I'm not having much luck setting up VPN on Windows 2000 Server at our small
The setup is as follows:
The Firewall is running WinRoute Pro (on Win2KPro) for the firewall software
and is handling NAT and DHCP in addition to firewall. It has two NICs:
Internet NIC = xxx.xxx.xxx.66
LAN NIC = 192.168.12.2
Our Fileserver is running Windows 2000 Server and has one NIC:
LAN NIC = 192.168.12.1
I've got Routing and Remote Access installed and running. It's configured
for PPTP port access (I think).
Now here are the conceptual problems I'm having....
I understand I need to configure WinRoute Pro to somehow pass on VPN traffic
to the Fileserver (VPN Server) but not exactly sure how. Within the
WinRoute Port Mapping configuration, I could have it map port 1723 to the
LAN NIC of the Fileserver, but then how does WinRoute map VPN traffic back
to the client? So I'm guess I don't want to actually "map" the port, but
instead just "open" the port to VPN traffic. (Not sure how to do this, but
I'm working on it).
I'm also confused as to how to properly setup Routing and Remote Access on
the Fileserver. I believe I've got the IP addresses configured properly
(using a small range beginning at 192.168.12.50). But within the Port
Properties, it has a field for the "Phone number" where you're to enter the
IP address that clients are "calling". However I'm assuming that I have
users "call" the firewall's Internet NIC. I wouldn't think that that is
what I'm supposed to enter there. Maybe I just leave that blank.
So anyway, this is conceptually what I think is supposed to happen:
- Firewall is somehow configured to pass VPN traffic (port 1723) to
- Fileserver (VPN Server) is automatically listening to traffic on port 1723
on the only NIC it has (I'm assuming this is automatic in the fact that I
have Routing and Remote Access running)
- Fileserver assigns an "internal" IP address (starting with 192.168.12.50)
for all traffic coming in on that port for that client's IP address.
- Internal networking requests are done using the "internal" IP address and
then information is passed back to the client via the client's actual
internet IP address (passed back through the firewall)
Well, seems simple enough, but whenever I try to VPN connect from a client,
it comes back saying the request is denied. I can ping the firewall fine
from the client computer, so it's seeing it. So, I'm thinking my main
problem is not having the firewall configured properly, but I've probably
got my VPN server configuration horked too.
Any pointers you can give to straighten me out would be appreciated.