Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Windows Networking > Virtualized VPN

Reply
Thread Tools Display Modes

Virtualized VPN

 
 
Chris White
Guest
Posts: n/a

 
      01-20-2009, 06:44 PM
Hi all, i am setting up a vpn server with the exception that instead of
running physically on a server, the operating system is installed as a
virtual machine using MS Virtual PC. This is how it is setup:

Host (physical) OS has two interfaces, one connected to internal network and
the other to external connection using two IPs, one public and the other
private. The virtual machine is connected to the network via these two
interfaces, of course using different IPs. Pinging is all OK and there is
uninterrupted network flow. In fact the virtual machine OS is a child domain
of the physical domain and active directory is being replicated without any
problem.

I have forwarded port 1723 from modem to router and i used to work with it
just fine, therefore virtual servers are set OK.

However my problem is this...how can I forward the 1723 port to my virtual
machine? should I use the public IP address of the host OS or of the virtual
machine? I tried both but with no luck and I guess I am missing something
here...

I know its a bit hard to understand but i left nothing out and would
appreciate your help!

Thanks a million!!
 
Reply With Quote
 
 
 
 
Bill Grant
Guest
Posts: n/a

 
      01-20-2009, 11:02 PM


"Chris White" <(E-Mail Removed)> wrote in message
news:#(E-Mail Removed)...
> Hi all, i am setting up a vpn server with the exception that instead of
> running physically on a server, the operating system is installed as a
> virtual machine using MS Virtual PC. This is how it is setup:
>
> Host (physical) OS has two interfaces, one connected to internal network
> and the other to external connection using two IPs, one public and the
> other private. The virtual machine is connected to the network via these
> two interfaces, of course using different IPs. Pinging is all OK and there
> is uninterrupted network flow. In fact the virtual machine OS is a child
> domain of the physical domain and active directory is being replicated
> without any problem.
>
> I have forwarded port 1723 from modem to router and i used to work with it
> just fine, therefore virtual servers are set OK.
>
> However my problem is this...how can I forward the 1723 port to my virtual
> machine? should I use the public IP address of the host OS or of the
> virtual machine? I tried both but with no luck and I guess I am missing
> something here...
>
> I know its a bit hard to understand but i left nothing out and would
> appreciate your help!
>
> Thanks a million!!
>
>
The problem is not with virtualization. You can't do it with physical
networks either.

Port forwarding will only work if the target is on the same segment as
the forwarder. You can't forward through another router to a second segment.

For this to work, the vm would need to be on the same segment (and in
the same IP subnet) as the private interface of the Internet-facing device
(ie the one which has a public IP) . That isn't really possible if you are
running a child domain in Local Only, using the host as a router.
 
Reply With Quote
 
Chris White
Guest
Posts: n/a

 
      01-21-2009, 07:26 AM
hey bill
actually there on the same subnet and everything.....


"Bill Grant" <not.available@online> wrote in message
news:%(E-Mail Removed)...
>
>
> "Chris White" <(E-Mail Removed)> wrote in message
> news:#(E-Mail Removed)...
>> Hi all, i am setting up a vpn server with the exception that instead of
>> running physically on a server, the operating system is installed as a
>> virtual machine using MS Virtual PC. This is how it is setup:
>>
>> Host (physical) OS has two interfaces, one connected to internal network
>> and the other to external connection using two IPs, one public and the
>> other private. The virtual machine is connected to the network via these
>> two interfaces, of course using different IPs. Pinging is all OK and
>> there is uninterrupted network flow. In fact the virtual machine OS is a
>> child domain of the physical domain and active directory is being
>> replicated without any problem.
>>
>> I have forwarded port 1723 from modem to router and i used to work with
>> it just fine, therefore virtual servers are set OK.
>>
>> However my problem is this...how can I forward the 1723 port to my
>> virtual machine? should I use the public IP address of the host OS or of
>> the virtual machine? I tried both but with no luck and I guess I am
>> missing something here...
>>
>> I know its a bit hard to understand but i left nothing out and would
>> appreciate your help!
>>
>> Thanks a million!!
>>
>>
> The problem is not with virtualization. You can't do it with physical
> networks either.
>
> Port forwarding will only work if the target is on the same segment as
> the forwarder. You can't forward through another router to a second
> segment.
>
> For this to work, the vm would need to be on the same segment (and in
> the same IP subnet) as the private interface of the Internet-facing device
> (ie the one which has a public IP) . That isn't really possible if you
> are running a child domain in Local Only, using the host as a router.
 
Reply With Quote
 
Bill Grant
Guest
Posts: n/a

 
      01-21-2009, 09:57 PM
If they are all in the same subnet, what is the point of two NICs in the
server?

The only reason for two NICs would be to route between the virtual and
physical networks.


"Chris White" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> hey bill
> actually there on the same subnet and everything.....
>
>
> "Bill Grant" <not.available@online> wrote in message
> news:%(E-Mail Removed)...
>>
>>
>> "Chris White" <(E-Mail Removed)> wrote in message
>> news:#(E-Mail Removed)...
>>> Hi all, i am setting up a vpn server with the exception that instead of
>>> running physically on a server, the operating system is installed as a
>>> virtual machine using MS Virtual PC. This is how it is setup:
>>>
>>> Host (physical) OS has two interfaces, one connected to internal network
>>> and the other to external connection using two IPs, one public and the
>>> other private. The virtual machine is connected to the network via these
>>> two interfaces, of course using different IPs. Pinging is all OK and
>>> there is uninterrupted network flow. In fact the virtual machine OS is a
>>> child domain of the physical domain and active directory is being
>>> replicated without any problem.
>>>
>>> I have forwarded port 1723 from modem to router and i used to work with
>>> it just fine, therefore virtual servers are set OK.
>>>
>>> However my problem is this...how can I forward the 1723 port to my
>>> virtual machine? should I use the public IP address of the host OS or of
>>> the virtual machine? I tried both but with no luck and I guess I am
>>> missing something here...
>>>
>>> I know its a bit hard to understand but i left nothing out and would
>>> appreciate your help!
>>>
>>> Thanks a million!!
>>>
>>>
>> The problem is not with virtualization. You can't do it with physical
>> networks either.
>>
>> Port forwarding will only work if the target is on the same segment
>> as the forwarder. You can't forward through another router to a second
>> segment.
>>
>> For this to work, the vm would need to be on the same segment (and in
>> the same IP subnet) as the private interface of the Internet-facing
>> device (ie the one which has a public IP) . That isn't really possible
>> if you are running a child domain in Local Only, using the host as a
>> router.
>
>
 
Reply With Quote
 
Ace Fekay [Microsoft Certified Trainer]
Guest
Posts: n/a

 
      01-22-2009, 04:29 AM
In news:%(E-Mail Removed),
Chris White <(E-Mail Removed)> requesting assistance, typed the
following:
>
<snipped>
> I have forwarded port 1723 from modem to router and i used to work
> with it just fine, therefore virtual servers are set OK.
>
> However my problem is this...how can I forward the 1723 port to my
> virtual machine? should I use the public IP address of the host OS or
> of the virtual machine? I tried both but with no luck and I guess I
> am missing something here...
<snipped>

Forward from the VM's public IP to the internal host.

If you want to port forward PPTP VPN traffic, you need to forward TCP 1723
as well as GRE or Protocol ID 47.

If you want to port forward IPSec/L2TP traffic, you have to forward multiple
ports. Theres's two parts of it, the L2TP traffic uses UDP Port 1701, and
the IPSec traffic requires the following: UDP Port 500, Protocol ID 50 and
Protocol ID 51.

Note: Protocol ID numbers are NOT port numbers.

You didn't mention which operating system the VM is. Assuming Windows 2003,
it should have the options to forward Protocol ID#s. It's easy in the major
firewalls, too. Other low-end DSL/Cable/NAT routers may be difficult,
depending on the brand.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCT
Microsoft Certified Trainer

For urgent issues, you may want to contact Microsoft PSS directly.
Please check http://support.microsoft.com for regional support phone
numbers.
 
Reply With Quote
 
 
 
Reply

« Unable to establish external trust | Valentine's Day is coming ! How to thanks for your beloved ? »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Forum Software Powered by vBulletin, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11