We help IT Professionals succeed at work.

Setup Server 2003 VPN with two NIC cards

SteveDallas
SteveDallas asked
on
1,981 Views
Last Modified: 2012-06-27
I know that a lot has been written on here about this VPN process but nothing concrete that I could find about 2 NIC cards on my network.
1. Windows Server 2003. All up to date patches.
2. Two NIC cards:
  card 1 10.0.1.146   static
  card 2  DHCP  unplugged.
We are on a domain: example.local
3. Only one subnet here but I could plug the 10.0.1.146 direct into the router if I need to.
4. I want to assign a range of:
   10.0.1.192   to 10.0.1.292
5. I will not use Radius for this.
6. Outside IP has TCP only NAT entry to port 1723 on 10.0.1.146 internal.
  I have not been able to make this work using one card, no matter what I have tried.
Router is set to pass PPTP traffic to  10.0.1.146
If I use 1 NIC ans set it to secure VPN packets only , then of course I lose being able to get to the Server internally on my subnet.  If I uncheck the VPN packets only, this still does not work. The router is the DCHP Server but I am not using that - instead using a range of IPs.
Other: Can I assign 10.0.1.147 to the second NIC card? I got a warming message when I tried that.
Thanks in advnace for your help.
Steve
Comment
Watch Question

"Batchelor", Developer and EE Topic Advisor
CERTIFIED EXPERT
Top Expert 2015
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Hypercat (Deb)President
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
BTW: "10.0.1.192   to 10.0.1.292" is a typo, isn't it?
*** Yes typo. Should be 10.0.1.192 to 10.0.1.202
This is an Edgemarc 4500 router and it has a check box to allow PPTP traffic. So GRE should be forwarded.  All patches for this Server are up to date. I have had the seond NIC disabled also because it was having problems. I can't do any testing until after about 6:00 PM today so I'll update later.

Author

Commented:
I set this up again using the wizard. Here is what was in the final window:

VPN clients connect to the following public interface: Local Area Connection 5

VPN clients are assigned the following network for addressing: Local Area Connection 4.

Client connections are accepted and authenticated using: remote access policies for this server.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
It keeps talking about Local Area Connection 4, which is disabled. Is this a problem?

Author

Commented:
Later update:
VPN Server is working behind the router/firewall  but not from outside.
Remote PC is Win XP Pro and VPN network connection i set up there but it never gets any resonse. Here is how my firewall/router is setup:

Firewall

   Help  Enable Firewall for WAN:<input name="fwEnable" checked="checked" type="checkbox">
Basic WAN Firewall Settings:These setting apply to services that are running on the System.Allow HTTP access through firewall:<input name="useHttp" type="checkbox">Allow HTTPS access through firewall:<input name="useHttps" type="checkbox">Allow TELNET access through firewall:<input name="useTelnet" type="checkbox">Allow SSH access through firewall:<input name="useSsh" checked="checked" type="checkbox">Allow SNMP access through firewall:<input name="useSnmp" checked="checked" type="checkbox">Allow TCP Port:<input size="20" name="tcpAllow" value="" type="text">Allow UDP Port:<input size="20" name="udpAllow" value="" type="text">Trusted Management Addresses: Apply basic settings configuration only to the following addresses: Address can be host IP or network/mask, e.g. 10.10.10.1 or 10.10.10.0/24. To delete an entry, highlight and delete it. Forwarding WAN Firewall Settings:These settings apply to packets being forwarded to systems running behind the firewall.Enable Firewall Logging:<input name="enable_ldrop" checked="checked" type="checkbox">Enable PPTP Server Pass-through:<input name="pptp_enable" checked="checked" type="checkbox">PPTP Server IP Address:   10.0.1.146

NAT:

tcp;74.x.xxx.xxx-255.255.255.248-1723>10.0.1.146-1723
Qlemo"Batchelor", Developer and EE Topic Advisor
CERTIFIED EXPERT
Top Expert 2015

Commented:
Please clarify "VPN Server is working behind the router/firewall  but not from outside".

If you use private address of the server, it works?
With public from inside?
 With public from outside (does not work)?

Author

Commented:
If you use private address of the server, it works?  Yes
With public from inside?  No
With public from outside (does not work)?  No
    This appears to be a router issue.I can't make any router changes until Saturday morning.
Qlemo"Batchelor", Developer and EE Topic Advisor
CERTIFIED EXPERT
Top Expert 2015

Commented:
In that case I would use WireShark to record PPTP and GRE traffic on server, and compare private and public address tests.

Author

Commented:
My analysis shows that the PPTP traffic is not getting through the EdgeMarc 4500 router. I have port 1723, TCP/UDP natted to the VPN internal Server. Problem is that no one knows much of anything about this series of routers, unlike Cisco. NAT looks like this:
tcp;74.x.xxx.xxx/255.255.255.248-1723>10.0.1.146-1723
udp;74.x.xxx.xxx/255.255.255.248-1723>10.0.1.146-1723

Edgewater Networks does not support their products directly! I can only get support through the evndor that sold it to me and that is limited. It's a good router but there is little "real" documentation on it.
Hypercat (Deb)President
CERTIFIED EXPERT

Commented:
Maybe you have it NATted correctly, but if the EdgeMarc is acting as a firewall, it may be blocking port 1723 even with the NAT entry correct.  I'm with you on not knowing anything about this router, but I do know on other routers I've managed, I would have to open the port by adding a packet filter to allow traffic on that port first and then also NAT it to the internal address of my VPN server.

I just visited their website, and they do have an on-line form to request documentation (don't you just hate it?!). So, you might try filling in that form and see if you can get the documentation.  Depending on how good or bad it is, you might be able to figure out how to work with the router directly from that.

Author

Commented:
I have the documentation that they offered - worthless!  I actually found a pretty good set of documentation bureid on the Polycom website. Polycom is the VOIP phone maker and Polycom uses these Edgewater converged routers. Their documenta actually have screen shots of the pages in the router viewable through IE. It seems that they say to uncheck PPTP pasthrough and use rules. I wish that I could attach the 3 Gig PDF file here but it's too large. The docs are pretty good but I don't understand the sub net issues that are talking about. I'll try to extract those pages.

Author

Commented:
Latest is that even with the firewall in the router disabled, I cannot get VPN traffic through this router. Unfortunately, Wireshard would not load and run on this MS Server 2003. We are going to work on this issue again after 6:00 PM today.

Author

Commented:
Two people responded to this problem and I learned quite a bit from each one by their tiips and what to look for. I did not get a direct fix because not many people know anything about this Edgemarc Router. To anyone considering purchasing an Edgemarc router - good product but hard to configure - make sure you have support on it or don't buy it! I will split the points two way if that's ok.
The final fix, in the router:
1. Click the checkbox for "allow PPTP" passthrough and enter the internal address of the VPN Server.
2. In the NAT
   Enter "any" instead of a double entry allowing TCP and UDP on port 1723
3. Part of the problem here was that the soft start of the router was not correctly activating the changes. DO a router reboot from the internal menu.

Author

Commented:
Thanks for your help.
Hypercat (Deb)President
CERTIFIED EXPERT

Commented:
So glad you were able to figure out the router end of things.  Thanks for the points!

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.