How to set up VPN in Server 2008 and Router

Hey

alright i set up the passthrough in the router. I can connect to my vpn on pptp...but it doesnt give internet access or show other computers in my network i'm connecting to.  It shows the server as being 1.0.0.1

Any Ideas? Thanks in advance.....if you need more info let me know i'll be glad to give it

i apologize i put this under sbs its really Server 2008
hstern03Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kyleb84Commented:
- What is the subnet of your local network?
- What is the IP of your Server and the 2621?
- Can you ping your server from a VPN client?
0
MrJemsonCommented:
In Routing and Remote access on the Server, make sure you have a DHCP Relay Agent configured for your local adapter.
0
hstern03Author Commented:
192.168.1.0 255.255.255.0
server is 192.168.1.64
router 192.168.1.20

how do i configure the DHCP relay client?
0
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

MrJemsonCommented:
Open Routing and Remote Access, Under IPv4 you will see DHCP Relay Agent
0
hstern03Author Commented:
i don't see it, under IPv4 there is General which has the interfaces, Static Routes, and NAT
0
MrJemsonCommented:
How many NICs do you have?
Have attached a screenshot of the Relay Agent
0
MrJemsonCommented:
Didn't attach correctly. Re-attaching.
Relay.JPG
0
hstern03Author Commented:
ok i had set it up wrong. i got to the relay agent. my dhcp server is my router. i put that address in there.

i tried to connect again and it said error 735 the address requested was rejected by server
0
MrJemsonCommented:
Yes, DHCP Relay is used when the DHCP server is not the VPN server itself.
You should just be able to add Internal to the DHCP relay and that should give you a 192.168.x.x address.
0
hstern03Author Commented:
internal is there. do i put th other nic address in there or the dhcp server?
0
MrJemsonCommented:
You should just be able to have Internal in there.
Thats what I have configured on my server which works a treat.
0
hstern03Author Commented:
you don't dont push properties and put in an ip address?
0
MrJemsonCommented:
No, there is no need to do this.

Basically, you add the Internal interface, to the DHCP Relay Agents list, and ensure in 'General' Section, you have Internal listed and is UP and has IP Address etc.

Once this is confirmed you should get a 192.168.x.x address over the VPN.
0
hstern03Author Commented:
done all that. internal in general doesnt have an ip address. it says "not listed"
0
MrJemsonCommented:
The IP address for Internal should appear once a client is connectted.
What happens now when you attempt to connect a client?
0
hstern03Author Commented:
error 735 request was rejected by server. i have to be doing something wrong haha
0
MrJemsonCommented:
Could you please check in the properties of your VPN connection and ensure you don't have a static IP assigned to the VPN interface.
0
hstern03Author Commented:
yeah i did have them on static. i turned on dhcp on the client and it still gives it 1.0.0.1 as the serve
0
hstern03Author Commented:
my external is 192.168.1.64
internal is 192.168.2.20
router 192.168.1.20

0
MrJemsonCommented:
So you have 2 NICs?
Try adding the internal adapter to the DHCP Relay Agents.
0
hstern03Author Commented:
nope still giving out 1.0..0.0 addresses

server is still 1.0.0.1
0
hstern03Author Commented:
i'm sure this is as frustrating for you as it is for me
0
MrJemsonCommented:
Are there any 'requests received' listed under relay agents?
Can you attach a screenshot of your General section under ipv4?
0
hstern03Author Commented:
it did have request received once and it said it discarded it. it hasnt since then

i can tell you what it says i don't have anything to take a screen shot with

loopback 127.0.0.1     0 incoming bytes    0 outgoing    static filters disabled admin status UP

internal physical 192.168.2.20  incoming bytes 1.3 megs  out going 88k  static filters disabled  admin status up

Internal   ip not available    -       -     static filters disabled    admin status unknown <----is this the problem?

external 192.168.1.64   11 megs incoming  11 out going   admin status up

0
MrJemsonCommented:
The 'Internal Interface' should get an IP when a client connects for the first time.
Everything you have mentioned thus far seems correct. I will have to think about this.
0
hstern03Author Commented:
i always have these kinds of problems lol i set things up correctly or so i think and it just doesnt like working for me.
0
hstern03Author Commented:
i figured out why it was giving out 1.0.0.1

another server of mine had rras enabled also. so now that i got that off
it says error 87. not sure what that means. if anyone has a clue let me know. thanks
0
MrJemsonCommented:
Are you port forwarding to your 2008 box, or to the other server?
Make sure the 1723 port forward is configured to point to the 2008 box.
0
hstern03Author Commented:
yep. i do, do you want to config

0
MrJemsonCommented:
Can't hurt to post it.
0
hstern03Author Commented:
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname cisco2621
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$fzOF$Bj2drISO466xsGRteQKvr/
enable password xxxx!
no aaa new-model
ip subnet-zero
no ip source-route
ip cef
!
!
no ip dhcp conflict logging
!
ip dhcp pool client
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.20
   dns-server 192.168.1.41 4.2.2.2 4.2.2.3
!
!
username xxxx privilege 15 password 0 xxxx!
!
!
!
interface FastEthernet0/0
 description WAN
 ip address dhcp
 no ip unreachables
 ip nat outside
 no ip mroute-cache
 duplex auto
 speed auto
 no cdp enable
!
interface Serial0/0
 no ip address
 no ip mroute-cache
 shutdown
!
interface FastEthernet0/1
 description LAN
 ip address 192.168.1.20 255.255.255.0
 ip nat inside
 no ip mroute-cache
 speed auto
 full-duplex
 no cdp enable
!
ip nat service list 10 ftp tcp port 21
ip nat inside source list 10 interface FastEthernet0/0 overload
ip nat inside source static 192.168.15.200 interface FastEthernet0/0
ip nat inside source static tcp 192.168.1.41 21 interface FastEthernet0/0 21
ip nat inside source static tcp 192.168.1.41 2021 interface FastEthernet0/0 2021
ip nat inside source static tcp 192.168.1.41 80 interface FastEthernet0/0 80
ip nat inside source static tcp 192.168.1.64 47 interface FastEthernet0/0 47
ip nat inside source static tcp 192.168.15.200 3389 interface FastEthernet0/0 3399
ip http server
ip classless
!
!
access-list 10 permit 0.0.0.0
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 10 permit 192.168.15.0 0.0.0.255
access-list 10 permit 192.168.2.0 0.0.0.255
access-list 120 permit tcp any host 192.168.1.41 eq www
access-list 120 permit tcp any host 192.168.1.41 eq ftp
access-list 120 permit tcp any host 192.168.1.64 eq 1723
access-list 120 permit gre any host 192.168.1.64
access-list 120 permit tcp any host 192.168.15.200 eq 3389
!
line con 0
line aux 0
line vty 0 4
0
MrJemsonCommented:
ACL 120 is not applied to anything?

Add this line:

ip nat inside source static tcp 192.168.1.64 1723 interface FastEthernet0/0 1723
0
hstern03Author Commented:
yeah i saw that when i was reviewing it i added it it wasn't like that yesterday i was messing with it today

it still says "registering with network error 87"
0
MrJemsonCommented:
Try connecting to the VPN server locally if you can.
0
hstern03Author Commented:
nope same error message. i tried my domain admin   and the local admin   both got registing with network error 87-incorrect parameters"
0
MrJemsonCommented:
Check the Event Log?
0
hstern03Author Commented:
Unable to add the interface administrator with the Router Manager for the IP protocol. The following error occurred: The parameter is incorrect
0
hstern03Author Commented:
but then above the error it says i was granted full access but i'm disconnected haha.
0
MrJemsonCommented:
"interface administrator" has me concerned...
If you logon as someone other than administrator, do you get this same error, or is administrator substituted with the username in question...
Either way, I do not see why it would be trying to add an interface 'administrator' to the Router Manager...
0
hstern03Author Commented:
it still says it with a different user

Unable to add the interface hstern with the Router Manager for the IP protocol. The following error occurred: The parameter is incorrect.
0
MrJemsonCommented:
Something is very very wrong with that... Is it at all possible to rebuild this server?
0
hstern03Author Commented:
yeah i can rebuild it. it probably has something to do with 2008. cuz it was connecting fine when i messed up and had 2003 rras too. it connected fine just gave out the wrong dhcp stuff
0
MrJemsonCommented:
Yeah I think there is definitely something wrong with the install.
I am using 2008 and RRAS works fine for me.
0
hstern03Author Commented:
it was server 2008 i set it up on sbs 2003 in 2 seconds.....its that damn NPS crap they added on there
0
hstern03Author Commented:
i'll try rebuilding the server and see what happens. i dunno what is wrong with it. sbs 2003 gave out dhcp but its from my access point on 192.168.2.0 and it doesnt connect to the internet. i apologize i had no clue it was going ot be like this
0
MrJemsonCommented:
No problem, hopefully the rebuild solves the issue.
0
hstern03Author Commented:
hey i got the vpn working. get internet connection through it too. is there a way to get it to dhcp off my router xxx.xxx.1.xxxx and not my access point xxx.xxx.2.xxx?

thanks for all your help mr jemson you've been really patient
0
hstern03Author Commented:
cool so it refreshed and now gives the correct IP addresses......i can't access domain computers and servers....is there a trick to that?
0
MrJemsonCommented:
So I take it you have changed it to the .1.x subnet now?

When you say you cannot access domain computers and servers, do you mean you cannot ping them via IP, or they are not showing up on network neighbourhood or ... ?
0
hstern03Author Commented:
you really helped me out i appreciate it! i got it all working perfect
0
MrJemsonCommented:
:) Glad to hear.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
hstern03Author Commented:
Thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.