VPN problem

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.win2000.general,microsoft.public.win2000.ras_routing (More info?)

Hi

We just configured a RRAS VPN server on Win2003 Standard (using default
wizard settings) for 2 etherfaces.
First NIC has our private IP address, also default gateway and DNS entered
in.
Second NIC (for outside access) has only public IP and subnet mask
configured. Default gateway and DNS are left blank.
The problem is, that I can't connect to a VPN server from outside, but if I
add default gateway on a second (public) NIC VPN connection works. Strange,
because all documentation regarding VPN on Win2003 says that default gateway
must be left blank?
Am I doing something wrong or what? If I leave default gateway on a second
NIC, can this cause some kind of security problem or is it allright?

Thanks
Regards
Miha
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.general,microsoft.public.win2000.ras_routing (More info?)

You obviously have an odd setup. The remote client should not see the
private interface of the RRAS server. Does the server have a public IP? Is
it behind a router? Could you give us a simple diagram of your setup with IP
addresses. eg

Internet
|
router?
|
public IP? default gateway?
RRAS
192.168.0.1 dg blank
|
clients
192.168.0.x dg 192.168.0.1

Miha wrote:
> Hi
>
> We just configured a RRAS VPN server on Win2003 Standard (using
> default wizard settings) for 2 etherfaces.
> First NIC has our private IP address, also default gateway and DNS
> entered in.
> Second NIC (for outside access) has only public IP and subnet mask
> configured. Default gateway and DNS are left blank.
> The problem is, that I can't connect to a VPN server from outside,
> but if I add default gateway on a second (public) NIC VPN connection
> works. Strange, because all documentation regarding VPN on Win2003
> says that default gateway must be left blank?
> Am I doing something wrong or what? If I leave default gateway on a
> second NIC, can this cause some kind of security problem or is it
> allright?
> Thanks
> Regards
> Miha
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.general,microsoft.public.win2000.ras_routing (More info?)

Hi

The situation is

internet
|
router 213.157.224.200
|
public NIC 213.157.224.250 dg 213.157.224.200
RRAS
|
private NIC 10.10.10.8 dg 10.10.10.1 (this is dg on our internal router)
|
clients 10.10.62.x dg 10.10.10.1

As I see from your scheme, default gateway on private NIC must be set to
blank, and default gateway on public NIC must be set to router's IP? Am I
right?
Thanks
Regards
Miha



"Bill Grant" <not.available@online> wrote in message
news:eHDhH8SgFHA.3124@TK2MSFTNGP12.phx.gbl...
> You obviously have an odd setup. The remote client should not see the
> private interface of the RRAS server. Does the server have a public IP? Is
> it behind a router? Could you give us a simple diagram of your setup with
> IP addresses. eg
>
> Internet
> |
> router?
> |
> public IP? default gateway?
> RRAS
> 192.168.0.1 dg blank
> |
> clients
> 192.168.0.x dg 192.168.0.1
>
> Miha wrote:
>> Hi
>>
>> We just configured a RRAS VPN server on Win2003 Standard (using
>> default wizard settings) for 2 etherfaces.
>> First NIC has our private IP address, also default gateway and DNS
>> entered in.
>> Second NIC (for outside access) has only public IP and subnet mask
>> configured. Default gateway and DNS are left blank.
>> The problem is, that I can't connect to a VPN server from outside,
>> but if I add default gateway on a second (public) NIC VPN connection
>> works. Strange, because all documentation regarding VPN on Win2003
>> says that default gateway must be left blank?
>> Am I doing something wrong or what? If I leave default gateway on a
>> second NIC, can this cause some kind of security problem or is it
>> allright?
>> Thanks
>> Regards
>> Miha
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.general,microsoft.public.win2000.ras_routing (More info?)

OK. That confirms my theory. If you need to add the default gateway to
the internal interface to connect, the client is coming in from your router
at 10.10.10.1 , not from the Internet router at 213.157.224.200 . Where is
the client? What name/IP address is the client using for the VPN server?

Miha wrote:
> Hi
>
> The situation is
>
> internet
> |
> router 213.157.224.200
> |
> public NIC 213.157.224.250 dg 213.157.224.200
> RRAS
> |
> private NIC 10.10.10.8 dg 10.10.10.1 (this is dg on our internal
> router) |
> clients 10.10.62.x dg 10.10.10.1
>
> As I see from your scheme, default gateway on private NIC must be set
> to blank, and default gateway on public NIC must be set to router's
> IP? Am I right?
> Thanks
> Regards
> Miha
>
>
>
> "Bill Grant" <not.available@online> wrote in message
> news:eHDhH8SgFHA.3124@TK2MSFTNGP12.phx.gbl...
>> You obviously have an odd setup. The remote client should not see
>> the private interface of the RRAS server. Does the server have a
>> public IP? Is it behind a router? Could you give us a simple diagram
>> of your setup with IP addresses. eg
>>
>> Internet
>> |
>> router?
>> |
>> public IP? default gateway?
>> RRAS
>> 192.168.0.1 dg blank
>> |
>> clients
>> 192.168.0.x dg 192.168.0.1
>>
>> Miha wrote:
>>> Hi
>>>
>>> We just configured a RRAS VPN server on Win2003 Standard (using
>>> default wizard settings) for 2 etherfaces.
>>> First NIC has our private IP address, also default gateway and DNS
>>> entered in.
>>> Second NIC (for outside access) has only public IP and subnet mask
>>> configured. Default gateway and DNS are left blank.
>>> The problem is, that I can't connect to a VPN server from outside,
>>> but if I add default gateway on a second (public) NIC VPN connection
>>> works. Strange, because all documentation regarding VPN on Win2003
>>> says that default gateway must be left blank?
>>> Am I doing something wrong or what? If I leave default gateway on a
>>> second NIC, can this cause some kind of security problem or is it
>>> allright?
>>> Thanks
>>> Regards
>>> Miha
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.general,microsoft.public.win2000.ras_routing (More info?)

Hi
Clients are coming from outside, connected directly to public IP of VPN
server 213.157.224.250
I'm just wondering if I need to add a default gateway on internal NIC?

"Bill Grant" <not.available@online> wrote in message
news:%23v4vETTgFHA.2444@tk2msftngp13.phx.gbl...
> OK. That confirms my theory. If you need to add the default gateway to
> the internal interface to connect, the client is coming in from your
> router at 10.10.10.1 , not from the Internet router at 213.157.224.200 .
> Where is the client? What name/IP address is the client using for the VPN
> server?
>
> Miha wrote:
>> Hi
>>
>> The situation is
>>
>> internet
>> |
>> router 213.157.224.200
>> |
>> public NIC 213.157.224.250 dg 213.157.224.200
>> RRAS
>> |
>> private NIC 10.10.10.8 dg 10.10.10.1 (this is dg on our internal
>> router) |
>> clients 10.10.62.x dg 10.10.10.1
>>
>> As I see from your scheme, default gateway on private NIC must be set
>> to blank, and default gateway on public NIC must be set to router's
>> IP? Am I right?
>> Thanks
>> Regards
>> Miha
>>
>>
>>
>> "Bill Grant" <not.available@online> wrote in message
>> news:eHDhH8SgFHA.3124@TK2MSFTNGP12.phx.gbl...
>>> You obviously have an odd setup. The remote client should not see
>>> the private interface of the RRAS server. Does the server have a
>>> public IP? Is it behind a router? Could you give us a simple diagram
>>> of your setup with IP addresses. eg
>>>
>>> Internet
>>> |
>>> router?
>>> |
>>> public IP? default gateway?
>>> RRAS
>>> 192.168.0.1 dg blank
>>> |
>>> clients
>>> 192.168.0.x dg 192.168.0.1
>>>
>>> Miha wrote:
>>>> Hi
>>>>
>>>> We just configured a RRAS VPN server on Win2003 Standard (using
>>>> default wizard settings) for 2 etherfaces.
>>>> First NIC has our private IP address, also default gateway and DNS
>>>> entered in.
>>>> Second NIC (for outside access) has only public IP and subnet mask
>>>> configured. Default gateway and DNS are left blank.
>>>> The problem is, that I can't connect to a VPN server from outside,
>>>> but if I add default gateway on a second (public) NIC VPN connection
>>>> works. Strange, because all documentation regarding VPN on Win2003
>>>> says that default gateway must be left blank?
>>>> Am I doing something wrong or what? If I leave default gateway on a
>>>> second NIC, can this cause some kind of security problem or is it
>>>> allright?
>>>> Thanks
>>>> Regards
>>>> Miha
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.general,microsoft.public.win2000.ras_routing (More info?)

The reason for the recommendation to not have a default gateway on the
internal NIC is soundly based. It can often prevent the LAN clients from
accessing the Internet, because traffic goes to the wrong gateway.

A machine can only have one active default gateway. Even if you specify
one for each NIC, only one will be used.

What exactly are you trying to achieve? Having two gateways complicates
the routing. What do your LAN machines use as a default gateway? What is on
the other side of the router at 10.10.10.1 ?

Miha wrote:
> Hi
> Clients are coming from outside, connected directly to public IP of
> VPN server 213.157.224.250
> I'm just wondering if I need to add a default gateway on internal NIC?
>
> "Bill Grant" <not.available@online> wrote in message
> news:%23v4vETTgFHA.2444@tk2msftngp13.phx.gbl...
>> OK. That confirms my theory. If you need to add the default
>> gateway to the internal interface to connect, the client is coming
>> in from your router at 10.10.10.1 , not from the Internet router at
>> 213.157.224.200 . Where is the client? What name/IP address is the
>> client using for the VPN server?
>>
>> Miha wrote:
>>> Hi
>>>
>>> The situation is
>>>
>>> internet
>>> |
>>> router 213.157.224.200
>>> |
>>> public NIC 213.157.224.250 dg 213.157.224.200
>>> RRAS
>>> |
>>> private NIC 10.10.10.8 dg 10.10.10.1 (this is dg on our internal
>>> router) |
>>> clients 10.10.62.x dg 10.10.10.1
>>>
>>> As I see from your scheme, default gateway on private NIC must be
>>> set to blank, and default gateway on public NIC must be set to
>>> router's IP? Am I right?
>>> Thanks
>>> Regards
>>> Miha
>>>
>>>
>>>
>>> "Bill Grant" <not.available@online> wrote in message
>>> news:eHDhH8SgFHA.3124@TK2MSFTNGP12.phx.gbl...
>>>> You obviously have an odd setup. The remote client should not
>>>> see the private interface of the RRAS server. Does the server have
>>>> a public IP? Is it behind a router? Could you give us a simple
>>>> diagram of your setup with IP addresses. eg
>>>>
>>>> Internet
>>>> |
>>>> router?
>>>> |
>>>> public IP? default gateway?
>>>> RRAS
>>>> 192.168.0.1 dg blank
>>>> |
>>>> clients
>>>> 192.168.0.x dg 192.168.0.1
>>>>
>>>> Miha wrote:
>>>>> Hi
>>>>>
>>>>> We just configured a RRAS VPN server on Win2003 Standard (using
>>>>> default wizard settings) for 2 etherfaces.
>>>>> First NIC has our private IP address, also default gateway and DNS
>>>>> entered in.
>>>>> Second NIC (for outside access) has only public IP and subnet mask
>>>>> configured. Default gateway and DNS are left blank.
>>>>> The problem is, that I can't connect to a VPN server from outside,
>>>>> but if I add default gateway on a second (public) NIC VPN
>>>>> connection works. Strange, because all documentation regarding
>>>>> VPN on Win2003 says that default gateway must be left blank?
>>>>> Am I doing something wrong or what? If I leave default gateway on
>>>>> a second NIC, can this cause some kind of security problem or is
>>>>> it allright?
>>>>> Thanks
>>>>> Regards
>>>>> Miha
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom