Seyed Ali Fakoorpoor
asked on
Enable Internet Access for VPN Clients on Win2003
Hello,
I have a Windows 2003 Standard Server on which VPN Clients are enabled and can connect. This server has only one network interface to which there are assigned two IP addressed (one public [let's say WAN-IP] and the other private [lets say LAN-IP]
The remote clients now are able to connect to the organizational network from their home and laptops by establishing a VPN connection to the WAN-IP and all organizational resources are available.
I want my VPN server to be a NAT server and allow Internet access to the VPN Users.
PLEASE NOTE: I do NOT WANT enable client side settings such as Split-Tunnelling as describe in:
http://download.microsoft.com/download/5/6/9/5695b3a2-bfbb-4638-8058-de94c3c5b7ff/12_CHAPTER_8_Deploying_Dial-up_and_VPN_Remote_Access_Servers.doc
instead I want that my VPN clients be able to access the Internet the same way that the PCs from the subnet of my VPN servers do (Via NAT and with the source IP of WAN-IP)
Any Help is appreciated,
Thanks
I have a Windows 2003 Standard Server on which VPN Clients are enabled and can connect. This server has only one network interface to which there are assigned two IP addressed (one public [let's say WAN-IP] and the other private [lets say LAN-IP]
The remote clients now are able to connect to the organizational network from their home and laptops by establishing a VPN connection to the WAN-IP and all organizational resources are available.
I want my VPN server to be a NAT server and allow Internet access to the VPN Users.
PLEASE NOTE: I do NOT WANT enable client side settings such as Split-Tunnelling as describe in:
http://download.microsoft.com/download/5/6/9/5695b3a2-bfbb-4638-8058-de94c3c5b7ff/12_CHAPTER_8_Deploying_Dial-up_and_VPN_Remote_Access_Servers.doc
instead I want that my VPN clients be able to access the Internet the same way that the PCs from the subnet of my VPN servers do (Via NAT and with the source IP of WAN-IP)
Any Help is appreciated,
Thanks
Remove the "." zone in DNS and enter your ISP's IP address in DNS properties
Your router should have the NAT function anyway
ASKER
Many Thanks, but I happily I could solve the problem myself, here is the solution:
NOTE: There is no specific router in my configuration (except win2003 running RAS)
Since windows 2003 standard edition can not handle that with normal configuration, you should do these:
1) Make a backup of your RAS config (if you care about returning to any previous configurations!)
2) Run the "Configure your server" Wizard from administrative tools.
3) Choose RAS/VPN server role and click next (It may be set to yes/no according to your previous comfigurations)
4) It may ask you to remove the current configs , if so allow the wizard to do so.(Wizard will finish and you need to run it again until this step.
5) continue in the configuration wizard with ras/VPN option highlighted.
7) Select the VPN role and finish the wizard.
8) IMPORTANT (Trick): you should not have two IP addresses assigned to a single interface. Instead Remove the private IP from that interface and assign it to your RAS server's VPN Address pool. The address pool will start at your currently assigned secondary address.
9) Add the NAT Role to your "Routing and Remote access "Â configurations
10) Voila. You have the configurations done.
NOTE: There is no specific router in my configuration (except win2003 running RAS)
Since windows 2003 standard edition can not handle that with normal configuration, you should do these:
1) Make a backup of your RAS config (if you care about returning to any previous configurations!)
2) Run the "Configure your server" Wizard from administrative tools.
3) Choose RAS/VPN server role and click next (It may be set to yes/no according to your previous comfigurations)
4) It may ask you to remove the current configs , if so allow the wizard to do so.(Wizard will finish and you need to run it again until this step.
5) continue in the configuration wizard with ras/VPN option highlighted.
7) Select the VPN role and finish the wizard.
8) IMPORTANT (Trick): you should not have two IP addresses assigned to a single interface. Instead Remove the private IP from that interface and assign it to your RAS server's VPN Address pool. The address pool will start at your currently assigned secondary address.
9) Add the NAT Role to your "Routing and Remote access "Â configurations
10) Voila. You have the configurations done.
ASKER
I am going to ask the community to close this question.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.