locked
Windows VPN - Server 2003 - 2 NICs RRS feed

  • Question

  • We have a Windows Server 2003 with 2 NICS - which of both have their own internet line and have a modem/router.  The server runs a website application and a VPN (PPTP through RRAS)

    The primary NIC (Local IP 192.168.70.5 Gateway/Router IP: 192.168.70.1) is connected to the LAN and connects the VPN.

    The secondary NIC - (just added) is connected directly to it's own router, used for public access to the hosted website.  - Local IP: 192.168.80.5 router IP: 192.168.80.1

    the primary NIC works fine, but when the secondary NIC is enabled the VPN - PPTP drops out.  I believe it is related to only being able to have one gateway IP address.   does anybody know a work round so the VPN will work on the primary line, but also the website will be able to run on the secondary line.  I think you have to create a 'static route', does anybody know how you can do this so the website is accessible via pulic connections?

    Any suggestions will be very very much appreciated, as this is causing me some grief!

    Thanks in advance,

    Fred

    Thursday, April 26, 2012 2:10 PM

Answers

  • I'm not fully following what you mean by 2003 allowing multiple gateways and not 2008, so based on what you're saying or what I believe you're implying, is that any machine, whether it's any Windows server version, Linux, Unix, Cisco or any othe routers, can pnly have one "default" gateway, not two. However, you can implement multiple static routes to other subnets the default gateway is not defined to get to.

     

    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Monday, April 30, 2012 6:16 PM

All replies

  • Have you checked this article?


    MCTS - Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. http://mariusene.wordpress.com/

    Thursday, April 26, 2012 10:17 PM
  • Based on your description, and without ipconfigs from the server and a connected VPN client, my first thought is you haven't enabled NAT on the server.

    How to install and configure a Virtual Private Network server in ...You can configure the VPN server to use either Windows Server 2003 or Remote ...
    http://support.microsoft.com/kb/323441

    Virtual Private Networks - Configure and deploy VPN connections to client computers that are ready to ...
    http://technet.microsoft.com/en-us/network/bb545442

    .

    How to configure Network Address Translation in Windows Server 2003
    http://support.microsoft.com/kb/816581

    NAT in Windows 2003: Setup and Configuration
    http://www.windowsnetworking.com/articles_tutorials/NAT_Windows_2003_Setup_Configuration.html

    Technet Thread: "Internet Access through VPN server - need help please" 6/28/2010
    http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/8db49948-1962-408b-9996-4a9584b3500d/

    .


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Saturday, April 28, 2012 6:02 PM
  • Hi Fred,

    Thanks for posting here.

    Which addresses do we assign to incoming VPN sessions?  Please make sure do NOT to use address space “192.168.80.0/24”.

    Meanwhile, a simple way to correct that is rerun the RRAS setup wizard and select the correct interface (192.168.70.5) which one we want it to accept and handle incoming VPN requests during it:

    Checklist: Installing and Configuring an RRAS VPN Server

    http://technet.microsoft.com/en-us/library/dd469733(WS.10).aspx

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    Monday, April 30, 2012 7:13 AM
  • Thanks for the posts guys.  So far the only way I've got it working is by leaving the primary network as is, with a gateway IP being the primary router, then removing the gateway from the secondary NIC and creating static routes to the external users so they can access the website, even though this is not ideal it works.. just wish there was a way of having public access through the secondary NIC - but I believe this isn't possible in Windows 2003 as you can only have 1 gateway, if anyone has found a way to do this another way, please let me know.

    Cheers.

    Fred

    Monday, April 30, 2012 8:18 AM
  • I'm not fully following what you mean by 2003 allowing multiple gateways and not 2008, so based on what you're saying or what I believe you're implying, is that any machine, whether it's any Windows server version, Linux, Unix, Cisco or any othe routers, can pnly have one "default" gateway, not two. However, you can implement multiple static routes to other subnets the default gateway is not defined to get to.

     

    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Monday, April 30, 2012 6:16 PM