General discussion


VPN Access to Windows 2000 LAN

By amw2003 ·
I have a W2K server driving a small LAN (4 PCs). The server has 2 NICs installed; NIC 1 is plugged into a DSL modem/router with 4-port switch for internet access. The DSL modem/router has a DHCP server built in and provides NIC 1 with an IP address ( NIC 2 is configured with a static IP address ( and is connected to an 8-port switch. The other PCs on the LAN are connected to the 8-port switch, and get their IP addresses from the DHCP server running on the W2K server. The DSL modem is also plugged into the 8-port switch so that the rest of the LAN can access the internet.The DSL modem also has NAT running, but I find that the other PCs on the LAN cannot access the internet unless I also install NAT through the W2K RRAS.

I need to be able to access the W2K server and LAN, so I want to set up a VPN connection. I've set up the W2K server for VPN, but I am unable to make a connection. The VPN client runs Windows XP.

Can someone help me with this?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by ctmoore1998 In reply to VPN Access to Windows 200 ...

You shouldn't need two NIC in the server, even if you aren't running AD. your network is small enough to run everything static. I always use a stand IP whether static or DHCP .1-.30 is reserved for servers and .200-254 is reserved for printers and other network peripherals ie routers. Ideally you would have the DNS configured on the 2000 server, but I suspect that you don't and that you aren't running AD on server either. That means that hopefully your router supports a VPN connection. So set the internal IP of router to Disable 1 interface on the server and set the other to (set all default gw to the router Since DNS isn't config on server each workstation needs IP DNS addresses for the ISP's DNS servers. Next you need to configure the VPN on the DSL if it doesn't support a VPN connection then things are a lot more difficult. hopefully it does and then you just get a similar router for the other end of the VPN and configure the VPN between the 2 routers. NOTE that the distant end network can't be network as that is your host network and the VPN will get confused. IF you use a PC based VPN client to connect to your VPN likewise it can't have a address on a active interface. Once your VPN connection is established all traffic should pass you should be able to access any network shares that you make avail. providing the remote logs onto the domain if you have one. Hope this helps as I really don't know how your 2000 server is configured. Just remember about the IP addresses and VPN if you go router to router then the remote device needs a address if you go via a vpn client then you can't have a address assigned as it will have to get a virtual IP of assigned by the VPN server ( Intrusion PDS firewall/router is a excellent SOHO solution for VPNing (cost about $1000) each.

Collapse -

by Tictag In reply to VPN Access to Windows 200 ...

1. You have the server DHCP configured to assign itself as the default gateway to clients
2. You want to access the server using a TCP/IP connection originating from the Internet.

The clients are configured with the server ( as their default gateway by server DHCP i.e. all client requests not on the clients subnet are sent to the server NOT to the DSL modem. This is why the clients only have Internet access when you enable NAT on the server.
--Workaround: Disable DSL modem DHCP, configure server DHCP to assign the DSL LAN interface as the default gateway for all DHCP clients.

VPN connections can not be made if either VPN end point is behind a NAT device (DSL Router) unless the NAT device supports VPN pass through. Check your device specifications.

Note: Make sure the Remote Access Server setting in RRAS is checked.
Note: For L2TP/IPSec VPNs you will need mutually trusted certificates.

Servers should as a rule never have DHCP assigned addresses and in addition I can not see a genuine reason for multiple network addresses behind your DSL modem.

Either use the server as a server with VPN RAS, NAT, DNS and DHCP and the DSL modem as simply a remote interface to the Internet OR host all the services on the DSL modem, connect it to the uplink port of the switch and plug all clients (including the server) into the switch. Other configurations are superfluous, difficult to troubleshoot and often simply don?t work.


Related Discussions

Related Forums