• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 859
  • Last Modified:

VPN Server behind firewall on single NIC

Customer is running small domain on win2k server sp4. There is a ADSL modem/firewall/router providing internet access. Customer wants VPN operational. I haven't played with VPN on windows server & have been reading up on this. Customer is not interested in buying another server for VPN so it's got to be on the DC & I'm interested in minimal disruption & reconfiguration in the network. So my question boils down to this:

Is it possible to implement VPN using only the current single internal NIC on the server?
I can configure whatever is required for routing/port passthru/etc so this is not an issue.

I did start just trying to test it but of course as soon as I installed/enable RRAS it blocked the LAN & I had to stop the server to allow LAN access.

Please note that whilst I mark my level on this as beginner, that is to do with my VPN knowledge only.

  • 3
  • 2
1 Solution

You don't need to break the customer service for install this option.
Yes, you can support RRAS with only one NIC.

Use wizard assistant and be aware of this points:

1st: open ports TCP1723 and GRE (protocol 47) in your router with NAT to the RRAS server.
2nd: configure RRAS service in your server. Only remote access, don't configure routing because it's not necessari.
3th: in RRAS server configure policies in order to accept in connections (allow almost the two rules defined by default).
4ht: explain to RRAS server where to obtain IP configuration: you can define a DHCP server, or a range of IP add.

Don't heistate contact again

EDP_NIAdminAuthor Commented:
Hi Jordibartrina,

Used wizard to do the install/config of RRAS. RRas is stopped but configurable.
Have disabled routing

server properties - General TAB - Enable this computer as : -> RAS only
server properties - IP TAB - "enable IP routing" unticked
server properties - IP TAB - IP address assignment - Static IP pool

Default policy is "Allow access if dial in permission enabled"

No other policies, but then these are policies for remote access.

The core issue I have is that as soon as I start the RAS server I lose ALL LAN access. Can't ping anything, PC's can't access the server. I presume the RAS server is locking down the IF because it wants it secure, how do I stop it doing this?


EDP_NIAdminAuthor Commented:
Have found area under IP Routing in RRAS. Server->IP Routing->General->Local IF-> properties
In the General TAB I have found "Enable IP Router Management" turned on. Don't know if this makes a difference as routing is turned off, but have disabled anyway.

Also, filters set for this interface would DEFINITELY block LAN if they go operational. Can't test this now as server is live but wondering if this is the right area? Can't as usual find any reference to this in the windows help.
--In the General TAB I have found "Enable IP Router Management" turned on--
It's ok.

Filters for Local IF should be empty.

Please verify if your static routes in rras configuration are well defined.
You can find it in IP Routing->Static routes->Right click->Show...
Compare with routing table when you type in command line: route print.

EDP_NIAdminAuthor Commented:
Thanks jordi...

Tried setting routes & modifying filters but as soon as I enabled the server the network was killed. Investigation showed that it was killing the basic LAN routes, eg. not in route table when IF is


Killed then installed/reconfigured the server & dumped the filters & routing & it looks OK at the moment. Now I've got to see if I can get a client to connect :)

thanks again.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now