Using RRAS Nat inside a VPN connection
Posted on 2010-01-08
Hi. I have a Windows 2008 machine configured with RRAS and am connecting through a SSTP VPN tunnel to it. While it was no small miracle to get SSTP working, I am facing another issue at this time.
I have configured RRAS to hand out IP addresses in the 192.168.254.x range (the server's NIC is 192.168.2.15 and that subnet is full, so I have to use NAT for VPN clients) and when I connect to the server with VPN, I am getting an IP address from RRAS and successfully pinging the "Internal" interface (192.168.254.1) as well as the NIC interface (192.168.2.15). The problem I am having is with NAT.
I would like outgoing requests from the VPN clients to translate to the server's IP of 192.168.2.15 so I can have VPN clients connect to other servers on the 192.168.2.x subnet. I don't care about getting port address translation working, as the 192.168.2.x subnet does not have to initiate connections to any VPN computers.
I have fiddled around with the NAT module configuring adapters and IP ranges and static routes and all the like, but just can not get this working. It seems the NAT module is not even doing anything, since "total mappings" and "inbound packets transmitted" are all 0.
The clients routing tables should be set up correctly, as I have statically routed the 192.168.2.x subnet to go through the 192.168.254.1 gateway. Still no luck.
Could someone please advise as to the proper configuration to get a VPN client with a private IP translating packets to reach destinations outside the RRAS server?