Hi,
I'm having some trouble setting up NAT for TelkomVPN lite...
We have the Telkom VPN service, the incoming IP from the VPN router to the server is 10.0.3.2, however, the internal IP range is 192.168.1.0/24.
How do I set up the server so that the External Network (IP: 10.0.3.100) will forward all data to the Internal Network?
I've followed a lot of walkthroughs on the net and have googled my fingers sore, but can't find anything that helps.
Basically, if this is set up correctly, will I be able to ping the VPN router (10.0.3.2) from any IP on the internal network?
Windows Server 2003 NAT Setup
Windows Server 2003 NAT Setup
Last edited by Anakha56 on 24 May 2010, 16:16, edited 1 time in total.
Reason: All caps titles not allowed! My eyes hurt...
Reason: All caps titles not allowed! My eyes hurt...
Re: Windows Server 2003 NAT Setup
Ok, let me rephrase the question:
As you can see, what I want to do is:
At Site 2
The VPN Router has an IP adress of 10.0.3.2 and connects to a windows 2003 server on 1 of it's network cards (10.0.3.100)
The secondary network card has an IP of 192.168.1.1
The rest of the network is connected to the secondary network and all PCs use the 192.168.1.0/24 ip range
What I want to do is make the 10.0.3.0/24 IP range part of this network so that all PCs that's connected on the 10.0.3.0/24 IP range will be able to see the PC's on the 192.168.1.0/24 ip range and vice versa...
Currenly the server can ping the VPN router and the internal network, but a pc on the internet network cannot ping the vpn router
Is this possible?
As you can see, what I want to do is:
At Site 2
The VPN Router has an IP adress of 10.0.3.2 and connects to a windows 2003 server on 1 of it's network cards (10.0.3.100)
The secondary network card has an IP of 192.168.1.1
The rest of the network is connected to the secondary network and all PCs use the 192.168.1.0/24 ip range
What I want to do is make the 10.0.3.0/24 IP range part of this network so that all PCs that's connected on the 10.0.3.0/24 IP range will be able to see the PC's on the 192.168.1.0/24 ip range and vice versa...
Currenly the server can ping the VPN router and the internal network, but a pc on the internet network cannot ping the vpn router
Is this possible?
-
rustypup
- Registered User
- Posts: 8872
- Joined: 13 Dec 2004, 02:00
- Location: nullus pixius demonica
- Contact:
Re: Windows Server 2003 NAT Setup
i believe you haven't received an answer because one of the primary steps in setting up routing on a windows box is to identify the NIC, the network and the DHCP agent you'll use to manage auths...
ie, you've started off hinky and very few people would voluntarily sit here and guess as to what it is you've done...
so, to rephrase a silly question, have you installed and configured RRAS?
<edit>there are literally thousands of examples out there ...
ie, you've started off hinky and very few people would voluntarily sit here and guess as to what it is you've done...
so, to rephrase a silly question, have you installed and configured RRAS?
<edit>there are literally thousands of examples out there ...
Most people would sooner die than think; in fact, they do so - Bertrand Russel
Re: Windows Server 2003 NAT Setup
Yes I've done that, I've followed numerous tutorials and walkthroughs, NAT is set up on the server, but for some reason it doesn't work.
I know the Gateway should be the VPN router, but with this setup I can't make the router the gateway, since another router is used for internet connections.
DHCP is set up and 50 adresses are ready to be assigned to VPN clients,
In routing and remote access, under IP routing, NAT/Basic Firewall, the 2 ethernet cards are added with the VPN card being the public interface and the internal one being the private interface
In the VPN Connection properties, under services and ports, VPN gateway (both PPTP and L2TP) is set up to forward ports 1723 to 192.168.1.6 (private network adress)
But still, something is missing, under static routes nothing is assigned, but even if I do set it up, it still doesn't work...
Could it be that the server "MUST" be a domain controller in order for this to work? Cause I'm trying to do this without haveing to put all the computers in this network on a domain
I know the Gateway should be the VPN router, but with this setup I can't make the router the gateway, since another router is used for internet connections.
DHCP is set up and 50 adresses are ready to be assigned to VPN clients,
In routing and remote access, under IP routing, NAT/Basic Firewall, the 2 ethernet cards are added with the VPN card being the public interface and the internal one being the private interface
In the VPN Connection properties, under services and ports, VPN gateway (both PPTP and L2TP) is set up to forward ports 1723 to 192.168.1.6 (private network adress)
But still, something is missing, under static routes nothing is assigned, but even if I do set it up, it still doesn't work...
Could it be that the server "MUST" be a domain controller in order for this to work? Cause I'm trying to do this without haveing to put all the computers in this network on a domain
Re: Windows Server 2003 NAT Setup
By the looks of it you have 2 internet lines ?
One used for internet and mail and stuff then you have an internet line dedicated to VPN ?
If that is the case Winsows servers has never been good with 2 gateways.
Even if you have 2 nics.
I had a similair problem we have a Diginet line and adsl.
So for some users with 3G they had to be able to connect to Softlines ESS self help leave webfront end.
And i used Open VPN and realised Server 2003 doent like 2 gateways traffic would come in on the ADSL and server 2003 would then send the traffic out on the diginet line.
or it would work for a few hours and then stop until i disable and enable the nics again.
I eventually added routes on the server 2003 machine.
Also what i dont understand is why do you call it a VPN router ? and using it combined with RRAS ?The VPN router should automatically make site 1 part of site2
like it was connected in the same building ?
One used for internet and mail and stuff then you have an internet line dedicated to VPN ?
If that is the case Winsows servers has never been good with 2 gateways.
Even if you have 2 nics.
I had a similair problem we have a Diginet line and adsl.
So for some users with 3G they had to be able to connect to Softlines ESS self help leave webfront end.
And i used Open VPN and realised Server 2003 doent like 2 gateways traffic would come in on the ADSL and server 2003 would then send the traffic out on the diginet line.
or it would work for a few hours and then stop until i disable and enable the nics again.
I eventually added routes on the server 2003 machine.
Also what i dont understand is why do you call it a VPN router ? and using it combined with RRAS ?The VPN router should automatically make site 1 part of site2
like it was connected in the same building ?
_̴ı̴̴̡̡̡ ̡͌l̡̡̡ ̡͌l̡*̡̡ ̴̡ı̴̴̡ ̡̡͡|̲̲̲͡͡͡ ̲▫̲͡ ̲̲̲͡͡π̲̲͡͡ ̲̲͡▫̲̲͡͡ ̲|̡̡̡ ̡ ̴̡ı̴̡̡ ̡͌l̡̡̡
Re: Windows Server 2003 NAT Setup
Thank you for your reply.
Well, it's not a "vpn" router, it's just a normal router on a dedicated adsl line with telkom's vpn lite package.
Yes, the vpn lite service automatically joins the two offices, but gives my office the ip range of 10.0.2.0/24 and the other the 10.0.3.0/24 range. Problem is, I now have to convert the 10.0.2.0/24 network to our internal 192.168.1.0/24. I've set it up in linux, but not sure if it's working, still waiting for the other site to come online so that I can test it.
Well, it's not a "vpn" router, it's just a normal router on a dedicated adsl line with telkom's vpn lite package.
Yes, the vpn lite service automatically joins the two offices, but gives my office the ip range of 10.0.2.0/24 and the other the 10.0.3.0/24 range. Problem is, I now have to convert the 10.0.2.0/24 network to our internal 192.168.1.0/24. I've set it up in linux, but not sure if it's working, still waiting for the other site to come online so that I can test it.