Solved

How do you setup VPN  on Windows 2003 with 2 Ethernet Cards

Posted on 2007-04-10
13
253 Views
Last Modified: 2010-04-12
I have 3 Windows XP computers and one Windows 2003 server. I want to use the Win2003 server for hosting a WEB site and also as a VPN server. The IP addresses on all 4 computers are in 192.168.3.X.
I am able to view the web pages throught the Internet with no problem, and I can connect via VPN from a remote location.
When I login from a remote location into the VPN server, I get an IP of 192.168.7.X. This is because I specified a static address pool in the range of 192.168.7.100 to 192.168.7.110. and I can not access any of the computers.
I have a second ethernet card on the WIn2003 server but it is not configured.
What do I need to do to be able to access the computers through the VPN connection?

0
Comment
Question by:Ruben1717
  • 5
  • 4
13 Comments
 
LVL 2

Expert Comment

by:chris-k
ID: 18885655
Hi Ruben

The best solution would be to configure that unused ethernet card within the 192.168.3.x range (192.168.3.254 preferably). This interface can then talk to the other computers and possibly act as a gateway (depending on your configuration).

I presume the VPN is coming in on the other interface (192.168.7.x) and talking to the Win2003 Server. Now as long as this is true, all you need is a service called Packet Forwarding configured on the Win2003 Server. I'm not sure what VPN software you are using but most (including the standard Microsoft Routing & Remote Access) enable this setting by default. So that should be it.

You may need to play around with the configuration but one things for sure, you definately want to utilize that other unused interface.

Regards.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18885661
Either change the static address pool in the RRAS configuration to be part of the 192.168.3.x subnet, or on the remote computer you will need to add a static route.
If you want to add the route, on the client machine, find the client's assigned VPN IP by running 'ipconfig /all'  and locate the IP under the PPP adapter. Assuming for example purposes this is 192.168.7.101 add the route, to the client machine:
route add 192.168.3.0 mask 255.255.255.0 192.168.7.101
To remove the route:
route delete 192.168.3.0
However there is a catch. Every time a user connects they will be assigned a different IP, so the route changes. If you wish to assign a static IP you can do so near the bottom of the Dial-in page of the user's profile in active directory. Then you can make the route permanent by adding the '-p' option:
route -p add 192.168.3.0 mask 255.255.255.0 192.168.7.101

I assume you can connect to shares on the RRAS server. If not make sure the local subnet at the client site differs from those at the server site. i.e. not 192.168.7.x, or 192.168.3.x
0
 

Author Comment

by:Ruben1717
ID: 18909188
I must be missing something because I have not been able to access any of the computers.
The IP address at my remote computer is 192.168.1.17

I changed the address pool in RRAS to 192.168.3.200 -> 192.168.3.210. When I did this, I was not able to login to the network from the outside.

I changed the address pool to 192.168.7.x and then I was able to login from a remote computer and did a "route add 192.168.3.0 mask 255.255.255.0 192.168.7.200" After I did this, I stil was not able to access the network.

I then removed the configuration from RRAS and have been playing with the configuration of the 2 NIC cards, but have not had any success.

The FTP server interface is 192.168.3.3.
One interface in the VPN server is 192.168.3.5 and the other one is 192.168.7.5.
 I connected both interfaces from the VPN server into the same router.

0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18911262
>>"route add 192.168.3.0 mask 255.255.255.0 192.168.7.200"
Almost. 192.168.7.200 is the first IP in the static address pool so that is assigned to the RRAS server. You need to use your assigned VPN adapter address. To locate run IPConfig /all  The IP address under PPP adapter is the address you want to use in the route add statement.
The problem with this is the address is dynamic and changes each time you connect. If that works OK then under the dial-in tab of the users profile, in active directory you can add a static address that will be assigned to that client each time.
0
 

Author Comment

by:Ruben1717
ID: 18922251
I must be doing something wrong because it still fails. I am able to connect to the VPN server, but I can not access any computers.  This is what I get from the command prompt:

PPP adapter aProd:
        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : 00-53-45-00-00-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.7.202
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 192.168.7.202
        DNS Servers . . . . . . . . . . . : 192.168.7.1

C:\>route add 192.168.3.0 mask 255.255.255.0 192.168.7.202

C:a>telnet 192.168.3.3
Connecting To 192.168.3.3...Could not open connection to the host, on port 23:
Connect failed
C:\>
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 77

Expert Comment

by:Rob Williams
ID: 18933114
In the above example you would want to use
route add 192.168.3.0 mask 255.255.255.0 192.168.7.202
As a test run IPConfig while connected, and then add the route using your current PPP IP and see if you can connect.
0
 

Author Comment

by:Ruben1717
ID: 18944395
Yes,
I first establish a connection, then I do  
c:\ipconfig /all
This gives me the IP address  192.168.3.202, then I use that IP address int the route command
route add 192.168.3.0 mask 255.255.255.0 192.168.7.202.

It still does not let me access any of the computers in the network, not even the VNS server.

0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18954017
Odd, should work.
Are there any software firewalls running on the other systems such as Windows firewall, or Symantec security suite? They can often be configured to allow access from the local subnet only.
0
 

Author Comment

by:Ruben1717
ID: 18962968
The VPN server is running the Windows firewall. I tried to disable it, but it does not let me. I get a message telling me that RRAS needs the firewall.
I have a windows XP system in the same subnet as the VPN server.. This computer hasZoneAlarm Pro.
I had not suspected it to be the problem, because I can not even access the VPN server itself from the remoote connection.
I am going to give it a try without ZoneAlarm.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 18970460
Actually on the VPN/RRAS server the Windows Firewall would be disabled, because you are using RRAS. Other firewalls will definitely be an issue, in particular zone alarm, however at his point if it is not running on the RRAS server it is not an issue.
Is NAT enabled in RRAS? It shouldn't be in this situation.

I find your comment earlier very interesting, or odd that this is the case; "I changed the address pool in RRAS to 192.168.3.200 -> 192.168.3.210. When I did this, I was not able to login to the network from the outside."
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Join & Write a Comment

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now