How do you setup VPN  on Windows 2003 with 2 Ethernet Cards

Posted on 2007-04-10
Medium Priority
Last Modified: 2010-04-12
I have 3 Windows XP computers and one Windows 2003 server. I want to use the Win2003 server for hosting a WEB site and also as a VPN server. The IP addresses on all 4 computers are in 192.168.3.X.
I am able to view the web pages throught the Internet with no problem, and I can connect via VPN from a remote location.
When I login from a remote location into the VPN server, I get an IP of 192.168.7.X. This is because I specified a static address pool in the range of to and I can not access any of the computers.
I have a second ethernet card on the WIn2003 server but it is not configured.
What do I need to do to be able to access the computers through the VPN connection?

Question by:Ruben1717
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4

Expert Comment

ID: 18885655
Hi Ruben

The best solution would be to configure that unused ethernet card within the 192.168.3.x range ( preferably). This interface can then talk to the other computers and possibly act as a gateway (depending on your configuration).

I presume the VPN is coming in on the other interface (192.168.7.x) and talking to the Win2003 Server. Now as long as this is true, all you need is a service called Packet Forwarding configured on the Win2003 Server. I'm not sure what VPN software you are using but most (including the standard Microsoft Routing & Remote Access) enable this setting by default. So that should be it.

You may need to play around with the configuration but one things for sure, you definately want to utilize that other unused interface.

LVL 77

Expert Comment

by:Rob Williams
ID: 18885661
Either change the static address pool in the RRAS configuration to be part of the 192.168.3.x subnet, or on the remote computer you will need to add a static route.
If you want to add the route, on the client machine, find the client's assigned VPN IP by running 'ipconfig /all'  and locate the IP under the PPP adapter. Assuming for example purposes this is add the route, to the client machine:
route add mask
To remove the route:
route delete
However there is a catch. Every time a user connects they will be assigned a different IP, so the route changes. If you wish to assign a static IP you can do so near the bottom of the Dial-in page of the user's profile in active directory. Then you can make the route permanent by adding the '-p' option:
route -p add mask

I assume you can connect to shares on the RRAS server. If not make sure the local subnet at the client site differs from those at the server site. i.e. not 192.168.7.x, or 192.168.3.x

Author Comment

ID: 18909188
I must be missing something because I have not been able to access any of the computers.
The IP address at my remote computer is

I changed the address pool in RRAS to -> When I did this, I was not able to login to the network from the outside.

I changed the address pool to 192.168.7.x and then I was able to login from a remote computer and did a "route add mask" After I did this, I stil was not able to access the network.

I then removed the configuration from RRAS and have been playing with the configuration of the 2 NIC cards, but have not had any success.

The FTP server interface is
One interface in the VPN server is and the other one is
 I connected both interfaces from the VPN server into the same router.

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

LVL 77

Expert Comment

by:Rob Williams
ID: 18911262
>>"route add mask"
Almost. is the first IP in the static address pool so that is assigned to the RRAS server. You need to use your assigned VPN adapter address. To locate run IPConfig /all  The IP address under PPP adapter is the address you want to use in the route add statement.
The problem with this is the address is dynamic and changes each time you connect. If that works OK then under the dial-in tab of the users profile, in active directory you can add a static address that will be assigned to that client each time.

Author Comment

ID: 18922251
I must be doing something wrong because it still fails. I am able to connect to the VPN server, but I can not access any computers.  This is what I get from the command prompt:

PPP adapter aProd:
        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : 00-53-45-00-00-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . :
        Subnet Mask . . . . . . . . . . . :
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . :

C:\>route add mask

Connecting To not open connection to the host, on port 23:
Connect failed
LVL 77

Expert Comment

by:Rob Williams
ID: 18933114
In the above example you would want to use
route add mask
As a test run IPConfig while connected, and then add the route using your current PPP IP and see if you can connect.

Author Comment

ID: 18944395
I first establish a connection, then I do  
c:\ipconfig /all
This gives me the IP address, then I use that IP address int the route command
route add mask

It still does not let me access any of the computers in the network, not even the VNS server.

LVL 77

Expert Comment

by:Rob Williams
ID: 18954017
Odd, should work.
Are there any software firewalls running on the other systems such as Windows firewall, or Symantec security suite? They can often be configured to allow access from the local subnet only.

Author Comment

ID: 18962968
The VPN server is running the Windows firewall. I tried to disable it, but it does not let me. I get a message telling me that RRAS needs the firewall.
I have a windows XP system in the same subnet as the VPN server.. This computer hasZoneAlarm Pro.
I had not suspected it to be the problem, because I can not even access the VPN server itself from the remoote connection.
I am going to give it a try without ZoneAlarm.
LVL 77

Accepted Solution

Rob Williams earned 2000 total points
ID: 18970460
Actually on the VPN/RRAS server the Windows Firewall would be disabled, because you are using RRAS. Other firewalls will definitely be an issue, in particular zone alarm, however at his point if it is not running on the RRAS server it is not an issue.
Is NAT enabled in RRAS? It shouldn't be in this situation.

I find your comment earlier very interesting, or odd that this is the case; "I changed the address pool in RRAS to -> When I did this, I was not able to login to the network from the outside."

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

741 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question