2003 server vpn and 2000 router?

Ok I under stand that it is infact a protocol not just a
protocol.

The problem i am having as i beleve it is makeing sure
that all required ports, and protocols are being
transfered.

my 2k server(router) has 2 nic
1(22.55.66.77) the internet
2(192.168.0.1) the internal network

my w2003 servier(vpn) has one nic
1(192.168.0.18) the internal network

I need to some how make the 2k server send all traffic
regarding the vpn too the 2003 server.

I can handle the tcp and udp port, but beyond that i
don't know how. Does anyone have a way too do this or a
site that explains how do do this??


>-----Original Message-----
> GRE (IP protocol 47) is not a port. It is a protocol,
just like TCP or
>UDP. You do not forward it, you allow or deny it.
>
> In the RRAS filters setup, enter the IP address of
the Internet facing
>interface and a host subnet 255.255.255.255 . In the
protocol field select
>Other, and type in 47 . This allows GRE traffic to pass.
>
><(E-Mail Removed)> wrote in message
>news:1b7801c49a11$acace4f0$(E-Mail Removed)...
>> ok found what was messedup. The rras somehow disabled
>> wins on the dhcp nic. It also undid the dns suffix
>> regstriation. But I would still appricate a answer on
>> how to get a w2003 server vpn setup behind a w2000
server
>> acting as a router(ie port forwarding).
>>
>>>-----Original Message-----
>>>I just setup a vpn on 2003 server using rras and now
all
>>>file shares no longer function. The vpn works but i
can
>>>no longer access any shares to the server whether
logged
>>>in thur vpn or not.
>>>
>>>I have since disable rras and I can still no longer see
>>>the file shares, i can terminal server in and ping, but
>>>no get access to any of the shares. All the shares are
>>>still there and setup right but no access too them.
>>>
>>>It has one nic. Getting address form dhcp w2k server
>>>which is running rras as a nat.
>>>
>>>also any one know how to setup the w2k server to
forward
>>>the right ip protocal 47 too the 2003 server. Have had
>>>access forwarding the tcp ports but not the ip protocal
>>>port.
>>>
>>>The w2k server is connected to the cable modem on one
>> nic
>>>and server the network thru another nic.
>>>
>>>All help is greatly appricated.
>>>.

If the 2k Server is a router then it already has RRAS running on it. Just
use it for the VPN server and you are done. There is no need to over
complicate things by trying to create a VPN Server on a different box then
trying to figure out to expose it to the Internet properly when the
currently exposed machine already has everything it needs if you just enable
it.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"Matt" <(E-Mail Removed)> wrote in message
news:042001c49b64$7465ccc0$(E-Mail Removed)...
> Ok I under stand that it is infact a protocol not just a
> protocol.
>
> The problem i am having as i beleve it is makeing sure
> that all required ports, and protocols are being
> transfered.
>
> my 2k server(router) has 2 nic
> 1(22.55.66.77) the internet
> 2(192.168.0.1) the internal network
>
> my w2003 servier(vpn) has one nic
> 1(192.168.0.18) the internal network
>
> I need to some how make the 2k server send all traffic
> regarding the vpn too the 2003 server.
>
> I can handle the tcp and udp port, but beyond that i
> don't know how. Does anyone have a way too do this or a
> site that explains how do do this??
>
>
> >-----Original Message-----
> > GRE (IP protocol 47) is not a port. It is a protocol,
> just like TCP or
> >UDP. You do not forward it, you allow or deny it.
> >
> > In the RRAS filters setup, enter the IP address of
> the Internet facing
> >interface and a host subnet 255.255.255.255 . In the
> protocol field select
> >Other, and type in 47 . This allows GRE traffic to pass.
> >
> ><(E-Mail Removed)> wrote in message
> >news:1b7801c49a11$acace4f0$(E-Mail Removed)...
> >> ok found what was messedup. The rras somehow disabled
> >> wins on the dhcp nic. It also undid the dns suffix
> >> regstriation. But I would still appricate a answer on
> >> how to get a w2003 server vpn setup behind a w2000
> server
> >> acting as a router(ie port forwarding).
> >>
> >>>-----Original Message-----
> >>>I just setup a vpn on 2003 server using rras and now
> all
> >>>file shares no longer function. The vpn works but i
> can
> >>>no longer access any shares to the server whether
> logged
> >>>in thur vpn or not.
> >>>
> >>>I have since disable rras and I can still no longer see
> >>>the file shares, i can terminal server in and ping, but
> >>>no get access to any of the shares. All the shares are
> >>>still there and setup right but no access too them.
> >>>
> >>>It has one nic. Getting address form dhcp w2k server
> >>>which is running rras as a nat.
> >>>
> >>>also any one know how to setup the w2k server to
> forward
> >>>the right ip protocal 47 too the 2003 server. Have had
> >>>access forwarding the tcp ports but not the ip protocal
> >>>port.
> >>>
> >>>The w2k server is connected to the cable modem on one
> >> nic
> >>>and server the network thru another nic.
> >>>
> >>>All help is greatly appricated.
> >>>.
>

If you have a compelling reason to use the first server like a firewall
and set up the VPN on the internal server, it is pretty simple for PPTP. You
only need to forward PPTP (tcp port 1723) to the server's LAN IP. This
extends the VPN endpoint to the internal server (much like forwarding HTTP
to a web server on a LAN machine). The internal server must be set to use
the firewall as its default gateway, of course.

If you have filtering set on the firewall machine, you need to allow GRE
in both directions. The encrypted data is contained in a packet with a GRE
header. If the firewall blocks GRE, no VPN data will cross the link.

"Phillip Windell" <@.> wrote in message
news:(E-Mail Removed)...
> If the 2k Server is a router then it already has RRAS running on it. Just
> use it for the VPN server and you are done. There is no need to over
> complicate things by trying to create a VPN Server on a different box then
> trying to figure out to expose it to the Internet properly when the
> currently exposed machine already has everything it needs if you just
> enable
> it.
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
> "Matt" <(E-Mail Removed)> wrote in message
> news:042001c49b64$7465ccc0$(E-Mail Removed)...
>> Ok I under stand that it is infact a protocol not just a
>> protocol.
>>
>> The problem i am having as i beleve it is makeing sure
>> that all required ports, and protocols are being
>> transfered.
>>
>> my 2k server(router) has 2 nic
>> 1(22.55.66.77) the internet
>> 2(192.168.0.1) the internal network
>>
>> my w2003 servier(vpn) has one nic
>> 1(192.168.0.18) the internal network
>>
>> I need to some how make the 2k server send all traffic
>> regarding the vpn too the 2003 server.
>>
>> I can handle the tcp and udp port, but beyond that i
>> don't know how. Does anyone have a way too do this or a
>> site that explains how do do this??
>>
>>
>> >-----Original Message-----
>> > GRE (IP protocol 47) is not a port. It is a protocol,
>> just like TCP or
>> >UDP. You do not forward it, you allow or deny it.
>> >
>> > In the RRAS filters setup, enter the IP address of
>> the Internet facing
>> >interface and a host subnet 255.255.255.255 . In the
>> protocol field select
>> >Other, and type in 47 . This allows GRE traffic to pass.
>> >
>> ><(E-Mail Removed)> wrote in message
>> >news:1b7801c49a11$acace4f0$(E-Mail Removed)...
>> >> ok found what was messedup. The rras somehow disabled
>> >> wins on the dhcp nic. It also undid the dns suffix
>> >> regstriation. But I would still appricate a answer on
>> >> how to get a w2003 server vpn setup behind a w2000
>> server
>> >> acting as a router(ie port forwarding).
>> >>
>> >>>-----Original Message-----
>> >>>I just setup a vpn on 2003 server using rras and now
>> all
>> >>>file shares no longer function. The vpn works but i
>> can
>> >>>no longer access any shares to the server whether
>> logged
>> >>>in thur vpn or not.
>> >>>
>> >>>I have since disable rras and I can still no longer see
>> >>>the file shares, i can terminal server in and ping, but
>> >>>no get access to any of the shares. All the shares are
>> >>>still there and setup right but no access too them.
>> >>>
>> >>>It has one nic. Getting address form dhcp w2k server
>> >>>which is running rras as a nat.
>> >>>
>> >>>also any one know how to setup the w2k server to
>> forward
>> >>>the right ip protocal 47 too the 2003 server. Have had
>> >>>access forwarding the tcp ports but not the ip protocal
>> >>>port.
>> >>>
>> >>>The w2k server is connected to the cable modem on one
>> >> nic
>> >>>and server the network thru another nic.
>> >>>
>> >>>All help is greatly appricated.
>> >>>.
>>
>
>

Will RRAS/NAT on Windows Server be able to do that? I know some hardware
based firewalls can do the "PPTP Passthrough" thing, but can RRAS with NAT
enabled do it?

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

"Bill Grant" <not.available@online> wrote in message
news:(E-Mail Removed)...
> If you have a compelling reason to use the first server like a firewall
> and set up the VPN on the internal server, it is pretty simple for PPTP.
You
> only need to forward PPTP (tcp port 1723) to the server's LAN IP. This
> extends the VPN endpoint to the internal server (much like forwarding HTTP
> to a web server on a LAN machine). The internal server must be set to use
> the firewall as its default gateway, of course.
>
> If you have filtering set on the firewall machine, you need to allow
GRE
> in both directions. The encrypted data is contained in a packet with a GRE
> header. If the firewall blocks GRE, no VPN data will cross the link.
>
> "Phillip Windell" <@.> wrote in message
> news:(E-Mail Removed)...
> > If the 2k Server is a router then it already has RRAS running on it.
Just
> > use it for the VPN server and you are done. There is no need to over
> > complicate things by trying to create a VPN Server on a different box
then
> > trying to figure out to expose it to the Internet properly when the
> > currently exposed machine already has everything it needs if you just
> > enable
> > it.
> >
> > --
> >
> > Phillip Windell [MCP, MVP, CCNA]
> > www.wandtv.com
> >
> >
> > "Matt" <(E-Mail Removed)> wrote in message
> > news:042001c49b64$7465ccc0$(E-Mail Removed)...
> >> Ok I under stand that it is infact a protocol not just a
> >> protocol.
> >>
> >> The problem i am having as i beleve it is makeing sure
> >> that all required ports, and protocols are being
> >> transfered.
> >>
> >> my 2k server(router) has 2 nic
> >> 1(22.55.66.77) the internet
> >> 2(192.168.0.1) the internal network
> >>
> >> my w2003 servier(vpn) has one nic
> >> 1(192.168.0.18) the internal network
> >>
> >> I need to some how make the 2k server send all traffic
> >> regarding the vpn too the 2003 server.
> >>
> >> I can handle the tcp and udp port, but beyond that i
> >> don't know how. Does anyone have a way too do this or a
> >> site that explains how do do this??
> >>
> >>
> >> >-----Original Message-----
> >> > GRE (IP protocol 47) is not a port. It is a protocol,
> >> just like TCP or
> >> >UDP. You do not forward it, you allow or deny it.
> >> >
> >> > In the RRAS filters setup, enter the IP address of
> >> the Internet facing
> >> >interface and a host subnet 255.255.255.255 . In the
> >> protocol field select
> >> >Other, and type in 47 . This allows GRE traffic to pass.
> >> >
> >> ><(E-Mail Removed)> wrote in message
> >> >news:1b7801c49a11$acace4f0$(E-Mail Removed)...
> >> >> ok found what was messedup. The rras somehow disabled
> >> >> wins on the dhcp nic. It also undid the dns suffix
> >> >> regstriation. But I would still appricate a answer on
> >> >> how to get a w2003 server vpn setup behind a w2000
> >> server
> >> >> acting as a router(ie port forwarding).
> >> >>
> >> >>>-----Original Message-----
> >> >>>I just setup a vpn on 2003 server using rras and now
> >> all
> >> >>>file shares no longer function. The vpn works but i
> >> can
> >> >>>no longer access any shares to the server whether
> >> logged
> >> >>>in thur vpn or not.
> >> >>>
> >> >>>I have since disable rras and I can still no longer see
> >> >>>the file shares, i can terminal server in and ping, but
> >> >>>no get access to any of the shares. All the shares are
> >> >>>still there and setup right but no access too them.
> >> >>>
> >> >>>It has one nic. Getting address form dhcp w2k server
> >> >>>which is running rras as a nat.
> >> >>>
> >> >>>also any one know how to setup the w2k server to
> >> forward
> >> >>>the right ip protocal 47 too the 2003 server. Have had
> >> >>>access forwarding the tcp ports but not the ip protocal
> >> >>>port.
> >> >>>
> >> >>>The w2k server is connected to the cable modem on one
> >> >> nic
> >> >>>and server the network thru another nic.
> >> >>>
> >> >>>All help is greatly appricated.
> >> >>>.
> >>
> >
> >
>
>

Sure can, using the Input Filters and Output Filters.

"Phillip Windell" <@.> wrote in message
news:(E-Mail Removed)...
> Will RRAS/NAT on Windows Server be able to do that? I know some hardware
> based firewalls can do the "PPTP Passthrough" thing, but can RRAS with NAT
> enabled do it?
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
> "Bill Grant" <not.available@online> wrote in message
> news:(E-Mail Removed)...
>> If you have a compelling reason to use the first server like a firewall
>> and set up the VPN on the internal server, it is pretty simple for PPTP.
> You
>> only need to forward PPTP (tcp port 1723) to the server's LAN IP. This
>> extends the VPN endpoint to the internal server (much like forwarding
>> HTTP
>> to a web server on a LAN machine). The internal server must be set to use
>> the firewall as its default gateway, of course.
>>
>> If you have filtering set on the firewall machine, you need to allow
> GRE
>> in both directions. The encrypted data is contained in a packet with a
>> GRE
>> header. If the firewall blocks GRE, no VPN data will cross the link.
>>
>> "Phillip Windell" <@.> wrote in message
>> news:(E-Mail Removed)...
>> > If the 2k Server is a router then it already has RRAS running on it.
> Just
>> > use it for the VPN server and you are done. There is no need to over
>> > complicate things by trying to create a VPN Server on a different box
> then
>> > trying to figure out to expose it to the Internet properly when the
>> > currently exposed machine already has everything it needs if you just
>> > enable
>> > it.
>> >
>> > --
>> >
>> > Phillip Windell [MCP, MVP, CCNA]
>> > www.wandtv.com
>> >
>> >
>> > "Matt" <(E-Mail Removed)> wrote in message
>> > news:042001c49b64$7465ccc0$(E-Mail Removed)...
>> >> Ok I under stand that it is infact a protocol not just a
>> >> protocol.
>> >>
>> >> The problem i am having as i beleve it is makeing sure
>> >> that all required ports, and protocols are being
>> >> transfered.
>> >>
>> >> my 2k server(router) has 2 nic
>> >> 1(22.55.66.77) the internet
>> >> 2(192.168.0.1) the internal network
>> >>
>> >> my w2003 servier(vpn) has one nic
>> >> 1(192.168.0.18) the internal network
>> >>
>> >> I need to some how make the 2k server send all traffic
>> >> regarding the vpn too the 2003 server.
>> >>
>> >> I can handle the tcp and udp port, but beyond that i
>> >> don't know how. Does anyone have a way too do this or a
>> >> site that explains how do do this??
>> >>
>> >>
>> >> >-----Original Message-----
>> >> > GRE (IP protocol 47) is not a port. It is a protocol,
>> >> just like TCP or
>> >> >UDP. You do not forward it, you allow or deny it.
>> >> >
>> >> > In the RRAS filters setup, enter the IP address of
>> >> the Internet facing
>> >> >interface and a host subnet 255.255.255.255 . In the
>> >> protocol field select
>> >> >Other, and type in 47 . This allows GRE traffic to pass.
>> >> >
>> >> ><(E-Mail Removed)> wrote in message
>> >> >news:1b7801c49a11$acace4f0$(E-Mail Removed)...
>> >> >> ok found what was messedup. The rras somehow disabled
>> >> >> wins on the dhcp nic. It also undid the dns suffix
>> >> >> regstriation. But I would still appricate a answer on
>> >> >> how to get a w2003 server vpn setup behind a w2000
>> >> server
>> >> >> acting as a router(ie port forwarding).
>> >> >>
>> >> >>>-----Original Message-----
>> >> >>>I just setup a vpn on 2003 server using rras and now
>> >> all
>> >> >>>file shares no longer function. The vpn works but i
>> >> can
>> >> >>>no longer access any shares to the server whether
>> >> logged
>> >> >>>in thur vpn or not.
>> >> >>>
>> >> >>>I have since disable rras and I can still no longer see
>> >> >>>the file shares, i can terminal server in and ping, but
>> >> >>>no get access to any of the shares. All the shares are
>> >> >>>still there and setup right but no access too them.
>> >> >>>
>> >> >>>It has one nic. Getting address form dhcp w2k server
>> >> >>>which is running rras as a nat.
>> >> >>>
>> >> >>>also any one know how to setup the w2k server to
>> >> forward
>> >> >>>the right ip protocal 47 too the 2003 server. Have had
>> >> >>>access forwarding the tcp ports but not the ip protocal
>> >> >>>port.
>> >> >>>
>> >> >>>The w2k server is connected to the cable modem on one
>> >> >> nic
>> >> >>>and server the network thru another nic.
>> >> >>>
>> >> >>>All help is greatly appricated.
>> >> >>>.
>> >>
>> >
>> >
>>
>>
>
>

Even the GRE thing? I don't have a machine setup like that here to look at.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

"Bill Grant" <not.available@online> wrote in message
news:(E-Mail Removed)...
> Sure can, using the Input Filters and Output Filters.
>
> "Phillip Windell" <@.> wrote in message
> news:(E-Mail Removed)...
> > Will RRAS/NAT on Windows Server be able to do that? I know some hardware
> > based firewalls can do the "PPTP Passthrough" thing, but can RRAS with
NAT
> > enabled do it?
> >
> > --
> >
> > Phillip Windell [MCP, MVP, CCNA]
> > www.wandtv.com
> >
> > "Bill Grant" <not.available@online> wrote in message
> > news:(E-Mail Removed)...
> >> If you have a compelling reason to use the first server like a
firewall
> >> and set up the VPN on the internal server, it is pretty simple for
PPTP.
> > You
> >> only need to forward PPTP (tcp port 1723) to the server's LAN IP. This
> >> extends the VPN endpoint to the internal server (much like forwarding
> >> HTTP
> >> to a web server on a LAN machine). The internal server must be set to
use
> >> the firewall as its default gateway, of course.
> >>
> >> If you have filtering set on the firewall machine, you need to
allow
> > GRE
> >> in both directions. The encrypted data is contained in a packet with a
> >> GRE
> >> header. If the firewall blocks GRE, no VPN data will cross the link.
> >>
> >> "Phillip Windell" <@.> wrote in message
> >> news:(E-Mail Removed)...
> >> > If the 2k Server is a router then it already has RRAS running on it.
> > Just
> >> > use it for the VPN server and you are done. There is no need to over
> >> > complicate things by trying to create a VPN Server on a different box
> > then
> >> > trying to figure out to expose it to the Internet properly when the
> >> > currently exposed machine already has everything it needs if you just
> >> > enable
> >> > it.
> >> >
> >> > --
> >> >
> >> > Phillip Windell [MCP, MVP, CCNA]
> >> > www.wandtv.com
> >> >
> >> >
> >> > "Matt" <(E-Mail Removed)> wrote in message
> >> > news:042001c49b64$7465ccc0$(E-Mail Removed)...
> >> >> Ok I under stand that it is infact a protocol not just a
> >> >> protocol.
> >> >>
> >> >> The problem i am having as i beleve it is makeing sure
> >> >> that all required ports, and protocols are being
> >> >> transfered.
> >> >>
> >> >> my 2k server(router) has 2 nic
> >> >> 1(22.55.66.77) the internet
> >> >> 2(192.168.0.1) the internal network
> >> >>
> >> >> my w2003 servier(vpn) has one nic
> >> >> 1(192.168.0.18) the internal network
> >> >>
> >> >> I need to some how make the 2k server send all traffic
> >> >> regarding the vpn too the 2003 server.
> >> >>
> >> >> I can handle the tcp and udp port, but beyond that i
> >> >> don't know how. Does anyone have a way too do this or a
> >> >> site that explains how do do this??
> >> >>
> >> >>
> >> >> >-----Original Message-----
> >> >> > GRE (IP protocol 47) is not a port. It is a protocol,
> >> >> just like TCP or
> >> >> >UDP. You do not forward it, you allow or deny it.
> >> >> >
> >> >> > In the RRAS filters setup, enter the IP address of
> >> >> the Internet facing
> >> >> >interface and a host subnet 255.255.255.255 . In the
> >> >> protocol field select
> >> >> >Other, and type in 47 . This allows GRE traffic to pass.
> >> >> >
> >> >> ><(E-Mail Removed)> wrote in message
> >> >> >news:1b7801c49a11$acace4f0$(E-Mail Removed)...
> >> >> >> ok found what was messedup. The rras somehow disabled
> >> >> >> wins on the dhcp nic. It also undid the dns suffix
> >> >> >> regstriation. But I would still appricate a answer on
> >> >> >> how to get a w2003 server vpn setup behind a w2000
> >> >> server
> >> >> >> acting as a router(ie port forwarding).
> >> >> >>
> >> >> >>>-----Original Message-----
> >> >> >>>I just setup a vpn on 2003 server using rras and now
> >> >> all
> >> >> >>>file shares no longer function. The vpn works but i
> >> >> can
> >> >> >>>no longer access any shares to the server whether
> >> >> logged
> >> >> >>>in thur vpn or not.
> >> >> >>>
> >> >> >>>I have since disable rras and I can still no longer see
> >> >> >>>the file shares, i can terminal server in and ping, but
> >> >> >>>no get access to any of the shares. All the shares are
> >> >> >>>still there and setup right but no access too them.
> >> >> >>>
> >> >> >>>It has one nic. Getting address form dhcp w2k server
> >> >> >>>which is running rras as a nat.
> >> >> >>>
> >> >> >>>also any one know how to setup the w2k server to
> >> >> forward
> >> >> >>>the right ip protocal 47 too the 2003 server. Have had
> >> >> >>>access forwarding the tcp ports but not the ip protocal
> >> >> >>>port.
> >> >> >>>
> >> >> >>>The w2k server is connected to the cable modem on one
> >> >> >> nic
> >> >> >>>and server the network thru another nic.
> >> >> >>>
> >> >> >>>All help is greatly appricated.
> >> >> >>>.
> >> >>
> >> >
> >> >
> >>
> >>
> >
> >
>
>

Yep. You can set filters to allow protocols. TCP and UDP are defined so
you just select them. Less common ones like GRE you select "Other" and type
in the protocol number. You need to do it on both input and output filters.
Like all manual filtering rules, it is a bit tedious, but it works.

"Phillip Windell" <@.> wrote in message
news:%(E-Mail Removed)...
> Even the GRE thing? I don't have a machine setup like that here to look
> at.
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
> "Bill Grant" <not.available@online> wrote in message
> news:(E-Mail Removed)...
>> Sure can, using the Input Filters and Output Filters.
>>
>> "Phillip Windell" <@.> wrote in message
>> news:(E-Mail Removed)...
>> > Will RRAS/NAT on Windows Server be able to do that? I know some
>> > hardware
>> > based firewalls can do the "PPTP Passthrough" thing, but can RRAS with
> NAT
>> > enabled do it?
>> >
>> > --
>> >
>> > Phillip Windell [MCP, MVP, CCNA]
>> > www.wandtv.com
>> >
>> > "Bill Grant" <not.available@online> wrote in message
>> > news:(E-Mail Removed)...
>> >> If you have a compelling reason to use the first server like a
> firewall
>> >> and set up the VPN on the internal server, it is pretty simple for
> PPTP.
>> > You
>> >> only need to forward PPTP (tcp port 1723) to the server's LAN IP. This
>> >> extends the VPN endpoint to the internal server (much like forwarding
>> >> HTTP
>> >> to a web server on a LAN machine). The internal server must be set to
> use
>> >> the firewall as its default gateway, of course.
>> >>
>> >> If you have filtering set on the firewall machine, you need to
> allow
>> > GRE
>> >> in both directions. The encrypted data is contained in a packet with a
>> >> GRE
>> >> header. If the firewall blocks GRE, no VPN data will cross the link.
>> >>
>> >> "Phillip Windell" <@.> wrote in message
>> >> news:(E-Mail Removed)...
>> >> > If the 2k Server is a router then it already has RRAS running on it.
>> > Just
>> >> > use it for the VPN server and you are done. There is no need to
>> >> > over
>> >> > complicate things by trying to create a VPN Server on a different
>> >> > box
>> > then
>> >> > trying to figure out to expose it to the Internet properly when the
>> >> > currently exposed machine already has everything it needs if you
>> >> > just
>> >> > enable
>> >> > it.
>> >> >
>> >> > --
>> >> >
>> >> > Phillip Windell [MCP, MVP, CCNA]
>> >> > www.wandtv.com
>> >> >
>> >> >
>> >> > "Matt" <(E-Mail Removed)> wrote in message
>> >> > news:042001c49b64$7465ccc0$(E-Mail Removed)...
>> >> >> Ok I under stand that it is infact a protocol not just a
>> >> >> protocol.
>> >> >>
>> >> >> The problem i am having as i beleve it is makeing sure
>> >> >> that all required ports, and protocols are being
>> >> >> transfered.
>> >> >>
>> >> >> my 2k server(router) has 2 nic
>> >> >> 1(22.55.66.77) the internet
>> >> >> 2(192.168.0.1) the internal network
>> >> >>
>> >> >> my w2003 servier(vpn) has one nic
>> >> >> 1(192.168.0.18) the internal network
>> >> >>
>> >> >> I need to some how make the 2k server send all traffic
>> >> >> regarding the vpn too the 2003 server.
>> >> >>
>> >> >> I can handle the tcp and udp port, but beyond that i
>> >> >> don't know how. Does anyone have a way too do this or a
>> >> >> site that explains how do do this??
>> >> >>
>> >> >>
>> >> >> >-----Original Message-----
>> >> >> > GRE (IP protocol 47) is not a port. It is a protocol,
>> >> >> just like TCP or
>> >> >> >UDP. You do not forward it, you allow or deny it.
>> >> >> >
>> >> >> > In the RRAS filters setup, enter the IP address of
>> >> >> the Internet facing
>> >> >> >interface and a host subnet 255.255.255.255 . In the
>> >> >> protocol field select
>> >> >> >Other, and type in 47 . This allows GRE traffic to pass.
>> >> >> >
>> >> >> ><(E-Mail Removed)> wrote in message
>> >> >> >news:1b7801c49a11$acace4f0$(E-Mail Removed)...
>> >> >> >> ok found what was messedup. The rras somehow disabled
>> >> >> >> wins on the dhcp nic. It also undid the dns suffix
>> >> >> >> regstriation. But I would still appricate a answer on
>> >> >> >> how to get a w2003 server vpn setup behind a w2000
>> >> >> server
>> >> >> >> acting as a router(ie port forwarding).
>> >> >> >>
>> >> >> >>>-----Original Message-----
>> >> >> >>>I just setup a vpn on 2003 server using rras and now
>> >> >> all
>> >> >> >>>file shares no longer function. The vpn works but i
>> >> >> can
>> >> >> >>>no longer access any shares to the server whether
>> >> >> logged
>> >> >> >>>in thur vpn or not.
>> >> >> >>>
>> >> >> >>>I have since disable rras and I can still no longer see
>> >> >> >>>the file shares, i can terminal server in and ping, but
>> >> >> >>>no get access to any of the shares. All the shares are
>> >> >> >>>still there and setup right but no access too them.
>> >> >> >>>
>> >> >> >>>It has one nic. Getting address form dhcp w2k server
>> >> >> >>>which is running rras as a nat.
>> >> >> >>>
>> >> >> >>>also any one know how to setup the w2k server to
>> >> >> forward
>> >> >> >>>the right ip protocal 47 too the 2003 server. Have had
>> >> >> >>>access forwarding the tcp ports but not the ip protocal
>> >> >> >>>port.
>> >> >> >>>
>> >> >> >>>The w2k server is connected to the cable modem on one
>> >> >> >> nic
>> >> >> >>>and server the network thru another nic.
>> >> >> >>>
>> >> >> >>>All help is greatly appricated.
>> >> >> >>>.
>> >> >>
>> >> >
>> >> >
>> >>
>> >>
>> >
>> >
>>
>>
>
>

Any way you could tell me how to setup those filters, or
perhaps a place i could go to to learn and understand
what they do.

>-----Original Message-----
> Yep. You can set filters to allow protocols. TCP and
UDP are defined so
>you just select them. Less common ones like GRE you
select "Other" and type
>in the protocol number. You need to do it on both input
and output filters.
>Like all manual filtering rules, it is a bit tedious,
but it works.
>
>"Phillip Windell" <@.> wrote in message
>news:%(E-Mail Removed)...
>> Even the GRE thing? I don't have a machine setup like
that here to look
>> at.
>>
>> --
>>
>> Phillip Windell [MCP, MVP, CCNA]
>> www.wandtv.com
>>
>> "Bill Grant" <not.available@online> wrote in message
>> news:(E-Mail Removed)...
>>> Sure can, using the Input Filters and Output
Filters.
>>>
>>> "Phillip Windell" <@.> wrote in message
>>> news:(E-Mail Removed)...
>>> > Will RRAS/NAT on Windows Server be able to do that?
I know some
>>> > hardware
>>> > based firewalls can do the "PPTP Passthrough"
thing, but can RRAS with
>> NAT
>>> > enabled do it?
>>> >
>>> > --
>>> >
>>> > Phillip Windell [MCP, MVP, CCNA]
>>> > www.wandtv.com
>>> >
>>> > "Bill Grant" <not.available@online> wrote in message
>>> > news:(E-Mail Removed)...
>>> >> If you have a compelling reason to use the first
server like a
>> firewall
>>> >> and set up the VPN on the internal server, it is
pretty simple for
>> PPTP.
>>> > You
>>> >> only need to forward PPTP (tcp port 1723) to the
server's LAN IP. This
>>> >> extends the VPN endpoint to the internal server
(much like forwarding
>>> >> HTTP
>>> >> to a web server on a LAN machine). The internal
server must be set to
>> use
>>> >> the firewall as its default gateway, of course.
>>> >>
>>> >> If you have filtering set on the firewall
machine, you need to
>> allow
>>> > GRE
>>> >> in both directions. The encrypted data is
contained in a packet with a
>>> >> GRE
>>> >> header. If the firewall blocks GRE, no VPN data
will cross the link.
>>> >>
>>> >> "Phillip Windell" <@.> wrote in message
>>> >> news:(E-Mail Removed)...
>>> >> > If the 2k Server is a router then it already has
RRAS running on it.
>>> > Just
>>> >> > use it for the VPN server and you are done.
There is no need to
>>> >> > over
>>> >> > complicate things by trying to create a VPN
Server on a different
>>> >> > box
>>> > then
>>> >> > trying to figure out to expose it to the
Internet properly when the
>>> >> > currently exposed machine already has everything
it needs if you
>>> >> > just
>>> >> > enable
>>> >> > it.
>>> >> >
>>> >> > --
>>> >> >
>>> >> > Phillip Windell [MCP, MVP, CCNA]
>>> >> > www.wandtv.com
>>> >> >
>>> >> >
>>> >> > "Matt" <(E-Mail Removed)> wrote in message
>>> >> > news:042001c49b64$7465ccc0$(E-Mail Removed)...
>>> >> >> Ok I under stand that it is infact a protocol
not just a
>>> >> >> protocol.
>>> >> >>
>>> >> >> The problem i am having as i beleve it is
makeing sure
>>> >> >> that all required ports, and protocols are being
>>> >> >> transfered.
>>> >> >>
>>> >> >> my 2k server(router) has 2 nic
>>> >> >> 1(22.55.66.77) the internet
>>> >> >> 2(192.168.0.1) the internal network
>>> >> >>
>>> >> >> my w2003 servier(vpn) has one nic
>>> >> >> 1(192.168.0.18) the internal network
>>> >> >>
>>> >> >> I need to some how make the 2k server send all
traffic
>>> >> >> regarding the vpn too the 2003 server.
>>> >> >>
>>> >> >> I can handle the tcp and udp port, but beyond
that i
>>> >> >> don't know how. Does anyone have a way too do
this or a
>>> >> >> site that explains how do do this??
>>> >> >>
>>> >> >>
>>> >> >> >-----Original Message-----
>>> >> >> > GRE (IP protocol 47) is not a port. It is a
protocol,
>>> >> >> just like TCP or
>>> >> >> >UDP. You do not forward it, you allow or deny
it.
>>> >> >> >
>>> >> >> > In the RRAS filters setup, enter the IP
address of
>>> >> >> the Internet facing
>>> >> >> >interface and a host subnet 255.255.255.255 .
In the
>>> >> >> protocol field select
>>> >> >> >Other, and type in 47 . This allows GRE
traffic to pass.
>>> >> >> >
>>> >> >> ><(E-Mail Removed)> wrote in
message
>>> >> >> >news:1b7801c49a11$acace4f0$(E-Mail Removed)...
>>> >> >> >> ok found what was messedup. The rras
somehow disabled
>>> >> >> >> wins on the dhcp nic. It also undid the dns
suffix
>>> >> >> >> regstriation. But I would still appricate a
answer on
>>> >> >> >> how to get a w2003 server vpn setup behind a
w2000
>>> >> >> server
>>> >> >> >> acting as a router(ie port forwarding).
>>> >> >> >>
>>> >> >> >>>-----Original Message-----
>>> >> >> >>>I just setup a vpn on 2003 server using rras
and now
>>> >> >> all
>>> >> >> >>>file shares no longer function. The vpn
works but i
>>> >> >> can
>>> >> >> >>>no longer access any shares to the server
whether
>>> >> >> logged
>>> >> >> >>>in thur vpn or not.
>>> >> >> >>>
>>> >> >> >>>I have since disable rras and I can still no
longer see
>>> >> >> >>>the file shares, i can terminal server in
and ping, but
>>> >> >> >>>no get access to any of the shares. All the
shares are
>>> >> >> >>>still there and setup right but no access
too them.
>>> >> >> >>>
>>> >> >> >>>It has one nic. Getting address form dhcp
w2k server
>>> >> >> >>>which is running rras as a nat.
>>> >> >> >>>
>>> >> >> >>>also any one know how to setup the w2k
server to
>>> >> >> forward
>>> >> >> >>>the right ip protocal 47 too the 2003
server. Have had
>>> >> >> >>>access forwarding the tcp ports but not the
ip protocal
>>> >> >> >>>port.
>>> >> >> >>>
>>> >> >> >>>The w2k server is connected to the cable
modem on one
>>> >> >> >> nic
>>> >> >> >>>and server the network thru another nic.
>>> >> >> >>>
>>> >> >> >>>All help is greatly appricated.
>>> >> >> >>>.
>>> >> >>
>>> >> >
>>> >> >
>>> >>
>>> >>
>>> >
>>> >
>>>
>>>
>>
>>
>
>
>.
>

It is all configured from the RRAS console, and it is not really all
that hard. You set your filters to the "Deny all traffic except " option,
then configure rules to allow the traffic you want your server to send or
receive.

In the RRAS console, go to IP Routing | General. Right-click your public
interface. In the Properties sheet select Input Filters or Output Filters.

"Matt" <(E-Mail Removed)> wrote in message
news:042b01c4a1d4$f23a1d10$(E-Mail Removed)...
> Any way you could tell me how to setup those filters, or
> perhaps a place i could go to to learn and understand
> what they do.
>
>>-----Original Message-----
>> Yep. You can set filters to allow protocols. TCP and
> UDP are defined so
>>you just select them. Less common ones like GRE you
> select "Other" and type
>>in the protocol number. You need to do it on both input
> and output filters.
>>Like all manual filtering rules, it is a bit tedious,
> but it works.
>>
>>"Phillip Windell" <@.> wrote in message
>>news:%(E-Mail Removed).. .
>>> Even the GRE thing? I don't have a machine setup like
> that here to look
>>> at.
>>>
>>> --
>>>
>>> Phillip Windell [MCP, MVP, CCNA]
>>> www.wandtv.com
>>>
>>> "Bill Grant" <not.available@online> wrote in message
>>> news:(E-Mail Removed)...
>>>> Sure can, using the Input Filters and Output
> Filters.
>>>>
>>>> "Phillip Windell" <@.> wrote in message
>>>> news:(E-Mail Removed)...
>>>> > Will RRAS/NAT on Windows Server be able to do that?
> I know some
>>>> > hardware
>>>> > based firewalls can do the "PPTP Passthrough"
> thing, but can RRAS with
>>> NAT
>>>> > enabled do it?
>>>> >
>>>> > --
>>>> >
>>>> > Phillip Windell [MCP, MVP, CCNA]
>>>> > www.wandtv.com
>>>> >
>>>> > "Bill Grant" <not.available@online> wrote in message
>>>> > news:(E-Mail Removed)...
>>>> >> If you have a compelling reason to use the first
> server like a
>>> firewall
>>>> >> and set up the VPN on the internal server, it is
> pretty simple for
>>> PPTP.
>>>> > You
>>>> >> only need to forward PPTP (tcp port 1723) to the
> server's LAN IP. This
>>>> >> extends the VPN endpoint to the internal server
> (much like forwarding
>>>> >> HTTP
>>>> >> to a web server on a LAN machine). The internal
> server must be set to
>>> use
>>>> >> the firewall as its default gateway, of course.
>>>> >>
>>>> >> If you have filtering set on the firewall
> machine, you need to
>>> allow
>>>> > GRE
>>>> >> in both directions. The encrypted data is
> contained in a packet with a
>>>> >> GRE
>>>> >> header. If the firewall blocks GRE, no VPN data
> will cross the link.
>>>> >>
>>>> >> "Phillip Windell" <@.> wrote in message
>>>> >> news:(E-Mail Removed)...
>>>> >> > If the 2k Server is a router then it already has
> RRAS running on it.
>>>> > Just
>>>> >> > use it for the VPN server and you are done.
> There is no need to
>>>> >> > over
>>>> >> > complicate things by trying to create a VPN
> Server on a different
>>>> >> > box
>>>> > then
>>>> >> > trying to figure out to expose it to the
> Internet properly when the
>>>> >> > currently exposed machine already has everything
> it needs if you
>>>> >> > just
>>>> >> > enable
>>>> >> > it.
>>>> >> >
>>>> >> > --
>>>> >> >
>>>> >> > Phillip Windell [MCP, MVP, CCNA]
>>>> >> > www.wandtv.com
>>>> >> >
>>>> >> >
>>>> >> > "Matt" <(E-Mail Removed)> wrote in message
>>>> >> > news:042001c49b64$7465ccc0$(E-Mail Removed)...
>>>> >> >> Ok I under stand that it is infact a protocol
> not just a
>>>> >> >> protocol.
>>>> >> >>
>>>> >> >> The problem i am having as i beleve it is
> makeing sure
>>>> >> >> that all required ports, and protocols are being
>>>> >> >> transfered.
>>>> >> >>
>>>> >> >> my 2k server(router) has 2 nic
>>>> >> >> 1(22.55.66.77) the internet
>>>> >> >> 2(192.168.0.1) the internal network
>>>> >> >>
>>>> >> >> my w2003 servier(vpn) has one nic
>>>> >> >> 1(192.168.0.18) the internal network
>>>> >> >>
>>>> >> >> I need to some how make the 2k server send all
> traffic
>>>> >> >> regarding the vpn too the 2003 server.
>>>> >> >>
>>>> >> >> I can handle the tcp and udp port, but beyond
> that i
>>>> >> >> don't know how. Does anyone have a way too do
> this or a
>>>> >> >> site that explains how do do this??
>>>> >> >>
>>>> >> >>
>>>> >> >> >-----Original Message-----
>>>> >> >> > GRE (IP protocol 47) is not a port. It is a
> protocol,
>>>> >> >> just like TCP or
>>>> >> >> >UDP. You do not forward it, you allow or deny
> it.
>>>> >> >> >
>>>> >> >> > In the RRAS filters setup, enter the IP
> address of
>>>> >> >> the Internet facing
>>>> >> >> >interface and a host subnet 255.255.255.255 .
> In the
>>>> >> >> protocol field select
>>>> >> >> >Other, and type in 47 . This allows GRE
> traffic to pass.
>>>> >> >> >
>>>> >> >> ><(E-Mail Removed)> wrote in
> message
>>>> >> >> >news:1b7801c49a11$acace4f0$(E-Mail Removed)...
>>>> >> >> >> ok found what was messedup. The rras
> somehow disabled
>>>> >> >> >> wins on the dhcp nic. It also undid the dns
> suffix
>>>> >> >> >> regstriation. But I would still appricate a
> answer on
>>>> >> >> >> how to get a w2003 server vpn setup behind a
> w2000
>>>> >> >> server
>>>> >> >> >> acting as a router(ie port forwarding).
>>>> >> >> >>
>>>> >> >> >>>-----Original Message-----
>>>> >> >> >>>I just setup a vpn on 2003 server using rras
> and now
>>>> >> >> all
>>>> >> >> >>>file shares no longer function. The vpn
> works but i
>>>> >> >> can
>>>> >> >> >>>no longer access any shares to the server
> whether
>>>> >> >> logged
>>>> >> >> >>>in thur vpn or not.
>>>> >> >> >>>
>>>> >> >> >>>I have since disable rras and I can still no
> longer see
>>>> >> >> >>>the file shares, i can terminal server in
> and ping, but
>>>> >> >> >>>no get access to any of the shares. All the
> shares are
>>>> >> >> >>>still there and setup right but no access
> too them.
>>>> >> >> >>>
>>>> >> >> >>>It has one nic. Getting address form dhcp
> w2k server
>>>> >> >> >>>which is running rras as a nat.
>>>> >> >> >>>
>>>> >> >> >>>also any one know how to setup the w2k
> server to
>>>> >> >> forward
>>>> >> >> >>>the right ip protocal 47 too the 2003
> server. Have had
>>>> >> >> >>>access forwarding the tcp ports but not the
> ip protocal
>>>> >> >> >>>port.
>>>> >> >> >>>
>>>> >> >> >>>The w2k server is connected to the cable
> modem on one
>>>> >> >> >> nic
>>>> >> >> >>>and server the network thru another nic.
>>>> >> >> >>>
>>>> >> >> >>>All help is greatly appricated.
>>>> >> >> >>>.
>>>> >> >>
>>>> >> >
>>>> >> >
>>>> >>
>>>> >>
>>>> >
>>>> >
>>>>
>>>>
>>>
>>>
>>
>>
>>.
>>

ok, i've been having problems getting the output filters
set right i think.
When i try to connect my machine goes right from connecting
to verifying user name and password, then times out.
I have the output filters set to the internal adderss of
the vpn server 192.168.0.18, and i did not specify and
outgoing address but set the protocal too 47 and tcp 1723.
and still no talking back and forth.

this is all on the external nic on the 2000 server, do i
need to setup filters on the internal nic(192.168.0.1) as
well for the outgoing communication??

>-----Original Message-----
> It is all configured from the RRAS console, and it is
not really all
>that hard. You set your filters to the "Deny all traffic
except " option,
>then configure rules to allow the traffic you want your
server to send or
>receive.
>
> In the RRAS console, go to IP Routing | General.
Right-click your public
>interface. In the Properties sheet select Input Filters or
Output Filters.
>
>"Matt" <(E-Mail Removed)> wrote in message
>news:042b01c4a1d4$f23a1d10$(E-Mail Removed)...
>> Any way you could tell me how to setup those filters, or
>> perhaps a place i could go to to learn and understand
>> what they do.
>>
>>>-----Original Message-----
>>> Yep. You can set filters to allow protocols. TCP and
>> UDP are defined so
>>>you just select them. Less common ones like GRE you
>> select "Other" and type
>>>in the protocol number. You need to do it on both input
>> and output filters.
>>>Like all manual filtering rules, it is a bit tedious,
>> but it works.
>>>
>>>"Phillip Windell" <@.> wrote in message
>>>news:%(E-Mail Removed). ..
>>>> Even the GRE thing? I don't have a machine setup like
>> that here to look
>>>> at.
>>>>
>>>> --
>>>>
>>>> Phillip Windell [MCP, MVP, CCNA]
>>>> www.wandtv.com
>>>>
>>>> "Bill Grant" <not.available@online> wrote in message
>>>> news:(E-Mail Removed)...
>>>>> Sure can, using the Input Filters and Output
>> Filters.
>>>>>
>>>>> "Phillip Windell" <@.> wrote in message
>>>>> news:(E-Mail Removed)...
>>>>> > Will RRAS/NAT on Windows Server be able to do that?
>> I know some
>>>>> > hardware
>>>>> > based firewalls can do the "PPTP Passthrough"
>> thing, but can RRAS with
>>>> NAT
>>>>> > enabled do it?
>>>>> >
>>>>> > --
>>>>> >
>>>>> > Phillip Windell [MCP, MVP, CCNA]
>>>>> > www.wandtv.com
>>>>> >
>>>>> > "Bill Grant" <not.available@online> wrote in message
>>>>> > news:(E-Mail Removed)...
>>>>> >> If you have a compelling reason to use the first
>> server like a
>>>> firewall
>>>>> >> and set up the VPN on the internal server, it is
>> pretty simple for
>>>> PPTP.
>>>>> > You
>>>>> >> only need to forward PPTP (tcp port 1723) to the
>> server's LAN IP. This
>>>>> >> extends the VPN endpoint to the internal server
>> (much like forwarding
>>>>> >> HTTP
>>>>> >> to a web server on a LAN machine). The internal
>> server must be set to
>>>> use
>>>>> >> the firewall as its default gateway, of course.
>>>>> >>
>>>>> >> If you have filtering set on the firewall
>> machine, you need to
>>>> allow
>>>>> > GRE
>>>>> >> in both directions. The encrypted data is
>> contained in a packet with a
>>>>> >> GRE
>>>>> >> header. If the firewall blocks GRE, no VPN data
>> will cross the link.
>>>>> >>
>>>>> >> "Phillip Windell" <@.> wrote in message
>>>>> >> news:(E-Mail Removed)...
>>>>> >> > If the 2k Server is a router then it already has
>> RRAS running on it.
>>>>> > Just
>>>>> >> > use it for the VPN server and you are done.
>> There is no need to
>>>>> >> > over
>>>>> >> > complicate things by trying to create a VPN
>> Server on a different
>>>>> >> > box
>>>>> > then
>>>>> >> > trying to figure out to expose it to the
>> Internet properly when the
>>>>> >> > currently exposed machine already has everything
>> it needs if you
>>>>> >> > just
>>>>> >> > enable
>>>>> >> > it.
>>>>> >> >
>>>>> >> > --
>>>>> >> >
>>>>> >> > Phillip Windell [MCP, MVP, CCNA]
>>>>> >> > www.wandtv.com
>>>>> >> >
>>>>> >> >
>>>>> >> > "Matt" <(E-Mail Removed)> wrote in message
>>>>> >> > news:042001c49b64$7465ccc0$(E-Mail Removed)...
>>>>> >> >> Ok I under stand that it is infact a protocol
>> not just a
>>>>> >> >> protocol.
>>>>> >> >>
>>>>> >> >> The problem i am having as i beleve it is
>> makeing sure
>>>>> >> >> that all required ports, and protocols are being
>>>>> >> >> transfered.
>>>>> >> >>
>>>>> >> >> my 2k server(router) has 2 nic
>>>>> >> >> 1(22.55.66.77) the internet
>>>>> >> >> 2(192.168.0.1) the internal network
>>>>> >> >>
>>>>> >> >> my w2003 servier(vpn) has one nic
>>>>> >> >> 1(192.168.0.18) the internal network
>>>>> >> >>
>>>>> >> >> I need to some how make the 2k server send all
>> traffic
>>>>> >> >> regarding the vpn too the 2003 server.
>>>>> >> >>
>>>>> >> >> I can handle the tcp and udp port, but beyond
>> that i
>>>>> >> >> don't know how. Does anyone have a way too do
>> this or a
>>>>> >> >> site that explains how do do this??
>>>>> >> >>
>>>>> >> >>
>>>>> >> >> >-----Original Message-----
>>>>> >> >> > GRE (IP protocol 47) is not a port. It is a
>> protocol,
>>>>> >> >> just like TCP or
>>>>> >> >> >UDP. You do not forward it, you allow or deny
>> it.
>>>>> >> >> >
>>>>> >> >> > In the RRAS filters setup, enter the IP
>> address of
>>>>> >> >> the Internet facing
>>>>> >> >> >interface and a host subnet 255.255.255.255 .
>> In the
>>>>> >> >> protocol field select
>>>>> >> >> >Other, and type in 47 . This allows GRE
>> traffic to pass.
>>>>> >> >> >
>>>>> >> >> ><(E-Mail Removed)> wrote in
>> message
>>>>> >> >> >news:1b7801c49a11$acace4f0$(E-Mail Removed)...
>>>>> >> >> >> ok found what was messedup. The rras
>> somehow disabled
>>>>> >> >> >> wins on the dhcp nic. It also undid the dns
>> suffix
>>>>> >> >> >> regstriation. But I would still appricate a
>> answer on
>>>>> >> >> >> how to get a w2003 server vpn setup behind a
>> w2000
>>>>> >> >> server
>>>>> >> >> >> acting as a router(ie port forwarding).
>>>>> >> >> >>
>>>>> >> >> >>>-----Original Message-----
>>>>> >> >> >>>I just setup a vpn on 2003 server using rras
>> and now
>>>>> >> >> all
>>>>> >> >> >>>file shares no longer function. The vpn
>> works but i
>>>>> >> >> can
>>>>> >> >> >>>no longer access any shares to the server
>> whether
>>>>> >> >> logged
>>>>> >> >> >>>in thur vpn or not.
>>>>> >> >> >>>
>>>>> >> >> >>>I have since disable rras and I can still no
>> longer see
>>>>> >> >> >>>the file shares, i can terminal server in
>> and ping, but
>>>>> >> >> >>>no get access to any of the shares. All the
>> shares are
>>>>> >> >> >>>still there and setup right but no access
>> too them.
>>>>> >> >> >>>
>>>>> >> >> >>>It has one nic. Getting address form dhcp
>> w2k server
>>>>> >> >> >>>which is running rras as a nat.
>>>>> >> >> >>>
>>>>> >> >> >>>also any one know how to setup the w2k
>> server to
>>>>> >> >> forward
>>>>> >> >> >>>the right ip protocal 47 too the 2003
>> server. Have had
>>>>> >> >> >>>access forwarding the tcp ports but not the
>> ip protocal
>>>>> >> >> >>>port.
>>>>> >> >> >>>
>>>>> >> >> >>>The w2k server is connected to the cable
>> modem on one
>>>>> >> >> >> nic
>>>>> >> >> >>>and server the network thru another nic.
>>>>> >> >> >>>
>>>>> >> >> >>>All help is greatly appricated.
>>>>> >> >> >>>.
>>>>> >> >>
>>>>> >> >
>>>>> >> >
>>>>> >>
>>>>> >>
>>>>> >
>>>>> >
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>>.
>>>
>
>
>.
>