Solved

Making a dedicated win 2003 website server with 1 nic a VPN server that is hosted by a hosting company (godaddy).

Posted on 2009-07-13
15
318 Views
Last Modified: 2013-11-21
I have a webserver that will host websites that I want to also make a VPN server to allow client machines to run "local" reporting while connected to the VPN.

I installed RAS, DHCP,  and SQL along with IIS for my sites. I can't  for the life of me figure out how to configure RAS to give client machines access to the server for reporting.

Not to mention every time I start RAS the server drops my RDP connection. I create a bat file and task that will disable RAS every minute so I can at least log back in and re-try configurations.

So what I need is a client machine to connect to this server via VPN then DHCP assigns the client a "local IP". All this and still keep websites running. My whole confusion is in the routing I think. I can't figure out how to give the server a "local ip"... It almost sounds like I need a virtual nic. I need help... Thanks in advance!
0
Comment
Question by:netadmin2004
  • 9
  • 6
15 Comments
 

Author Comment

by:netadmin2004
Comment Utility
Is there someway I can use 1394 as the "2nd nic"??? Kinda sounds like it would work.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
>>"s there someway I can use 1394 as the "2nd nic"???"
No, but you don't need a second NIC.

Following link on my website outlines the Server config for the VPN. Works fine for 1 NIC. Likely you are using the wizard (std VPN config) which enables NAT and you loose the connection. Using the custom config, outlined in the link, you will loose connectivity for a few seconds while RRAS configures itself, but you should then be able to log back on without issue.
http://www.lan-2-wan.com/vpns-RRAS-1nic.htm
0
 

Author Comment

by:netadmin2004
Comment Utility
That got my VPN set up RobWill. Thank you. Please post your solution on this question for me so I can award you those points: http://www.experts-exchange.com/Hardware/Servers/Q_24563986.html

For this question if you can answer my last part. Right now I have 2 static Ips being used, but I want more than this without paying. Is there any way I can assign real IPs with this server without another nic?
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Good to hear it is working.
I posted a comment on the other as requested,
--Rob
0
 

Author Comment

by:netadmin2004
Comment Utility
Rob, I award you most points. Any clue on the rest of this question?
0
 

Author Comment

by:netadmin2004
Comment Utility
Anyone? I'm stuck on creating local IPs. Sure I can set up DHCP, but I would somehow need to assign the server another "internal" IP before doing this. Hence the need for another Nic. Can I do this without another Nic and without purchasing additional IPs? right now I have 2 IPs at my disposal and I'll be needing them shortly.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Can you explain what you mean by "creating local IP's".
The VPN client is assigned an IP by the RRAS DHCP server. When this happens local Internet access is lost due to the routing configured by the VPN client. If you need to maintain local network and Internet access, on the VPN client go to:
 control panel | network connections | right click on the VPN/Virtual adapter and choose properties | Networking | TCP/IP -properties | Advanced | General | un-check  "Use default gateway on remote network"
(for Vista: control panel | network & sharing center | connections | manage network connections | right click on the VPN/Virtual adapter and choose properties | Networking | Internet Protocol Version 4 (TCP/IP v4) -properties | Advanced | IP settings | un-check  "Use default gateway on remote network")
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:netadmin2004
Comment Utility
What you are saying is on the client end. What I mean is right now I do not have my VPN using DHCP. I only have 2 IP addresses that my clients can use to connect using. What my goal is, is to set up DHCP to give out more IPs so that I don't have to buy dedicated IP addresses. This calls for a local network setup behind my server. Since I am doing this all remote it's not like I can buy a router and set this up. I have to use the server as a router and DHCP and assign local IPs. The problem is, is that the server needs to have one of these internal or local IP addresses yet I only have one NIC that has a dedicated IP assigned to it. I need to sort of trick my server into thinking it's hosting this "vast" local network when really all it is doing is dishing out free IP addresses for my VPN users.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
I don't understand why you need multiple IP addresses on the server. You can have 100 users connect to one Server IP using a VPN.
0
 

Author Comment

by:netadmin2004
Comment Utility
How would these 100 users get assigned IPs if no IPs are given to them by the server? Keep in mind, there is no router. And as I recall shouldn't you be allowed up to 254 users since a local IP scope holds 254 usable addresses?

When a client connect to a VPN server they get assigned an IP (either static or dynamic depending if there is a DHCP server). I have 2 static IPs assigned and that is all I have so my VPN is set up with only a max of 2 users that can connect. If DHCP is set up then there has to be a scope setup, but that scope must also contain the server on the scope.

Example: Say I have a server that has an external IP of 74.125.127.100. The client would connect to this IP using the VPN connection. The server also has an internal IP of 192.168.50.2 and is running DHCP (this would be the local network). DHCP hands out an IP of 192.168.50.3 to the client and now the client machine can connect. Using this scenerio I can have 253 users connected.

I'm missing the internal network. So far this is because I have no second NIC. I also cannot get a second NIC from godaddy as they do not support this.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
Comment Utility
Ah! I understand what you are saying now. Sorry, I should have explained.
You don't have to create the static address pool in the same subnet as your existing adapter. The internal VPN DHCP service creates a virtual adapter on the server when the user connects, and will act as a DHCP server for the VPN clients and assign them an IP in the Static Address Pool.
For example if on your server you set a static address pool of 192.168.100.100 to 192.168.100.199, when the first user connects it will create a virtual adapter for the server which will use the first available IP of 192.168.100.100  If you run an ipconfig on the server you will see that, but not until the first user connects. The users can then access the server using the VPN addressing, not the public IP addressing such as \\192.168.100.100\ShareName
If for some reason you need to use the public IP of the server , via VPN,you would have to add a route to the client machine, but I don't recommend this as it could cause problems when not connected to the VPN.

As for 100 users, that was just a random number. You can have thousands of users if you want to set the static address pool that large such as 192.168.100.1 to 192.168.200.254 however, you only need as many available IP's as you have concurrent users, and keep in mind you are limited by the capabilities of the hardware and the bandwidth of the server connection.
0
 

Author Comment

by:netadmin2004
Comment Utility
Holy crap Rob, you're awesome thanks for that info! You made my day! That was the best exmplanation I could have asked for!
0
 

Author Comment

by:netadmin2004
Comment Utility
"explanation" not "exmplanation"... That's what I get for writing too quick..
0
 

Author Closing Comment

by:netadmin2004
Comment Utility
awesome...
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Glad to hear that will work for you. Sorry I was slow to catch on to what the problem was.
Thanks netadmin2004.
Cheers
--Rob

PS- the following may give you a little more information on RRAS DHCP:
http://msmvps.com/blogs/robwill/archive/2008/05/09/rras-dhcp-options.aspx
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip is around source server preparation. No migration is an easy migration, there is a…
Learn about cloud computing and its benefits for small business owners.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now