Home | Site Map | How To | Windows Vista | Case Studies | Articles | Forums | Services | Donations | Careers | About Us | Contact Us|

Web ChicagoTech
 

 

Q: Do I need two NICs

We have one file server. We would like to be able to access it remotely via VPN but also allow it to perform its general file sharing services on our LAN. We have a DSL line provided by our Telco
which also provides the router (configured and maintained by them). I have been reading numerous articles and they all suggest having one server for VPN and additional servers for various other functions. Financially this is not possible with our organization. Our Telco's router is plugged into our switch as is our server. The gateway for our workstations and the server is the internal IP of the router. We are not running active directory so we don't have DNS or WINS setup
on the server. Our network scheme is 192.168.0.x. Here is what I have tried so far on our server:

Installed an additional NIC. The original NIC had an IP address of 192.168.0.254. The additional NIC was configured with an IP address of 192.168.0.253. I ran the Routing and Remote Access wizard and configured the VPN server to use the additional NIC. I called our Telco and asked them to configure the router so when someone hits the public IP of the router using port 1723 it forwards that to the internal address of 192.168.0.253. They said they understood what I was wanting to do and also set up port 47 for GRE. When I plugged the additional NIC into our switch no one could access the server from the LAN. It immediately dropped all of the active connections.

Can I setup a single server to perform both functions and will it work in our situation where we go through a switch to connect to the router. What should I tell our Telco in order to make this work? I have read that possible configuring the additional NIC with the public IP of the router may help. If so what needs to be done? We are willing to try just about anything at this point.

A: In addition to what Bob Lin said (ie don't use two NICs), do not use the VPN server option in the wizard. This should only be used if the server is a VPN server ONLY. It sets up filters to block all non-VPN traffic (hence your LAN problem).

    Here is the procedure I would recommend. Configure your server for remote access with just one NIC. (This sets up the WAN miniports for VPN). Make sure you can make a VPN connection to your server from a LAN client. Check that the router is forwarding tcp port 1723 to the RRAS server's private IP. Then try making a VPN connection from a remote client via the router (ie using the router's public IP).

    Port 47 (TCP or UDP) has nothing to do with VPN. What  a PPTP connection does require is GRE, which is IP protocol 47. If your router (or anything else in the path) blocks GRE, your connection will fail, probably with an error 721.
 

Related Topics

VPN Browsing Issues
VPN Error Code
VPN Logon Issues
VPN Name Resolution
VPN as Router
VPN Routing Issues
VPN TCP/IP Settings
Ports for VPN

VPN/PPTP
VPN Slow Issues

 

 

 

  This web is provided "AS IS" with no warranties.
Copyright © 2002-2007 ChicagoTech.net, All rights reserved. Unauthorized reproduction forbidden.