VPN Server - 1 NIC vs 2 NIC

P

patrick

Hi,

I have been experimenting with the W2K VPN server. I have a few
questions with regard to using 1 NIC or 2 NIC, and I hope someone can
enlighten me on this topic.

My initaial attempt was to set up the VPN server using 1 NIC. It was
quite successful in the sense that I can have remote VPN clients
logging in and accessing the VPN server with telnet. Both VPN server
and client are able to access Internet. The diagram is as follows:

Internet
|
|
Public IP
ADSL Router
192.168.0.1
|
|
192.168.0.40 (mask=255.255.255.0; dg=192.168.0.1)
W2K VPN Server
Internal Interface = 10.0.0.100

My first question is: Since there is only one NIC, the only machine
that the VPN client can see is the VPN server. Am I correct? Or have I
missed something?

Then, I added another NIC onto the VPN server as follows:

Internet
|
|
Public IP
ADSL Router
192.168.0.1
|
|
(1st NIC) 192.168.0.40 (mask=255.255.255.0; dg=192.168.0.1)
(2nd NIC) 172.31.0.1 (mask=255.255.0.0; dg=blank)
W2K VPN Server
Internal Interface = 10.0.0.100

The 2nd NIC is connected to a switch to form a 2nd LAN with a PC
(172.31.0.3). Here are my problems.
(1) The PC is able to ping 172.31.0.1, 10.0.0.100, and 192.168.0.x, but
it is not able to ping any public IP.
(2) When I connect a VPN client (which receives an IP in the range of
10.0.0.x), it is not able to see the 172.31.0.x network.

I suspected that it is a routing problem, so I tried putting in a
static route (dest=172.31.0.0, mask=255.255.0.0, dg=10.0.0.100) but it
still did not work.

Can someone please give me a pointer as to what I have done wrong?

Many Thanks!

Patrick
 
R

Robert L [MS-MVP]

If the VPN server is behind a router, I would use 1 NIC. With 1 NIC VPN, the VPN client should be able to access the whole network if you enable IP routing.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Hi,

I have been experimenting with the W2K VPN server. I have a few
questions with regard to using 1 NIC or 2 NIC, and I hope someone can
enlighten me on this topic.

My initaial attempt was to set up the VPN server using 1 NIC. It was
quite successful in the sense that I can have remote VPN clients
logging in and accessing the VPN server with telnet. Both VPN server
and client are able to access Internet. The diagram is as follows:

Internet
|
|
Public IP
ADSL Router
192.168.0.1
|
|
192.168.0.40 (mask=255.255.255.0; dg=192.168.0.1)
W2K VPN Server
Internal Interface = 10.0.0.100

My first question is: Since there is only one NIC, the only machine
that the VPN client can see is the VPN server. Am I correct? Or have I
missed something?

Then, I added another NIC onto the VPN server as follows:

Internet
|
|
Public IP
ADSL Router
192.168.0.1
|
|
(1st NIC) 192.168.0.40 (mask=255.255.255.0; dg=192.168.0.1)
(2nd NIC) 172.31.0.1 (mask=255.255.0.0; dg=blank)
W2K VPN Server
Internal Interface = 10.0.0.100

The 2nd NIC is connected to a switch to form a 2nd LAN with a PC
(172.31.0.3). Here are my problems.
(1) The PC is able to ping 172.31.0.1, 10.0.0.100, and 192.168.0.x, but
it is not able to ping any public IP.
(2) When I connect a VPN client (which receives an IP in the range of
10.0.0.x), it is not able to see the 172.31.0.x network.

I suspected that it is a routing problem, so I tried putting in a
static route (dest=172.31.0.0, mask=255.255.0.0, dg=10.0.0.100) but it
still did not work.

Can someone please give me a pointer as to what I have done wrong?

Many Thanks!

Patrick
 
P

patrick

Hi Robert,

Thanks for your reply. I understand what you are saying.

One thing I am also trying to do is to create several subnets behind
the VPN server. Then, I will use the W2K server as a router to direct
specific VPN clients into the corresponding subnets. So, basically I am
trying to use one NIC for one subnet. Is this possible?

Regards,
Patrick
 
R

Robert L [MS-MVP]

I think the issue is how you route to different subnets and it is not how many NICs. For example, if you may have a routing table route traffics to 192.168.1.0/24 using gateway 192.168.1.1 while 192.168.2.0/24 to 192.168.2.1. This VPN routing analysis may help,

Routing Resolution: we must setup VPN to establish the connection between the networks. VPN Routing Analysis. B. VPN Client Routing. Before connecting to the VPN ...
www.chicagotech.net/routing.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Hi Robert,

Thanks for your reply. I understand what you are saying.

One thing I am also trying to do is to create several subnets behind
the VPN server. Then, I will use the W2K server as a router to direct
specific VPN clients into the corresponding subnets. So, basically I am
trying to use one NIC for one subnet. Is this possible?

Regards,
Patrick
 
G

Guest

This is the samething I'm running into. I setup a Windows 2003 Server just
to be a Remote Access VPN server with one network card behind a Linksys Router

==============================================

Internet
|
|
Linksys (wired) router DHCP Server, start addresses at 172.10.8.101
Wan 69.x.x.x
Lan 172.10.8.1 / 255.255.255.0
|
|
W2K3 VPN Server
1 Nic = 172.10.8.10 / 255.255.255.0

Remote Users can connect in through vpn getting an IP of 172.10.8.101. At
this point I can only ping the server by IP, not by netbios name. I also
cannot ping any other device on the network such as the Linksys router which
the IP is 172.10.8.1. I have tried everything. I'm sure missing something.

On the side I tested setting up a Windows XP VPN Server with 1 nic and all
works fine. My router is port fowarding all the appropriate ports to the vpn
server which I know works because I can authenticate I just can't ping by
name to the server. I also can't bing IP or name on to any other devices.
Any ideas?? I have checked all your noted URLs help links and still can't
seem to figure this one out.

==============================================
 
R

Robert L [MS-MVP]

There are two issues here. One is name resolution. it is better to setup WINS for VPN client.

The server doesn't route the VPN client to others. posting the result of the VPN client ipconfig /all and server routing table here may help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
This is the samething I'm running into. I setup a Windows 2003 Server just
to be a Remote Access VPN server with one network card behind a Linksys Router

==============================================

Internet
|
|
Linksys (wired) router DHCP Server, start addresses at 172.10.8.101
Wan 69.x.x.x
Lan 172.10.8.1 / 255.255.255.0
|
|
W2K3 VPN Server
1 Nic = 172.10.8.10 / 255.255.255.0

Remote Users can connect in through vpn getting an IP of 172.10.8.101. At
this point I can only ping the server by IP, not by netbios name. I also
cannot ping any other device on the network such as the Linksys router which
the IP is 172.10.8.1. I have tried everything. I'm sure missing something.

On the side I tested setting up a Windows XP VPN Server with 1 nic and all
works fine. My router is port fowarding all the appropriate ports to the vpn
server which I know works because I can authenticate I just can't ping by
name to the server. I also can't bing IP or name on to any other devices.
Any ideas?? I have checked all your noted URLs help links and still can't
seem to figure this one out.

==============================================
 
G

Guest

Okay, I have fixed the issue. The problem was I had hardcoded the wrong IP
address in the Users profile settings. To solve this I hardcoded a similar
IP that is on my LAN in the users dial-in profile. I can now get to all
resources. The problem is that I don't want to hardcode the IP in the users
dial-in profile settings, but instead use DHCP. Here's the issue. Sometimes
I would get the same IP through vpn which caused issues. My DHCP server is a
Linksys router. Any thoughts on how I can create a vpn dhcp pool?
 
R

Robert L [MS-MVP]

This how to may help,

How to setup a static pool of IP addresses for VPN client Click the Use Static Address Pool radio button and type a beginning and ending range of IP addresses to use for your RAS clients. ...
www.howtonetworking.com/VPN/staticpool.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Okay, I have fixed the issue. The problem was I had hardcoded the wrong IP
address in the Users profile settings. To solve this I hardcoded a similar
IP that is on my LAN in the users dial-in profile. I can now get to all
resources. The problem is that I don't want to hardcode the IP in the users
dial-in profile settings, but instead use DHCP. Here's the issue. Sometimes
I would get the same IP through vpn which caused issues. My DHCP server is a
Linksys router. Any thoughts on how I can create a vpn dhcp pool?
 
G

Guest

Thank you, it worked like a charm.

Robert L said:
This how to may help,

How to setup a static pool of IP addresses for VPN client Click the Use Static Address Pool radio button and type a beginning and ending range of IP addresses to use for your RAS clients. ...
www.howtonetworking.com/VPN/staticpool.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Okay, I have fixed the issue. The problem was I had hardcoded the wrong IP
address in the Users profile settings. To solve this I hardcoded a similar
IP that is on my LAN in the users dial-in profile. I can now get to all
resources. The problem is that I don't want to hardcode the IP in the users
dial-in profile settings, but instead use DHCP. Here's the issue. Sometimes
I would get the same IP through vpn which caused issues. My DHCP server is a
Linksys router. Any thoughts on how I can create a vpn dhcp pool?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top