Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

RRAS: VPN Routing and Packet Filtering

Status
Not open for further replies.
Stevehewitt

Stevehewitt

IS-IT--Management
Jun 7, 2001
2,075
GB
P.S: This is a double post. Sorry, but the VPN forum looks pretty dead!

--------------------------------------------------------

Hi Guys,

Got a Windows 2003 Server with RRAS installed and working for VPN using PPTP.

Everything is working fine, with encrypted VPN traffic coming in past our firewall, hitting NIC1 on our RRAS box and connecting.

Essentially, as far as RRAS is concerned, NIC1 is VPN inbound traffic.
What I really want to do, is setup RRAS so that all NIC1 traffic is packet filtered using Windows. E.G I only want ports 3389 and 53 to be accessible for our VPN clients.

I have another NIC (NIC2). Whilst both NIC's are technically on the same subnet and plugged into the same switch, once NIC1 get the VPN inbound traffic I want it to route it all to NIC2, with packet filtering in between. (for packets out of NIC1 to NIC2. NIC2 to NIC1 doesn't need to be packet filtered)

So is there a way for me to get the NIC1 inbound VPN traffic, packet filter it and then shove it out over NIC2?

Cheers in advance,




Steve.

"They have the internet on computers now!" - Homer Simpson
 
Sort by date Sort by votes
Steve,
I started thinking about this, came up with this:

Could you use IPSec for the filtering? You got me on the "transfer" of data to NIC2 though. I started thinking of persistant routes, but really don't think that would do it. Then I started thinking of a hardware solution, but why have another piece of hardware if you have 2 NICs.

Maybe I'm making it more difficult (maybe you too?) then it needs to be....
 
Upvote 0 Downvote
Hi tfg13,

Yeah, i'm getting a bit stuck really. I was thinking of a persistant route, forcing all packet that come in on the VPN in NIC to route to the LAN NIC, and then use the Windows packet filter to block all other than DNS/RDP - but I can't seem to get it working.

I'll probably end up cheating, and put the box in our DMZ, inbound to the DMZ to allow PPTP and GRE, and outbound is only RDP/DNS I suppose - got other issues that make me not want to do it that way but I guess it's the most obvious answer right?! :)

Cheers for the reply!




Steve.

"They have the internet on computers now!" - Homer Simpson
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

bechna
  • Locked
  • Question
Windows Server and VPN Setup
Replies
1
Views
208
DrB0b
DrB0b
StevenFromSouth
  • Locked
  • Question
VPN Connects but cannot access remote network computers or folders
Replies
1
Views
236
StevenFromSouth
StevenFromSouth
bechna
  • Locked
  • Question
Unable to connect to VPN windows server 2019
Replies
0
Views
196
bechna
bechna
FreeSoldier
  • Locked
  • Question
Server 2012 R2 VPN Encryption
Replies
1
Views
224
tacohunter
tacohunter
geneg28
  • Locked
  • Question
Active Directory and Linux Servers
Replies
0
Views
148
geneg28
geneg28

Part and Inventory Search

Sponsor

Back
Top