asked on Enable Internet Access for VPN Clients on Win2003
Hello,
I have a Windows 2003 Standard Server on which VPN Clients are enabled and can connect. This server has only one network interface to which there are assigned two IP addressed (one public [let's say WAN-IP] and the other private [lets say LAN-IP]
The remote clients now are able to connect to the organizational network from their home and laptops by establishing a VPN connection to the WAN-IP and all organizational resources are available.
I want my VPN server to be a NAT server and allow Internet access to the VPN Users.
PLEASE NOTE: I do NOT WANT enable client side settings such as Split-Tunnelling as describe in:
http://download.microsoft.com/download/5/6/9/5695b3a2-bfbb-4638-8058-de94c3c5b7ff/12_CHAPTER_8_Deploying_Dial-up_and_VPN_Remote_Access_Servers.doc
instead I want that my VPN clients be able to access the Internet the same way that the PCs from the subnet of my VPN servers do (Via NAT and with the source IP of WAN-IP)
Any Help is appreciated,
Thanks
I have a Windows 2003 Standard Server on which VPN Clients are enabled and can connect. This server has only one network interface to which there are assigned two IP addressed (one public [let's say WAN-IP] and the other private [lets say LAN-IP]
The remote clients now are able to connect to the organizational network from their home and laptops by establishing a VPN connection to the WAN-IP and all organizational resources are available.
I want my VPN server to be a NAT server and allow Internet access to the VPN Users.
PLEASE NOTE: I do NOT WANT enable client side settings such as Split-Tunnelling as describe in:
http://download.microsoft.com/download/5/6/9/5695b3a2-bfbb-4638-8058-de94c3c5b7ff/12_CHAPTER_8_Deploying_Dial-up_and_VPN_Remote_Access_Servers.doc
instead I want that my VPN clients be able to access the Internet the same way that the PCs from the subnet of my VPN servers do (Via NAT and with the source IP of WAN-IP)
Any Help is appreciated,
Thanks
Microsoft Server OSWindows Server 2003Windows OS
Last Comment
Vee_Mod
Remove the "." zone in DNS and enter your ISP's IP address in DNS properties
Your router should have the NAT function anyway
ASKER
Many Thanks, but I happily I could solve the problem myself, here is the solution:
NOTE: There is no specific router in my configuration (except win2003 running RAS)
Since windows 2003 standard edition can not handle that with normal configuration, you should do these:
1) Make a backup of your RAS config (if you care about returning to any previous configurations!)
2) Run the "Configure your server" Wizard from administrative tools.
3) Choose RAS/VPN server role and click next (It may be set to yes/no according to your previous comfigurations)
4) It may ask you to remove the current configs , if so allow the wizard to do so.(Wizard will finish and you need to run it again until this step.
5) continue in the configuration wizard with ras/VPN option highlighted.
7) Select the VPN role and finish the wizard.
8) IMPORTANT (Trick): you should not have two IP addresses assigned to a single interface. Instead Remove the private IP from that interface and assign it to your RAS server's VPN Address pool. The address pool will start at your currently assigned secondary address.
9) Add the NAT Role to your "Routing and Remote access " configurations
10) Voila. You have the configurations done.
NOTE: There is no specific router in my configuration (except win2003 running RAS)
Since windows 2003 standard edition can not handle that with normal configuration, you should do these:
1) Make a backup of your RAS config (if you care about returning to any previous configurations!)
2) Run the "Configure your server" Wizard from administrative tools.
3) Choose RAS/VPN server role and click next (It may be set to yes/no according to your previous comfigurations)
4) It may ask you to remove the current configs , if so allow the wizard to do so.(Wizard will finish and you need to run it again until this step.
5) continue in the configuration wizard with ras/VPN option highlighted.
7) Select the VPN role and finish the wizard.
8) IMPORTANT (Trick): you should not have two IP addresses assigned to a single interface. Instead Remove the private IP from that interface and assign it to your RAS server's VPN Address pool. The address pool will start at your currently assigned secondary address.
9) Add the NAT Role to your "Routing and Remote access " configurations
10) Voila. You have the configurations done.
ASKER
I am going to ask the community to close this question.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.