Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Remote Access - ok with one NIC? 2

Status
Not open for further replies.

sopa

IS-IT--Management
Dec 21, 2005
5
US
I'm about to setup RRAS on a Windows 2003 server that is running DNS and Active Directory. I want to give a user VPN access. He's going to use Remote Desktop Connection on XP.

(I've set this up before, but on a Windows 2000 server that does NOT run DNS or Active Directory).

The O'Reilly book Windows Server 2003 In a Nutshell starts out by saying "make sure your server has at least two network interfaces." Is that really necessary? You have to have two NICs to setup RRAS for VPN service? I did it with one NIC when I did this on the Windows 2000 server.

I guess I need to setup Terminal Server also. Will I run into any licensing issues? I believe if the connecting user is using Remote Desktop Connection, there are no extra licenses required.

Any help with these issues or other suggestions on this topic would be much appreciated.

 
Been doing some more reading and see that I should use Remote Desktop for Administration, not Terminal Server, which requires licensing. So, scratch the question on Terminal Server.
 
We do and its OK. I agree about what the books say but if you have a hardware router I can't see why you should want more than one NIC (but I'm sure someone will explain why it's a good idea)
 

Thank you fissidens.

Good point about the router. I *am* behind a router and always think of things that way and the O'Reilly book made no mention of a router, so maybe that's why they're calling for two NICs.

Thanks again and happy holidays.
 
I have three locations running 2003 behind a router and they works great. I belive that the book wants to two NIC so the 2003 server controlls all traffic connecting to the internet. The one thing you have to make sure is you have a good router that supports port fowarding so you can set port 3389 to point to the server otherwise it will not work at all.

When frustrated remember, in the computer world there is almost always a backdoor.
 
Yea, I'm not sure why the wizard points you to a standard config with 2 NICs, unless they are assuming you run ISA server as a proxy. Most configs have the router behind a firewall, and you only need 1 NIC.

Beowulf005 was right about port 3389 being open for Remote Administration of the server. However, for VPN to work, you'll need to portforward port 1723 to your server so the client can make a VPN connection.

I'm guessing the way you'd want this setup is to have your client VPN to the server, establish that tunnel, then use Remote Desktop to connect to whatever machine they want (that's how we do it). Yes, no licensing to deal with, and it works well.

"Rule #1 - When stumped, check your Event Logs!
 
Thank you Beowulf005 and BigFunkyChief

BigFunkyChief: Yes, I'm planning on doing it as you describe:
"...have your client VPN to the server, establish that tunnel, then use Remote Desktop to connect..."

Thanks again.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top