Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN Setup

Status
Not open for further replies.
kbates04

kbates04

IS-IT--Management
Oct 27, 2003
8
US
Ok I am trying to set up VPN and have issues when I start RAS for VPN no one can access the network. I believe I have the NIC's setup up incorrectly. (amongst other things)
I work in a small office that has a Win2k Server, with Exchance Server on it. The first NIC (on the motherboard) is set up like this:
NIC 1
DHCP Enabled: No
IP Address 192.168.1.51
Subnet Mask 255.255.255.0
IP Address 192.168.1.7
Subnet Mask 255.255.255.0
Def. Gateway 192.168.1.1
DNS Servers 192.168.1.7
192.168.1.51
NIC 2
DHCP Enabled: No
IP Address 192.168.1.10
Subnet Mask 255.255.255.0
Def. Gateway
DNS Servers 192.168.1.7
192.168.1.51

I just installed the 2nd NIC for the VPN and had our internet provider open the required ports and had them point it at the 2nd NIC card. Just for info, the 1st NIC has always been setup for office Lan and the internet. Can someone give me direction on my next step. I am stuck at this point. Thanks in advance for any help.

 
Sort by date Sort by votes
I am confused. how come the first NIC has two IPs, IP Address 192.168.1.51 and IP Address 192.168.1.7. any way, this may help. quoted from
Can't ping external NIC while RRAS is active
Symptoms: After you configure the RRAS as a VPN server with two or more network adapters, pinging the external network adapter does not work. This behavior occurs only while RRAS is running and is by design to tighten security on the Internet VPN server.
Resolution: To allow pinging to and from the external NIC, add Inbound and Outbound filters to the adapter to allow Internet Control Message Protocol (ICMP) packets to be processed on the adapter. To do this, go to Routing and Remote Access>IP Routing>General. In the right pane, right-click the adapter that has been configured as the external adapter, and then click Properties>Input Filters>Add. In the Protocol box, click ICMP. Click Output Filters, and then repeat the previous three steps.


Robert Lin, MS-MVP, MCSE & CNE
Windows, Network, Internet, VPN, Routing and How to at
 
Upvote 0 Downvote
I beleive it is for Web & FTP access. The previous Sys Adm. set it up.


1) Should I add filters for both NIC's
2) Am I correct using NIC 2 for VPN.

Thank you for the reply.

Ken
 
Upvote 0 Downvote
Ken,

I think your problem might stem from the fact that the VPN nic doesn't have a default gateway. Have you tried removing the default gateway for NIC 1 and adding a defualt gateway for NIC 2? Also, unless I'm missing something, why did you multihome a system that uses (2) private IP's? (I'm assuming your using port forwarding from you internet connected router) Why not just use the one NIC.

It looks as if the previous system admin is running dual IP for your networks DNS. Why, I'm not sure though.

Let us know what happens.

 
Upvote 0 Downvote
1st, thanks everyone for the replies.
Ok, I think I should stay with the first NIC, though I need some more info.
When I tried the second NIC for VPN, nothing worked on the network. The 1st NIC is dual IP for web, ftp.

My question is can I have my provider forward the ports to one of those IP's and still have everything run properly?

Obvoiusly I am new to VPN, and am trying to figure it out as I go. Thank you all for the input.
 
Upvote 0 Downvote
Ken,

As long as you don't have overlapping ports for something else you shuld be in good shape.
 
Upvote 0 Downvote
Gacollier,

You mean for ex. if I have 192.168.1.7 used for internet access, etc., I cannot have the VPN ports open to that IP also. Correct?
If that is the case how do I do it on the single NIC?
 
Upvote 0 Downvote
Ken,

Here are the protocols and port numbers for most PPTP/L2TP VPN's.

IP Protocols (not to be confused as ports)/ports.
2 - IGMP/port 2
6 - TCP/port 1723 (PPTP)
17 - UDP/port 1701 (L2TP)
47 - GRE/port 47

Actually IP Proto's 2 and 47 are portless protocols, but you may need to use a port number for your router.

Some other ports of interest but related to IPSec/IKE

UDP/500 - IPSec
UDP/4500 - IPSec NAT-T
IP protocol 50 - ESP
IP protocol 51 - AH

I can't think of any others.

Good luck.





These protocols/ports must be forwarded to your VPN server.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
582
GlobeTrekkerGal
GlobeTrekkerGal
sarahz2
  • Locked
  • Question
Best vpn safe and fast
Replies
4
Views
424
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
358
sircles
sircles
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
331
Joon Smith
Joon Smith
LearningNetworking
  • Locked
  • Question
Linking Hosts on the same subnet via VPN
Replies
0
Views
388
LearningNetworking
LearningNetworking

Part and Inventory Search

Sponsor

Back
Top