Routing through RRAS packet filter (from VPN inbound!)

[Stevehewitt]

P.S: This is a double post. Sorry, but the VPN forum looks pretty dead!

--------------------------------------------------------

Hi Guys,

Got a Windows 2003 Server with RRAS installed and working for VPN using PPTP.

Everything is working fine, with encrypted VPN traffic coming in past our firewall, hitting NIC1 on our RRAS box and connecting.

Essentially, as far as RRAS is concerned, NIC1 is VPN inbound traffic.
What I really want to do, is setup RRAS so that all NIC1 traffic is packet filtered using Windows. E.G I only want ports 3389 and 53 to be accessible for our VPN clients.

I have another NIC (NIC2). Whilst both NIC's are technically on the same subnet and plugged into the same switch, once NIC1 get the VPN inbound traffic I want it to route it all to NIC2, with packet filtering in between. (for packets out of NIC1 to NIC2. NIC2 to NIC1 doesn't need to be packet filtered)

So is there a way for me to get the NIC1 inbound VPN traffic, packet filter it and then shove it out over NIC2?

Cheers in advance,



Steve.

"They have the internet on computers now!" - Homer Simpson


Steve.

"They have the internet on computers now!" - Homer Simpson

 

[pansophic]

My first thought would be to put NIC1 in a different subnet and assign a secondary address on the firewall interface to support just that subnet. Probably also assign a 255.255.255.252 subnet mask so that only the two devices could have IPs on that subnet.

Personally I prefer to have my VPN tunnel endpoint in the DMZ rather than the protected network. But only because I don't like to have any rules that allow a packet from the Internet directly into the protected net.


pansophic