As I said previously, you cannot solve the problem by adding routes to
the RRAS server. If you don't use NAT, you have to add the route for your
internal subnet to your DSL router. Otherwise the traffic never gets to the
RRAS router.
Whether you use the extra subnet as a DMZ or simply as a link doesn't
change the routing. The only other alternative is to give the RRAS server
only one NIC and use the DSL router directly as the default gateway for the
LAN.
If the server has two NICs, one must be in the same subnet as the router
and the other in the same subnet as the LAN machines. And to make that work,
the DSL router has to know that it can reach the LAN machines via the RRAS
router.
Before you try connecting using VPN from a remote location, set up the
server for remote access and make sure you can connect from a LAN machine
using the server's LAN IP. When this works, you can try forwarding the VPN
traffic from the router to the server and try to connect from a remote
location (using the router's public IP). For PPTP this is tcp port 1723 . If
you get an error 721, your router is probably blocking GRE.
Ken Lizotte wrote:
> Thanks Bill,
>
> Understanding that my ultimate goal is to provide remote desktop
> support, am I on the right track in setting up the screened subnet?
> Or is it ok to use the same network on both sides of the RRAS server
> and would this make things easier?
>
> Second, do I have to install NAT on the RRAS or can I try to set up a
> static route in RRAS MMC?
>
> Getting ahead of myself, but I was told I need to create a pinhole in
> my DSL router for incoming remote access. How do I decide which port
> to connect the pinhole to?
>
> Thanks, Ken
>
> "Bill Grant" wrote:
>
>> It isn't going to work straight off. The reason is that the DSL
>> router has no idea where the second subnet is. It knows about the
>> 192.168.1 network (because it has an interface in it) but it doesn't
>> know anything about the 192.168.100 subnet.
>>
>> You can get it to work by doing either
>>
>> 1. Configure NAT on the RRAS router (so that all traffic going to
>> the DSL router uses the server's 192.168.1.2 address).
>>
>> or
>>
>> 2. Add a static route to the DSL router to forward traffic for the
>> 192.168.100.0 subnet to the RRAS server eg
>>
>> 192.168.100.0 255.255.255.0 192.168.1.2
>>
>> Ken Lizotte wrote:
>>> Hi,
>>> I am trying to configure for VPN, and trying to go one step at a
>>> time. First, trying to get workstations to access internet.
>>> I have LAN using 192.168.100.0/24 and a "VPN1" W2K member server
>>> with RRAS installed. VPN1 has 2 NICs with 1st NIC (LAN) address
>>> 192.168.100.12 and connected to switch with rest of LAN. VPN2 2nd
>>> Nic (Internet) is connected to LAN port on DSL router. DSL router
>>> has public IP for incoming (Next step)
>>>
>>> Is this plan going to work?
>>> -Set router LAN port 192.168.1.1
>>> -Set VPN1 2nd NIC IP=192.168.1.2, gateway=192.168.1.1
>>> -Set gateway for workstations, servers on LAN to 192.168.100.12
>>>
>>> This sets up a screened subnet, right? How do I set up VPN1 RRAS to
>>> pass workstations to router then to internet?
>>>
>>> I have read several white papers and I understand the concept, but
>>> I'm having trouble with the specifics. Any help appreciated.
>>>
>>> Ken
|
Similar Threads
Linear Mode
