Question

Locked

VPN Server with one NIC

By tunkmaster ·
Hi,

I know this question has already been asked but I just cannot seem to get it working.

I have been trying to setup a VPN server with Windows Server 2003 with one Network Card.

I currently have a local LAN network that is connected to a Standard Modem Netgear Router that is on a subnet of 192.168.0.x. The problem I seem to having is that I need the VPN client IP address assignment to be on a different subnet then of the internal LAN.

I assigned a static pool with a different subnet in the RRAS console but now I cannot seem to access the LAN from the VPN client remotely. I have tired playing around with static routes and other settings but i cannot seem to work out what the problem. If i assign the same subnet of the internal LAN it works nicely.

Please if anyone could point any points that I seem to be missing would be great??

Thank You

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

By default, most VPN devices will not do split tunneling

by robo_dev In reply to VPN Server with one NIC

Split Tunneling is a security risk, since an alternate route could be used for a covert channel, which would compromise the security of the VPN somewhat.

Do a google search on "Windows VPN split tunneling"

Perhaps this link:
http://technet.microsoft.com/en-us/network/bb545655.aspx

Collapse -

Thank You

by tunkmaster In reply to By default, most VPN devi ...

Hi, Thank you for the quick response!!

The security risk was not my issue i knew how to deal with and I knew the risks involved. However, the terminology of searching Google "Windows VPN split tunneling" lead me to what I needed and solve my issues.

First I came across this long article:
http://www.isaserver.org/tutorials/VPN_Client_Security_Issues.html

It explains how to deal with split tunneling and it explains it very detailed.

The problem I was having is with I needed VPN to be able to access another server with a different subnet of that server. The tutorial explains how to deal with in the following paragraph but i did not understand:

"Configure Routing Infrastructure to Support Off-Subnet Addresses

If you do configure the ISA/VPN server to assign off subnet addresses, you must make sure that your routing infrastructure is set so that the off subnet network ID is reachable for all internal network clients (or at least those you wish the VPN clients to connect to). This means adding routing table entries on your network routers that point to the internal interface of the ISA/VPN server for the off subnet network ID. You can add these manually, or have a routing protocol such as RIP or OSPF do the heavy lifting."

I did not know what needed to be done or how to do it. I tried playing around with the routing table but the was no success so I must have missed something. So I carried on searching google.

I then came across another forum ( http://www.winvistatips.com/dns-and-split-tunneling-vpn-t723755.html ) who wanted a similar and suggested adding another static ip address to the NIC of the server you want to access to use the same subnet of the VPN. And then adding a host record in the DNS server to point to the VPN Subnet. You can add the ip to any NIC on the internal LAN that you want to be able to access through the VPN .

After wards you can use Remote Access Policies to control the security from the VPN clients as mentioned in the tutorial above.

THANK YOU FOR YOUR TIME! AND RESPONDING!!

Collapse -

awful lot of complexity when using 2 nics makes it simple

by CG IT In reply to Thank You

that's just me. I like simplicity cause it's easier to fix when whomever created the configuration doesn't document what they did.

Collapse -

I Know

by tunkmaster In reply to awful lot of complexity w ...

Your telling me!!!

Unfortunately I had to just one nic a second one would have been a last resort. I have done two nic i know its allot simpler

Though thanks for your concers

Back to Networks Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums