How to configure rras in a workgroup??

[javiercuellar]

Hi, Hope you can help me. Sorry my bad english.

The network has 1 WinSvr2003 and n WinXp working in workgroup (not
domain).
They connect to a router (gateway).
I think that the rras server must be in the pc that receives(or
control) the internet connection, but in this case that "PC" is the
router!!!!!

If I run the RRAS wizard in the WinSvr2003, will it work????
Any consideration??

Thanks

 

[Robert L [MS-MVP]]

RRAS is one of windows 2003 features. It works great. This how to may help,

How to setup vpn on 2003 as router How to setup VPN and NAT on Windows Server 2003 as a router. Pre-requirement:. 1. Two network interface cards. 2. One static public IP on the outside NIC. ...
www.howtonetworking.com/VPN/2003vpn1.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Hi, Hope you can help me. Sorry my bad english.

The network has 1 WinSvr2003 and n WinXp working in workgroup (not
domain).
They connect to a router (gateway).
I think that the rras server must be in the pc that receives(or
control) the internet connection, but in this case that "PC" is the
router!!!!!

If I run the RRAS wizard in the WinSvr2003, will it work????
Any consideration??

Thanks

 

[Bill Grant]

RRAS can be both a router and a remote access server. If you already
have a router, what do you want RRAS to do? Is the router already doing NAT
for your LAN? Do you want to set up RRAS to allow an incoming VPN
connection?

 

[David Aitchison]

Sorry to hijack this thread, but i am also looking to achieve this.

I have a win2k server on a network and part of a workgroup - i would like to
allow VPN connections in to browse files.

What considerations must i have?

David

 

[Bill Grant]

Setting up RRAS as a VPN server is pretty straight forward. WARNING - Do
NOT use the VPN server option in the RRAS setup wizard in W2k. This makes it
a VPN server only and blocks all non-VPN traffic.

If you are not running AD you authenticate against the server's local
SAM database.How is your LAN connected to the Internet? Does the server have
a direct connection or does it go through a NAT router?

Browsing does not work as it does on the LAN. The WAN link blocks
broadcasts, so you won't see things automatically in Network Places. But you
should be able to see shares on the server using net view \\servername and
map them using net use z: \\servername\filename .

 

[javiercuellar]

Hi Bill.
What I want is to connect to the described network from my home.
Yes, the router is doing NAT for the LAN.
I want RRAS (or anything else) to allow an incoming connection.

The network is:

internet ---> router (NAT) ---> XP pc's and WinSvr2003
All the Pc's (including WS2003) has in TCP/IP properties:

IP Dir. 192.168.0.x
Submask. 255.255.255.0
Gatway: 192.168.0.1 (this is the router IP)

DNS (both) are left in blank.

Thanks


Bill Grant ha escrito:

 

[Bill Grant]

OK. The first thing to do is to configure RRAS on the server to allow a
VPN connection. You can use the RRAS setup wizard for this.

Next up, test that you can make a VPN connection from a workstation on
the LAN. (VPN will work over the LAN connection). This allows you to debug
any setup or authentication problems locally.

When you can connect locally, you need to make some changes on your NAT
device. The remote connection from the Internet has to connect to the public
interface of your router. The router has to be able to extend that
connection to the server on the LAN. This requires forwarding tcp port 1723
to the server's LAN IP for a PPTP connection. The router must also not block
GRE (IP protocol 47). The encrypted VPN data has a GRE header, so no data is
passed (and the connection closes with an error message) if GRE is blocked.

 

[javiercuellar]

Thanks for your super fast and extenden answer. I'll try and let you
know what happend.

By the way. I've already tried to install RRAS (only that part or the
process you mentioned), and the problem was that the server disapeard
from then network. Unistalling RRAS let me ping IP but not name to the
server. The problem was that RRAS put "Disable Netbios over TCP/IP" in
Wins parameter.
Will this problem be solve with the process you mentioned?? Should I
left it disabled netbio ver tcpip?
The server needs 2 nic??

Thanks again

 

[Bill Grant]

NO, you do not need two NICs in the server. The VPN data is received
through the LAN NIC.

RRAS does not change the Netbios over TCP/IP setting. I suspect you
accidently set up packet filters.

 

[javiercuellar]

Hi,

Thanks for your answer. Your comments were really usefull.
One more question.

My home ADSL is 1Mb. The office ADSL is 800Kb. When the conexion is
established it take about 20seconds to show a folder content. Is it
normal??

Thanks


Bill Grant ha escrito:

 

[Guest]

I am sorry to butt in also but I am trying to achieve the same thing. I have
a win2k server in a workgroup. We have a dedicated ip address on the
external connection and a dedicated ip address on the internal. I have set
up ras with the following settings:

Router is checked
Local area network routing only
Remote Access server
Using Windows Authentication and local policies for users connecting.
I have DHCP enabled

On the router I have port forwarding on ports 1723j, 500 and 47 directing
traffic to the servers internal IP address.

I have the users configured to allow dial in access.

I have this same configuration on a domain controller at another site and it
works flawlessly but on this Workgroup network I am unable to connect. Do
you have any ideas on what could be wrong?

Your help is greatly appreciated.
Christine