General discussion

Locked

VPN Scenario

By johnnow ·
I have set up VPN with NT 4.0 SP6A, RRAS. I am able to get in with my laptops; however, I need to do the following:

1. Allow employees the same access to the network remotely and locally.
2. Allow clients access only to one server on the network. Yet not see the resources of the entire network.

Current Config: (All servers are NT4 SP6a

1. VPN server with IP addr 216.171.A.D using win nt user validation. Hands out IP addresses 192.168.B.2-192.168.B.253
2. DNS/Wins server with IP addr216.171.A.B
3. PDC server with IP addr 216.171.A.A
4. Terminal server with IP addr 192.168.A.A
5. SNA server with IP addr 192.168.A.C (Clients only) Also for employees

On the terminal server I need to set up network printers attached to laptops whose ip address will change because of the addresses handed out from a IP pool on the VPN

Need more details: E-mail johnnow@hotmail.com

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

VPN Scenario

by Slora In reply to VPN Scenario

See "http://support.microsoft.com/support/kb/articles/Q102/4/69.asp" for using NET CONFIG SERVER to hide network resources. You may or may not want to use this.

Do not point the laptops at your WINS server, or at your DNS if you are using DNS forinternal as well as external name resolution. Instead, use an LMHOSTS file on your clients that points to the PDC and to the terminal server. You may choose to use an #INCLUDE statement in your LMHOSTS so that you can make tweaks to their name resolution later.

You may want to hide Network Neighborhood entirely and prevent drive mapping. See "http://support.microsoft.com/support/kb/articles/Q156/6/98.asp"

On the terminal server, create printers that are on Local Ports directed at each laptop via UNC, not IP address.

If the laptops are running NT, then add the printer share name to the NullSessionShares registry entry on the laptops so that you don't get "Access Denied" errors when printing from the terminal server session.

Collapse -

VPN Scenario

by johnnow In reply to VPN Scenario

Poster rated this answer

Collapse -

VPN Scenario

by johnnow In reply to VPN Scenario

Poster rated this answer

Collapse -

VPN Scenario

by bill.parks In reply to VPN Scenario

RAS clients will get their gateway, DNS and WINS info from the RRAS server. Whatever it has defined, it will pass to them. Most DHCP settings do not traverse the RRAS, since it thinks it's capable of handing out that specific info itself. You will have to set up some sort of routing mechanism since it appears from your text that your are using classless addressing. 192.168.x.x classful is a C address. 1) RRAS does not use classless addressing, so your remote users (in other subnets) will not beable to operate. In a nutshell, without further routing RRAS, you will only stay on the local subnet. If I am reading your post correctly, the only servers you can touch Dialed-In are the Terminal Server and the SNA server.2) There is a variety of options there, ACL's, subnets, hiding NETBIOS names, or disabling the ability to browse. Which one do you want to use???

Collapse -

VPN Scenario

by johnnow In reply to VPN Scenario

Poster rated this answer

Collapse -

VPN Scenario

by johnnow In reply to VPN Scenario

Poster rated this answer

Collapse -

VPN Scenario

by johnnow In reply to VPN Scenario

This question was closed by the author

Back to Windows Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums