Got VPN ...but how do I ensure RDP is using it?

[saxguy]

I have a small network that has a Winn2k (SP 4) VPN server and has
RRAS setup to receive VPN clients. The server has only one NIC and
this is connected to an Actiontec DSL gateway that acts as an
all-in-one firewall, DHCP ADSL router (actiontec 1520). The server is
assigned a static address from the Actiontec DHCP pool and also acts
as a file server. The server is only used as a workgroup server so
Active Directory is not involved. The server also has Terminal
Services installed in application mode.

The router is configured to pass ports TCP port 1723 and GRE protocol
port 47. I have also passed port 3389 for RDP.

Before I setup VPN, I could connect using RDP directly over the
internet to the Terminal Server (using the public address of the
gateway) but wanted to use VPN for better security.

I have a Win XP client that uses the built in VPN client to
successfully connect and authenticate. It gets the IP address from the
actiontec dhcp pool (192.168.0.x)

However , the only way I can connect using RDP to the terminal server
is by using the (public) IP address of the gateway, not the private
address of the server . Is this in effect NOT using the VPN
connection?

Should I remove the port forwarding (3389) actiontec? I can't ping the
server from home using the servers assigned 192.168.0.7

I would have thought that once a VPN session is established, you would
then use various services using the *internal, private* IP addressing
of the destination network server.

What do I need to do to ensure I'm using RDP over VPN?

thanks

 

[Jeffrey Randow (MVP)]

If you have the VPN connected, use the private/LAN IP Address for
Remote Desktop, not the public address...

Jeffrey Randow (Windows Networking & Smart Display MVP)
(e-mail address removed)

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

 

[saxguy]

If you have the VPN connected, use the private/LAN IP Address for
Remote Desktop, not the public address...

I'm sorry I thought I was clear on that. That's what I do try but it
times out. Perhaps the firewall is dropping the private address (not
passing ICMP ??) request?

I can connect fine using the public IP as I mentioned but this
circumvents the VPN, correct?

If it is the firewall, what additional ports do I need to open?

 

[saxguy]

If you have the VPN connected, use the private/LAN IP Address for
Remote Desktop, not the public address...

[/QUOTE]

Is it perhaps *my* private IP address is the same as the remote
private address (192.168.0.x)? So that when try and connect to the RDP
server at 192.168.0.7, it only tries my LAN and not the one connected
via the VPN?

thanks to all for something I'm not getting!

 

[RoadRunner]

If your IP class is the same as the VPN your desktop will not route the data
properly it will look for 192.168.0.7 on the local loop not the VPN
connection. Change them, for example client side make it 192.168.1.X class.

 

[saxguy]

If your IP class is the same as the VPN your desktop will not route the data
properly it will look for 192.168.0.7 on the local loop not the VPN
connection. Change them, for example client side make it 192.168.1.X class.

Worked like a charm RoadRunner. Thanks so much!
saxguy

 

[RoadRunner]

Happy to be at service!

class.

Worked like a charm RoadRunner. Thanks so much!
saxguy