Remote access/VPN server on 2003 SBS
Equipment:
-1861 Router
-Netgear Switch (FS750T2)
-2003 Small Business Server
-3 Mitsubishi DVR's
I am trying to get Remote access/VPN server set up on my Server so I can allow users access to the DVR's from home.
Default Gateway: 10.XX.XX.1
Server has 2 Nics:
-10.XX.XX.10 (network)
-192.168.XX.X (virtual network)
DVR: 10.XX.XX.3-5
I just tried to setup Routing and Remote Access via the wizard. Here what I selected when I set up the Routing and Remote Access:
-Highlighted Remote Access/VPN Server
-Selected Virtual Private Network (VPN) access and NAT
-Selected the NIC with the 10.XX.XX.10 ip
-Selected a specific range (10.XX.XX.110-115)
-Selected "No, use Routing and Remote access to authenticate connection request
-Finish
I then went into Active Directory and allowed the certain users to have access to the remote access permission (Dial-in or VPN)
After I set all of this up, the network pretty much went down. Users could not access the 10.XX.XX.10 network. Is it because I used that as the VPN Servers IP? I have now disable and removed the Routing and Remote access, rebooted the server, and now users can access the network. I can only ping certain pcs, but all of the pcs can access the network. Why is that?
I followed this article to the T when I set up Routing and Remote Access :
http://articles.techrepublic.com.com/5100-10878_11-5805260.html
What did I do wrong when I set this up? I need to have VPN access so the higher ups can have access to the DVR's from home.
Even though the 10.XX.XX.10 IP address is my servers IP address, can I still use that when I set up Routing and Remote access? Or is there a better way for me to set up this?
p.s. I've already tried to set up OpenVPN, but they told me its better to use a dedicated pc (which I don't have, and the company doesn't have a budget for one) with CenTOS 4.5. I don't want to put that on my server.
-1861 Router
-Netgear Switch (FS750T2)
-2003 Small Business Server
-3 Mitsubishi DVR's
I am trying to get Remote access/VPN server set up on my Server so I can allow users access to the DVR's from home.
Default Gateway: 10.XX.XX.1
Server has 2 Nics:
-10.XX.XX.10 (network)
-192.168.XX.X (virtual network)
DVR: 10.XX.XX.3-5
I just tried to setup Routing and Remote Access via the wizard. Here what I selected when I set up the Routing and Remote Access:
-Highlighted Remote Access/VPN Server
-Selected Virtual Private Network (VPN) access and NAT
-Selected the NIC with the 10.XX.XX.10 ip
-Selected a specific range (10.XX.XX.110-115)
-Selected "No, use Routing and Remote access to authenticate connection request
-Finish
I then went into Active Directory and allowed the certain users to have access to the remote access permission (Dial-in or VPN)
After I set all of this up, the network pretty much went down. Users could not access the 10.XX.XX.10 network. Is it because I used that as the VPN Servers IP? I have now disable and removed the Routing and Remote access, rebooted the server, and now users can access the network. I can only ping certain pcs, but all of the pcs can access the network. Why is that?
I followed this article to the T when I set up Routing and Remote Access :
http://articles.techrepublic.com.com/5100-10878_11-5805260.html
What did I do wrong when I set this up? I need to have VPN access so the higher ups can have access to the DVR's from home.
Even though the 10.XX.XX.10 IP address is my servers IP address, can I still use that when I set up Routing and Remote access? Or is there a better way for me to set up this?
p.s. I've already tried to set up OpenVPN, but they told me its better to use a dedicated pc (which I don't have, and the company doesn't have a budget for one) with CenTOS 4.5. I don't want to put that on my server.
The primary issue is you enabled NAT.
Best to follow the instructions in the following link. They say for 1 NIC, but works fine for two so long as LAN routing is enabled, which the instructions do say to enable.
http://www.lan-2-wan.com/vpns-RRAS-1nic.htm
However you will find watching streaming media over the remote desktop connection will be poor if it works at all.
Best to follow the instructions in the following link. They say for 1 NIC, but works fine for two so long as LAN routing is enabled, which the instructions do say to enable.
http://www.lan-2-wan.com/vpns-RRAS-1nic.htm
However you will find watching streaming media over the remote desktop connection will be poor if it works at all.
ASKER
Thanks NarendraG and RobWill for the quick responses. I will try this out and get back to you.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Rob, I have one question. When I set up port forwarding on the Cisco 1861 Router, should I put the IP of the Server or do three separate commands for each of the DVR's IP Address?
Like so:
ip nat inside source static (TCPorUDP) (YourCompsIP) (PortToForward) interface BVI1 (PortToForward)
Should (YourCompsIP) be the server or the DVR's IP?
What is the GRE port number?
TIA
Doug
Like so:
ip nat inside source static (TCPorUDP) (YourCompsIP) (PortToForward) interface BVI1 (PortToForward)
Should (YourCompsIP) be the server or the DVR's IP?
What is the GRE port number?
TIA
Doug
ASKER
And would this (the command issued above) interfere with the Routers config since I already have:
ip nat inside (on both of the vlans)
route-map NAT permit 1
match ip address 101
??
ip nat inside (on both of the vlans)
route-map NAT permit 1
match ip address 101
??
If you are using the SBS VPN configuration you need to forward port 1723 to the SBS only.
You also need to allow GRE pass-through (IP protocol 47 -not port) on the Cisco. I am not a "Cisco guy" so I am not much help there. You may only need "fixup protocol pptp 1723" or equivalent. The following explains for the Pix units, you may know or be able to find similar for the 1861.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094a5a.shtml
You also need to allow GRE pass-through (IP protocol 47 -not port) on the Cisco. I am not a "Cisco guy" so I am not much help there. You may only need "fixup protocol pptp 1723" or equivalent. The following explains for the Pix units, you may know or be able to find similar for the 1861.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094a5a.shtml
Sorry I missed your second post.
I am not very good with Cisco units. I can get done what has to be done on a Pix or basic ASA but that is about it. Best to post that in the Cisco topic area.
I am not very good with Cisco units. I can get done what has to be done on a Pix or basic ASA but that is about it. Best to post that in the Cisco topic area.
ASKER
Thanks Rob
Thanks 93k20a. Good luck with it.
Cheers!
--Rob
Cheers!
--Rob
Selected Virtual Private Network (VPN) access and NAT
u wanted use remote access dialup or vpn connection
I need to have VPN access so the higher ups can have access to the DVR's from home.
above u mean to say user nedd diapup vpn (pptp) access to ur server rite?
in that case setup conf for diapup vpn(pptp)