We help IT Professionals succeed at work.

Neet help setting up VPN on Windows Server 2003

378 Views
Last Modified: 2010-08-05
I have a Windows Server 2003 machine with 2 NICs installed. I'm trying to set it up as a VPN. I can successfully connect from the outside but I can't see any of the standard network shares nor can I ping any devices on the internal network. I must have missed some setup or made an error in the configuration. Can anyone help me?
Comment
Watch Question

give us all of your IP settings for both the 2 nic cards AND how you set up the VPN, I assume you are using Microsoft RRAS?  What type of vpn, how clients get their ip info... be good to have the ip information for the vpn connection from a client too, all this will help us to determine what the issue is.
Russ SuterSenior Software Developer
CERTIFIED EXPERT

Author

Commented:
I have 2 NICs. The one at 192.168.1.4 is the IP used internally on our network here. The other at 192.168.1.14 is the Internet access NIC. As it turns out, both NICs happen to be connected to the same Linksys router since it's the only router we have. I am using Microsoft RRAS. I have specified that clients get their IP addresses from the IP range of 192.168.1.40 to 192.168.1.49. I can connect to the VPN and it authenticates successfully. I just can't see any of the computers on the other side.
CERTIFIED EXPERT
Top Expert 2013

Commented:
First thought is: might the site from which you are connecting also be using the 192.168.1.x subnet? It must be different. If not you will have results as you are experiencing - very common.

You may have difficulties getting this to work with both NIC's in the same subnet. RRAS is intended to manage routing. Routing takes place between subnets, not within the same subnet.
Normally the external and Internal NIC would be on different subnets. The way you have it with both on the same and both connected to the same router, there is no advantage of having 2 NICs. You could simply disable the external one, and configure accordingly.
Russ SuterSenior Software Developer
CERTIFIED EXPERT

Author

Commented:
So, if you please, for clarification:

as long as the subnet of the host computer is different from the subnet of the client computer I should be OK?

Currently they are both on the 192.168.1.xxx subnet. Changing either end to any other subnet will resolve the issue?
CERTIFIED EXPERT
Top Expert 2013

Commented:
>>"as long as the subnet of the host computer is different from the subnet of the client computer I should be OK?"
Probably <G>. The fact that you have 2 NIC's on the server in the same subnet may come into play as well.

However, typically if the VPN client has "use default gateway on remote network" checked (see below for location), and the subnets of the host and client are the same, you will be able to connect to the VPN server, but no other device on the server's LAN, as routing cannot take place. The "remote gateway" option is enabled by default. If you un-check that option, and the subnets are the same you will not even be able to connect to the VPN server.

Changing the subnet at either site should resolve the problem.

The "remote gateway" option is located:
On the client machine go to: control panel | network connections | right click on the VPN/Virtual adapter and choose properties | Networking | TCP/IP -properties | Advanced | General | un-check  "Use default gateway on remote network"
Yep, that would be what I would do, if possible, change both your networks to something less common.  I.E. the internal work network to lets say, 192.168.32.X  and the VPN nic to 192.168.33.X and then set your subnet to 255.255.252.0 (for both networks) and give a range for your VPN clients of that same subnet (192.168.33.X).  That should eliminate the problem with the 192.168.1.X networks (all networks up to 192.168.31.X and equal to or over 192.168.36.X actually).
CERTIFIED EXPERT
Top Expert 2013

Commented:
Nope!
Using a subnet mask of  255.255.252.0 will put 192.168.32.X and 192.168.33.x in the same subnet and you will have the same problem. You would need to use 255.255.255.0

At the VPN server site as banks1850's suggested, if you can use an uncommon subnet it will avoid problems for mobile clients that may run into the 192.168.1.x subnet elsewhere such as hotels. However I appreciate that end is often a big job to change.
Russ SuterSenior Software Developer
CERTIFIED EXPERT

Author

Commented:
OK. Perhaps I should break this down a bit. Let's start with the hardware. Here's what I have and how it's connected. Please tell me how to reconfigure it correctly.

Windows Server 2003 machine with dual NICs
Linksys WRT54G wireless router
various other machines connected behind the router using additional switches.

Currently the connections are as follows:

Outside Internet connection -> WRT54G -> (2 connections) to the server and all other network connections.

I'm pretty sure this is incorrect. How SHOULD it be configured?
CERTIFIED EXPERT
Top Expert 2013
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Russ SuterSenior Software Developer
CERTIFIED EXPERT

Author

Commented:
OK, I followed your advice (which was very thorough, thank you) and it is working. I'm getting a connection. I even changed the subnet of my remote network to try it out (easier to do that than reconfigure the subnet at the office which is the host network). I connected and authenticated and did an ipconfig /all and noticed that the subnet mask of the VPN connection was 255.255.255.255. I'm no networking expert but I'm pretty sure that's bad. I can't figure out how to fix it though. Any thoughts?
Russ SuterSenior Software Developer
CERTIFIED EXPERT

Author

Commented:
Oh, nevermind. I can get to everything by its IP address. So how do I install and setup the WINS server?
CERTIFIED EXPERT
Top Expert 2013
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Russ SuterSenior Software Developer
CERTIFIED EXPERT

Author

Commented:
You've been unbelievably helpful and I thank you. I only wish I could give you more points! Now I just need to learn how to configure a WINS server :)
CERTIFIED EXPERT
Top Expert 2013

Commented:
You are very welcome Russ_Suter, and thank you.
as for WINS it should be pretty straight forward using the "add role" tool, on a single server. Little more involved in a multi WIN server environment.
Cheers !
--Rob

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.