Avatar of Seyed Ali Fakoorpoor
Seyed Ali Fakoorpoor
Flag for Iran, Islamic Republic of asked on

Enable Internet Access for VPN Clients on Win2003


I have a Windows 2003 Standard Server on which VPN Clients are enabled and can connect. This server has only one network interface to which there are assigned two IP addressed (one public [let's say WAN-IP] and the other private [lets say LAN-IP]

The remote clients now are able to connect to the organizational network from their home and laptops by establishing a VPN connection to the WAN-IP and all organizational resources are available.

I want my VPN server to be a NAT server and allow Internet access to the VPN Users.

PLEASE NOTE: I do NOT WANT enable client side settings such as Split-Tunnelling as describe in:
instead I want that my VPN clients be able to access the Internet the same way that the PCs from the subnet of my VPN servers do (Via NAT and with the source IP of WAN-IP)

Any Help is appreciated,
Microsoft Server OSWindows Server 2003Windows OS

Avatar of undefined
Last Comment

8/22/2022 - Mon

Remove the "." zone in DNS and enter your ISP's IP address in DNS properties

Your router should have the NAT function anyway
Seyed Ali Fakoorpoor

Many Thanks, but I happily I could solve the problem myself, here is the solution:

NOTE: There is no specific router in my configuration (except win2003 running RAS)

Since windows 2003 standard edition can not handle that with normal configuration, you should do these:

1) Make a backup of your RAS config (if you care about returning to any previous configurations!)
2) Run the "Configure your server" Wizard from administrative tools.
3) Choose RAS/VPN server role and click next (It may be set to yes/no according to your previous comfigurations)
4) It may ask you to remove the current configs , if so allow the wizard to do so.(Wizard will finish and you need to run it again until this step.
5) continue in the configuration wizard with ras/VPN option highlighted.
7) Select the VPN role and finish the wizard.
8) IMPORTANT (Trick): you should not have two IP addresses assigned to a single interface. Instead Remove the private IP from that interface and assign it to your RAS server's VPN Address pool. The address pool will start at your currently assigned secondary address.
9) Add the NAT Role to your "Routing and Remote access " configurations
10) Voila. You have the configurations done.

Your help has saved me hundreds of hours of internet surfing.
Seyed Ali Fakoorpoor

I am going to ask the community to close this question.

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.