VPN server setup

We have just purchased a new firewall device that does a PPTP passthrough to allow remote clients to connect to our internal network. In trying to configure our Windows Primary Domain Controller as a VPN server, I get a message stating that a VPN server requires a private Internet Connection and it won't let me select the existing network card.

I am planning on installing another NIC but before I tear into the machine, I was just curious if there was a way around this?

Regards,
Paul

 

Confirm exactly where you get this message.

Not enough info!

In the Router has VPN been allowed and port forwarded to the server IP? VPN is not always on as default. And if so, you still need to forward to the Server ip.

Have you created an Incoming VPN connection (Accept incoming connections).

Control Panel-Network and Dialup connections-Make New Connections-Accept Incoming connections. After creation, properties add users.

If you have a Firewall allow port 1723 (VPN Port).

Mike

 

I get this message in the Routing & Remote Access Server Setup Wizard (Admin Tools - Routing & Remote Access) on my Windows 2000 server, specifically when I get to the part about Internet Connection after I select VPN server and TCP/IP.

Yes, the firewall router has been port forwarded to the server IP.

I can't configure the incoming VPN connections (accept VPN connections) in Control Panel-Network and Dialup connections-Make a New Connection since this computer is a domain controller. If I try to do it here, Windows directs me to the Routing & Remote Access Server Setup Wizard.

 

OK! I forgot that a DC uses a different setup procedure!

So save and clear the event logs. So they are empty!

Try this

hilite "No internet connection" instead of the NIC or LAN connection.
then "Manually configured server option ".


Check events for errors if fails.
Mike

 

Thanks Mike.

According to MS TechNet, as a result of the "Manually configured server" setup, "Five PPTP and five L2TP ports are created. All of them are enabled for both inbound remote access connections and inbound and outbound demand-dial connections."

This does not mean that only 5 clients can remotely connect to the LAN at any one time, right? Each port allows multiple clients to connect, right?

Paul

 

Yes each can have multiple concurrent connections.

VPN is in effect a virtual cat5 cable and will act like one except for the speed!

If I remember you can go into RRAS console and increase, decrease or remove these ports!

Mike

 

Thanks for all of your help, Mike. I'm hoping that we'll have the new firewall device in place no later than early next week so I'll post my results regarding the VPN setup in case you or anyone else is interested.

Paul

 

For sure let us know. It may help someone else also!

Good luck,
Mike

 

I looked into the "Manually configured server" option but it looks like you need a modem which this server doesn't have.

I installed a NIC so now we have the integrated Ethernet as well as a 3Com PCI NIC.

Funny thing though, even if I disable the 3Com card in Device Manager, I can still select the integrated Ethernet as my Internet connection during the VPN server setup. When I tried to select this option before the 3Com NIC was installed, Windows told me that "a VPN server requires a private Internet Connection" and it would not let me continue.

Here's my question...

It appears that now I have 3 options:
1) enable the 3Com and chose this for the connection
2) enable the 3Com and chose the integrated Ethernet for the connection
2) disable the 3Com and chose the integrated Ethernet for the connection

Which is best?[/B] They both are connected to a switch which is connected to the LAN port of our firewall device that is allowing PPTP passthrough to the server. This server is our primary domain controller running Active Directory, DNS, & DHCP and the integrated Ethernet's IP address is mapped to our DNS server IP address. I'm just afraid that if I select the integrated Ethernet as the private Internet connection, it will interfere with it's primary duties.

Any thoughts?

Paul

 

I chose to disable the 3Com NIC and selected the integrated Ethernet for the Routing & Remote Access Internet connection and this seems to work fine.

Still think it's odd that Windows 2000 server won't let you select this option if there are no other network cards installed and yet you can select it even if you have another NIC installed but disabled.

Thanks for the help.