Hi,
I am new and don't know very much about Win2k. I want to set up a PC running Win2k Server as a router because I don't want to spend money on buying a new Cisco router with 2 ethernet ports.
What I have at present:
- 1 PC running Win2k Server and installed with:
- 2 ethernet LAN cards (+ more if it is needed)
- 1 ISDN (BRI) card
- 1 account at my ISP that let my LAN's gateway router connect to their router. The connection is a dial up connection and therefore the IP address of the router's WAN side is dynamic and assigned by the ISP's router. All PCs in this LAN have public IP address. I call this LAN "DMZ".
- 1 account at my ISP that let my LAN's gateway router connect to their router. The connection is a dial up connection and therefore the IP address of the router's WAN side is dynamic and assigned by the ISP's router. All PCs in my LAN have private IP address, so NAT must be enabled in order to use the assigned, dynamic IP address for all PCs. I call this LAN "Intranet".
My questions are:
1. Is it possible to set up this PC as a router so I can connect 2 LANs (Intranet and DMZ) to it ? If yes, how ?
2. If this Win2k server can be a router, then is it possible that this server can also be a VPN server at the same time ?
3. If 'yes' to question 2, I want to connect my already existed private network (Intranet with private IP addresses) to the first LAN card of the VPN server. I shall use the ISDN card of the VPN server for connection with my ISP's ISDN router.
4. Is the following statement correct?
According to the documentations, the VPN server MUST be assigned a private IP address on one side and a static public IP address on the other side for tunneling. Since the VPN server has 2 LAN cards, I assign a private IP address to the first LAN card and then connect this first LAN card to a private LAN with private IP (question 3). Then I assign a public IP address to the second LAN card and connect it to a hub and then from the hub to a Cisco router's ethernet interface (for example E0). The E0 interface is assigned a static public IP address. If the router has a second ethernet interface (say E1) then a DMZ can be connected to E1. The WAN interface (ISDN) of the router takes care of the connection to my ISP's router. Although this is a dial up connection and therefore the IP address is dynamic, it is good enough for my test purpose. I can always find out this IP address when it is on-line by using ipconfig. So I believe (?) that the remote VPN client (also me!!!) can always reach the internal private network via the VPN server, without thinking of having a fixed, static IP address on the WAN interface.
5. But the problem is that I want to use the VPN server with 2 LAN cards and an ISDN card as a router. In this configuration, the ISDN card still gets a dynamic IP address from the ISP as before, the first LAN card with private IP is connected to the private network. I still have 1 LAN card available. My questions now:
5.1 How can I assign the VPN server a static public IP address as in question 4 in order to "tunnelling" ? Is it possible at all ?
5.2 If "it is impossible at all" is the answer to question 5.1, is the solution that I must use an other WAN type than ISDN connection in order to have a permanent static IP address on the WAN interface ? In this way, The VPN server is connected directly to the Internet (ISP) and the VPN server may then have private IP address on one side and public IP address for tunneling as required (I do not know this assumption is correct). If my assumption is correct, which WAN type/card should I use and put it in my VPN server ?
5.3 I still have a LAN card available as told earlier. Can I connect it to the DMZ and let the VPN server's RRAS handle the routing to the DMZ ? Will this configuration works ? (i.e. secure routing to internal private network with VPN and routing to DMZ at the same time).
I hope I describe my problems clearly and make no confusion for you. Thank you very much if you can spend some time to answer me.
I am new and don't know very much about Win2k. I want to set up a PC running Win2k Server as a router because I don't want to spend money on buying a new Cisco router with 2 ethernet ports.
What I have at present:
- 1 PC running Win2k Server and installed with:
- 2 ethernet LAN cards (+ more if it is needed)
- 1 ISDN (BRI) card
- 1 account at my ISP that let my LAN's gateway router connect to their router. The connection is a dial up connection and therefore the IP address of the router's WAN side is dynamic and assigned by the ISP's router. All PCs in this LAN have public IP address. I call this LAN "DMZ".
- 1 account at my ISP that let my LAN's gateway router connect to their router. The connection is a dial up connection and therefore the IP address of the router's WAN side is dynamic and assigned by the ISP's router. All PCs in my LAN have private IP address, so NAT must be enabled in order to use the assigned, dynamic IP address for all PCs. I call this LAN "Intranet".
My questions are:
1. Is it possible to set up this PC as a router so I can connect 2 LANs (Intranet and DMZ) to it ? If yes, how ?
2. If this Win2k server can be a router, then is it possible that this server can also be a VPN server at the same time ?
3. If 'yes' to question 2, I want to connect my already existed private network (Intranet with private IP addresses) to the first LAN card of the VPN server. I shall use the ISDN card of the VPN server for connection with my ISP's ISDN router.
4. Is the following statement correct?
According to the documentations, the VPN server MUST be assigned a private IP address on one side and a static public IP address on the other side for tunneling. Since the VPN server has 2 LAN cards, I assign a private IP address to the first LAN card and then connect this first LAN card to a private LAN with private IP (question 3). Then I assign a public IP address to the second LAN card and connect it to a hub and then from the hub to a Cisco router's ethernet interface (for example E0). The E0 interface is assigned a static public IP address. If the router has a second ethernet interface (say E1) then a DMZ can be connected to E1. The WAN interface (ISDN) of the router takes care of the connection to my ISP's router. Although this is a dial up connection and therefore the IP address is dynamic, it is good enough for my test purpose. I can always find out this IP address when it is on-line by using ipconfig. So I believe (?) that the remote VPN client (also me!!!) can always reach the internal private network via the VPN server, without thinking of having a fixed, static IP address on the WAN interface.
5. But the problem is that I want to use the VPN server with 2 LAN cards and an ISDN card as a router. In this configuration, the ISDN card still gets a dynamic IP address from the ISP as before, the first LAN card with private IP is connected to the private network. I still have 1 LAN card available. My questions now:
5.1 How can I assign the VPN server a static public IP address as in question 4 in order to "tunnelling" ? Is it possible at all ?
5.2 If "it is impossible at all" is the answer to question 5.1, is the solution that I must use an other WAN type than ISDN connection in order to have a permanent static IP address on the WAN interface ? In this way, The VPN server is connected directly to the Internet (ISP) and the VPN server may then have private IP address on one side and public IP address for tunneling as required (I do not know this assumption is correct). If my assumption is correct, which WAN type/card should I use and put it in my VPN server ?
5.3 I still have a LAN card available as told earlier. Can I connect it to the DMZ and let the VPN server's RRAS handle the routing to the DMZ ? Will this configuration works ? (i.e. secure routing to internal private network with VPN and routing to DMZ at the same time).
I hope I describe my problems clearly and make no confusion for you. Thank you very much if you can spend some time to answer me.