Q: Do I need two NICs
We have one file
server. We would like to be able to access it remotely via VPN but also
allow it to perform its general file sharing services on our LAN. We have a
DSL line provided by our Telco
which also provides the router (configured and maintained by them). I have
been reading numerous articles and they all suggest having one server for
VPN and additional servers for various other functions. Financially this is
not possible with our organization. Our Telco's router is plugged into our
switch as is our server. The gateway for our workstations and the server is
the internal IP of the router. We are not running active directory so we
don't have DNS or WINS setup
on the server. Our network scheme is 192.168.0.x. Here is what I have tried
so far on our server:
Installed an additional NIC. The original NIC had an IP address of
192.168.0.254. The additional NIC was configured with an IP address of
192.168.0.253. I ran the Routing and Remote Access wizard and configured the
VPN server to use the additional NIC. I called our Telco and asked them to
configure the router so when someone hits the public IP of the router using
port 1723 it forwards that to the internal address of 192.168.0.253. They
said they understood what I was wanting to do and also set up port 47 for
GRE. When I plugged the additional NIC into our switch no one could access
the server from the LAN. It immediately dropped all of the active
connections.
Can I setup a single server to perform both functions and will it work in
our situation where we go through a switch to connect to the router. What
should I tell our Telco in order to make this work? I have read that
possible configuring the additional NIC with the public IP of the router may
help. If so what needs to be done? We are willing to try just about anything
at this point.
A: In addition to what
Bob Lin said (ie don't use two NICs),
do not use the VPN server option in the wizard. This should only be used if
the server is a VPN server ONLY. It sets up filters to block all non-VPN
traffic (hence your LAN problem).
Here is the procedure I would recommend. Configure your server for
remote access with just one NIC. (This sets up the WAN miniports for VPN).
Make sure you can make a VPN connection to your server from a LAN client.
Check that the router is forwarding tcp port 1723 to the RRAS server's
private IP. Then try making a VPN connection from a remote client via the
router (ie using the router's public IP).
Port 47 (TCP or UDP) has nothing to do with VPN. What a PPTP connection
does require is GRE, which is IP protocol 47. If your router (or anything
else in the path) blocks GRE, your connection will fail, probably with an
error 721.
Related Topics
VPN Browsing Issues
VPN Error
Code
VPN Logon
Issues
VPN Name Resolution
VPN as
Router
VPN Routing Issues
VPN
TCP/IP Settings
Ports
for VPN
VPN/PPTP
VPN Slow
Issues
|