none
RRAS VPN&IPSec tunnel forwarding

    שאלה

  • Hi!

    The server is running RRAS VPN (SSL) for remote clients (10.0.0.X) and have persistent IPSec tunnel over Internet to our private network (192.168.X.X).

    Os Windows Server 2008 R2 Standard, 2 public NIC, default gateway is on VPN side.

    The question is how to forward RDP from remote clients to private network. I'm trying RRAS NAT, but with no success...

    I'm really new in the subject, so sorry if something wrong with the question.

    Thank in advance!

    יום חמישי 12 אפריל 2012 10:04

תשובות

כל התגובות

  • Hi wellvna,

    Thanks for posting here.

    > The question is how to forward RDP from remote clients to private network. I'm trying RRAS NAT, but with no success...

    Please correct me if I am wrong , so we have created VPN tunnel to internal network form remote VPN clients over internet , by default they can just access internal network in any protocol with no problem if we were not set any packet filer on RRAS.  And could you check the routing entries on RRAS?

    Cannot reach beyond the RRAS server from VPN clients?

    http://blogs.technet.com/b/rrasblog/archive/2006/02/09/cannot-reach-beyond-the-rras-server-from-vpn-clients.aspx

    RRAS static packet filters - do's and don'ts

    http://blogs.technet.com/b/rrasblog/archive/2006/06/14/rras-static-packet-filters-do-s-and-don-ts.aspx

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    • סומן כתשובה על-ידי Tiger Li יום רביעי 18 אפריל 2012 02:38
    יום שישי 13 אפריל 2012 06:37
  • Hi Tiger and thank you for your answer!

    Right now the situation looks really strange...

    Config is as following - SSTP VPN client (in cmd route add 192.168.X.X mask ... 10.0.0.1 ) --> Internal RRAS interface (NAT private, ip 10.0.0.1) --> Static route to 192.168.X.X --> Remote Router (NAT public interface) via IPSec tunnel

    No packet filter, no policies.

    When I'm connecting for the first time is it ok and works, but after client disconnect/reconnect additional static rout suddenly appers and the system fails :(

    If the client get from the pool ip 10.0.0.2 IP routing table is 

    Destination      Mask  Gateway Interface  Protocol

    192.168.x.x 255.255.0.0 10.0.0.2 The following name is unavailable: index 22 Static ( non demand-dial)




    • נערך על-ידי wellyna יום שלישי 22 מאי 2012 13:13
    יום שלישי 22 מאי 2012 13:11