[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 183
  • Last Modified:

VPN Help

I am trying to configure a VPN for particular users to access their files off site but not having much luck. First time in VPM waters.

We are running Windows 2003 server (just one server), I added a second NIC to the server and I have outside routable IP addresses from the ISP.

I followed Microsoft step-by-step but cant seem to connect.

We are using a Cayman 3546 Netopia Router which is configured with DHCP (no DHCP on the server)

And a Linksys router that has been configured as a pass through (switch only).

The other issue that I am having is that when I enable the second NIC (with or without a static address) it confuses the workstation log-ins on occasion and wants to act as the inside NIC.

How should this NIC be configured?
Are there settings on the Netopia that I should be looking at

  • 3
1 Solution
Rob WilliamsCommented:
Windows PPTP VPN's do not like multiple NAT devices at any given site, such as 2 routers. This is likely the problem. Either the server itself, or the router to which it is connected should be assigned the public IP for it to work.
Is the Camen unit a combined modem and router? If so it needs to be put in Bridge mode and the Linksys configured with the ISP connection information.
bizzie247Author Commented:
I am sorry for the delay. Okay, I have taken the Linksys router out of the network so that is no longer an issue. It is still not working. Do I still have to put the Netopia in Bridge mode? Regarding the second NIC, should that be configured with the outside static IP and the gateway of the Netopia. Should the NIC have the DNS of the server or the Netopia?

Thanks for all of your help
Rob WilliamsCommented:
>>"Do I still have to put the Netopia in Bridge mode?"
Not if the Linksys has been removed.

>>Regarding the second NIC, should that be configured with the outside static IP and the gateway of the Netopia. "
Two options:
1) Common, assign the external NIC a static IP, or use DHCP, so that it obtains an IP in the same subnet as the LAN side of the Netopia.
2) Configure one-to-one NAT or put the Netopia in bridge mode (latter is risky) so that you can assign the 2nd NIC a public IP and gateway ass given to you by your ISP, if you have multiple public IP's

>>"Should the NIC have the DNS of the server or the Netopia?"
The server should be your DNS server, it should also be the DHCP server. If you add a second NIC to the server and insert the server between the workstations and Netopia, they will no longer have access to the Netopia's DHCP.
Have a look at the following for DNS and DHCP configurations:

Assuming you have completed the server installation, installed Active Directory, and joined the workstations to the Domain, make sure DNS is configured as follows, assuming a single network adapter:
-The server's external NIC should be configured with a static IP, the Internet router as the gateway, and only the server itself as the DNS server. Do not use an ISP DNS server here
-The servers internal NIC should be configured with  a static IP within a different subnet, no gateway assigned, and only the server itself as the DNS server. Do not use an ISP DNS server here
-Each workstation should be configured using DHCP (obtain and IP address and DNS automatically) or if configured with static addresses; a static IP in the same subnet as the server, same subnet mask as the server, the gateway pointing to your Internet router, and the DNS server pointing ONLY to the server/domain controller. Again do not put an ISP's DNS server here
-In the DNS management console under Administrative tools, right click on the server name and choose properties. On the Forwarders tab add your ISP's DNS servers
-If the workstations are using DHCP, open the DHCP management console on the server under Administrative tools and click on the server name to expand it, click on the scope to expand it, right click on scope options and choose configure options. On the general tab add the Internet router's IP in #003 router, the server's IP in #006 DNS Servers, and the domain name and suffix under #015 such as mydomain.local
-If  DHCP is enabled on the router, rather than the server, it should really be disabled on the router and configured on the server. Enabling DHCP on the server assists with dynamic updates to DNS for older clients, allows for central management, and far more scope options.
-The DHCP client service should be running on servers and workstations even where you are not using DHCP assignments. The DHCP client service controls the dynamic DNS updates
If you have been having DNS problems, on the workstations that have been having problems you should clear the DNS cache by entering at a command line  
  ipconfig  /flushdns
and then
  ipconfig  /registerdns
Rob WilliamsCommented:
Thanks bizzie247.
Cheers !

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now