vpn on second NIC

[ray436]

Hi I'm sure someone here can sort this for me, I'm stumped!

Equipment: Win2000 server, XP Pro clients, LAN, DSL via Router.

I have set up VPN using the original single NIC, was able connect, browse folders, etc. Router was set to forward VPN ports to the NIC, everything worked. ( and the crowd goes wild )

Problem: Software on the server requires dedicated access to the first NIC at 192.168.0.1, turning on the VPN puts an end to that. ( and the crowd really went wild )

New set up: I have 2 NIC's on the WIn2000 server. One is connected to the LAN ( IP 192.168.0.1 ) , the other is for the WAN, ( IP 192.168.10.5 ). I can enable both NIC's, changed the router to forward the VPN ports to the second NIC. I re-ran the RAS Wizard, selecting the second NIC a s the device to use. I also changed the bindings to have the first NIC appear first, so that LAN traffic finds it, and have removed DNS and the gateway from it ( this was enabled on the second NIC.

From the server, the second NIC appears, can be pinged, all looks good. Can't ping it from the LAN ( the VPN filters this I gather ) Outside VPN connections fail, with the 800 error, unable to authenticate.

Do I have to do some routing table on the server, or is there some other setting needed for 2 NIC's in this setup?

I would really appreciate some help on this, I don't know what else to try now...

Thanks!

 

[ROUTERKID1]

I would try a different ip range on the second NIC like 10.0 or 172.16

 

[ray436]

thanks for the idea, but would placing the second NIC at 192.168.10.5 not be enough? This worked for the clients, placing them on similar ranges, so that they would not conflict with the LAN IP range.

 

[ROUTERKID1]

yea that should be fine differnet subnet.

 

[ray436]

hmm, still no joy.

I tried using the second NIC with an IP of 192.168.0.200, just to make sure all the hardware and settings with it are OK, and the VPN works. But this still disables the telnet access to the first NIC at 192.168.0.1 , so the solution still needs to be found.

I am thinking that there must be a way to route only VPN traffic to the second NIC when it has the 192.168.10.x address.

Can I do this in RRAS ? Would setting filters help?

Another thought is that the router I am using to connect to the web is not capable of routing from the 192.168.0.x LAN to the 192.168.10.x NIC.

If I have to I will get a $60 router just to bridge the 2 "networks" but there must be an easier way.

Any ideas?

Thanks!

 

[ROUTERKID1]

run through the wizard agin and check your settings.

 

[ray436]

Over the weekend I set up and took down RAS several times, always with the same result, so hopefully I think its setup OK now. After getting nowhere, I thought maybe I can subnet with this cheap router.

Well, I seem to have got lucky with my D-Link DI-604.

It lets me set a mask of 255.255.254.0 for it, and route from the 192.168.0.1 NIC to the 192.168.1.x NIC's.

Right now I have both cards running, Telnet is up on the 192.168.0.1 NIC, and the VPN is listening on the second NIC. This is a first to have all three going. When I get home tonight I will see if I can get a tunnel going.

Wish me luck!

 

[ROUTERKID1]

Good Luck, keep us posted

 

[ray436]

Well , no joy from the previous set-up.

I have tried IP filters on the RAS server's second NIC ( the one used for VPN ) in an effort to isolate the first NIC Telnet issues, and still no luck.

Something very weird is going on with the Telnet software that runs on the LAN. It simply refuses to run if I enable the VPN on the second NIC.

The closest I got was to get a 721 error, failed to authenticate. I can use the VPN from inside the LAN, but get a 721 form outside.

On top of the Telnet issue, I think there may be something funky going on with the router. Methinks its not properly handling the GRE protocol, gioving the 721 error. One log showed it had dropped a GRE packet, why , I ahve no idea.

I am about ready to get hardcore and build a Linux router and just, as they say, "keep 'em separated"

Anyone have another idea?