Questions

VPN setup behind a NAT router

Tags:
+
0 Votes
Locked

VPN setup behind a NAT router

ychang
I want to set up a VPN server on a current Windows 2003 server with only one NIC installed. The LinkSys DSL router is programmed as a DHCP server for all local machines and act as a NAT. There is a VPN set up option inside the router but I don't know what's the relationship between VPN server and this router. Can anyone tell me how to set up this VPN server and router to allow remote VPN connection? Thanks
  • +
    0 Votes

    NAT

    faradhi

    In the absence of knowing which router you are using, all we can do is explain NAT.

    NAT allows the router to convert an external address to an internal address. In this case, the external VPN peer will create a connection to the router's external address. The Router will take that traffic and divert it to the internal VPN server. The internal server send traffic to the external peer's address. However when the packets pass through the router, the router will change source address in the packets to make them appear that they came from the router's external address. This way the external peer has no knowledge of the internal peer's address.

    I hope this helps. If you need exact settings, I suggest that you post the make and model of the router you are using and someone might be able to give you specifics on how to set up the NAT correctly.

    +
    0 Votes
    ychang

    I am using LinkSys model-BEFSX41

    +
    0 Votes
    CG IT

    there's 2 ways to do this with a consumer level router.

    A. enable PPTP pass through the firewall on the router. Forward TCP/IP port 1723 and GRE port 47 to the server.

    B. enable the DMZ port [port 4 on the router] and connect the server to the DMZ port. Ensure that you have a firewall on the Server. create rules on the server firewall to allow TCP/IP port 1723 and GRE port 47 into the server. Configure RRAS on the server with a pool of addresses for remote clients. Configure authentication rules in RRAS.

  • +
    0 Votes

    NAT

    faradhi

    In the absence of knowing which router you are using, all we can do is explain NAT.

    NAT allows the router to convert an external address to an internal address. In this case, the external VPN peer will create a connection to the router's external address. The Router will take that traffic and divert it to the internal VPN server. The internal server send traffic to the external peer's address. However when the packets pass through the router, the router will change source address in the packets to make them appear that they came from the router's external address. This way the external peer has no knowledge of the internal peer's address.

    I hope this helps. If you need exact settings, I suggest that you post the make and model of the router you are using and someone might be able to give you specifics on how to set up the NAT correctly.

    +
    0 Votes
    ychang

    I am using LinkSys model-BEFSX41

    +
    0 Votes
    CG IT

    there's 2 ways to do this with a consumer level router.

    A. enable PPTP pass through the firewall on the router. Forward TCP/IP port 1723 and GRE port 47 to the server.

    B. enable the DMZ port [port 4 on the router] and connect the server to the DMZ port. Ensure that you have a firewall on the Server. create rules on the server firewall to allow TCP/IP port 1723 and GRE port 47 into the server. Configure RRAS on the server with a pool of addresses for remote clients. Configure authentication rules in RRAS.