none
RRAS VPN&IPSec tunnel forwarding

    Question

  • Hi!

    The server is running RRAS VPN (SSL) for remote clients (10.0.0.X) and have persistent IPSec tunnel over Internet to our private network (192.168.X.X).

    Os Windows Server 2008 R2 Standard, 2 public NIC, default gateway is on VPN side.

    The question is how to forward RDP from remote clients to private network. I'm trying RRAS NAT, but with no success...

    I'm really new in the subject, so sorry if something wrong with the question.

    Thank in advance!

    Thursday, April 12, 2012 10:04 AM

Answers

All replies

  • Hi wellvna,

    Thanks for posting here.

    > The question is how to forward RDP from remote clients to private network. I'm trying RRAS NAT, but with no success...

    Please correct me if I am wrong , so we have created VPN tunnel to internal network form remote VPN clients over internet , by default they can just access internal network in any protocol with no problem if we were not set any packet filer on RRAS.  And could you check the routing entries on RRAS?

    Cannot reach beyond the RRAS server from VPN clients?

    http://blogs.technet.com/b/rrasblog/archive/2006/02/09/cannot-reach-beyond-the-rras-server-from-vpn-clients.aspx

    RRAS static packet filters - do's and don'ts

    http://blogs.technet.com/b/rrasblog/archive/2006/06/14/rras-static-packet-filters-do-s-and-don-ts.aspx

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    • Marked as answer by Tiger Li Wednesday, April 18, 2012 2:38 AM
    Friday, April 13, 2012 6:37 AM
  • Hi Tiger and thank you for your answer!

    Right now the situation looks really strange...

    Config is as following - SSTP VPN client (in cmd route add 192.168.X.X mask ... 10.0.0.1 ) --> Internal RRAS interface (NAT private, ip 10.0.0.1) --> Static route to 192.168.X.X --> Remote Router (NAT public interface) via IPSec tunnel

    No packet filter, no policies.

    When I'm connecting for the first time is it ok and works, but after client disconnect/reconnect additional static rout suddenly appers and the system fails :(

    If the client get from the pool ip 10.0.0.2 IP routing table is 

    Destination      Mask  Gateway Interface  Protocol

    192.168.x.x 255.255.0.0 10.0.0.2 The following name is unavailable: index 22 Static ( non demand-dial)




    • Edited by wellyna Tuesday, May 22, 2012 1:13 PM
    Tuesday, May 22, 2012 1:11 PM