain name and user name such as;  myname@domainname.abc  or   domainname.abc\myname

See if one of those will help.
0
 

Author Comment

by:marcomaranao
ID: 16810543
Thanks. The second way worked and i was able to see one of the workstation's shared documents. However, i'm still having trouble connecting to the server's shared documents. Is there something that i should reconfigure on the server? I'm pretty sure i have the credentials correctly, since i'm using the same logon as if i were in the intranet.

Also i notice that the connection is terribly slow and once i was connected to the VPN, i could not browse the internet on my browser.

Is there anything that i can do?

Thanks.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16811723
When setting up RRAS there is the option to enable a basic firewall. Did you enable that? It might be blocking the server shares?

As for not being able to connect to the Internet locally, there is a security feature in the VPN client that blocks local connections, including local Internet access, to protect the office/remote network. You can disable this if you wish. To do so on the client/connecting PC, go to:
control panel | network connections | right click on the VPN/Virtual adapter and choose properties | Networking | TCP/IP -properties | Advanced | General | un-check  "Use default gateway on remote network"
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let’s list some of the technologies that enable smooth teleworking. 
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question