Enable Internet Access for VPN Clients on Win2003

Al fa
Al fa used Ask the Experts™
on
Hello,

I have a Windows 2003 Standard Server on which VPN Clients are enabled and can connect. This server has only one network interface to which there are assigned two IP addressed (one public [let's say WAN-IP] and the other private [lets say LAN-IP]

The remote clients now are able to connect to the organizational network from their home and laptops by establishing a VPN connection to the WAN-IP and all organizational resources are available.

I want my VPN server to be a NAT server and allow Internet access to the VPN Users.

PLEASE NOTE: I do NOT WANT enable client side settings such as Split-Tunnelling as describe in:
http://download.microsoft.com/download/5/6/9/5695b3a2-bfbb-4638-8058-de94c3c5b7ff/12_CHAPTER_8_Deploying_Dial-up_and_VPN_Remote_Access_Servers.doc
instead I want that my VPN clients be able to access the Internet the same way that the PCs from the subnet of my VPN servers do (Via NAT and with the source IP of WAN-IP)

Any Help is appreciated,
Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Remove the "." zone in DNS and enter your ISP's IP address in DNS properties
Your router should have the NAT function anyway
Al faR&D, ITOps Mgr

Author

Commented:
Many Thanks, but I happily I could solve the problem myself, here is the solution:

NOTE: There is no specific router in my configuration (except win2003 running RAS)

Since windows 2003 standard edition can not handle that with normal configuration, you should do these:

1) Make a backup of your RAS config (if you care about returning to any previous configurations!)
2) Run the "Configure your server" Wizard from administrative tools.
3) Choose RAS/VPN server role and click next (It may be set to yes/no according to your previous comfigurations)
4) It may ask you to remove the current configs , if so allow the wizard to do so.(Wizard will finish and you need to run it again until this step.
5) continue in the configuration wizard with ras/VPN option highlighted.
7) Select the VPN role and finish the wizard.
8) IMPORTANT (Trick): you should not have two IP addresses assigned to a single interface. Instead Remove the private IP from that interface and assign it to your RAS server's VPN Address pool. The address pool will start at your currently assigned secondary address.
9) Add the NAT Role to your "Routing and Remote access " configurations
10) Voila. You have the configurations done.


Al faR&D, ITOps Mgr

Author

Commented:
I am going to ask the community to close this question.
Commented:
Closed, 500 points refunded.
Vee_Mod
Community Support Moderator

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial