Domain consisting of 4 NT 4 servers, with a PDC. Behind a Cisco 2600 router on a frac-T, running NAT. Internal IP scheme is 192.168.200.XXX. One of the NT servers, not the PDC, I slapped a 2nd NIC in. The onboard Intel NIC is 192.168.200.14, the second NIC, a 3COM, is 192.168.200.99. I had the phone company (who owns the router) forward ports 1701 and 1723 to 192.168.200.99 to a static WAN IP that is one of their allocated public IPs. Also allowing IP 47 GRE to go through. I was getting at having the 3COM handle the VPN, letting the onboard be the regular LAN card, even though the 3COM is still in the same IP scheme.

The network runs on nothing but TCP/IP internally.

Installed RRAS on the server, Point to Point, setup to allow 3 VPN sessions.

Both NICs are plugged into same switch which lead to router. Machine has internet access and see the network neighborhood.

Problem is, with both NICs plugged in, I get event viewer Messenger service terminated with service specific error 2270...which from what I gather has to do with computers with the same name being on the same network. So I figured the 2nd NIC was doing that, disabled it in bindings from Server and Workstation, but same error happens. If I unplug the 2nd NIC (3COM), the error goes away.

I'm lost on the configuration of a VPN server behind NAT. If it's on the same IP scheme, 192.168.200.XXX, is it OK to have 2 NICs? Which bindings go to which adapters, in Server, Workstation, RAS, and RRAS. I have NetBEUI, Point to Point, and TCP/IP protocols installed, but the LAN runs on TCP only, I added NetBEUI in hopes of adding it to the VPN so remote users could browse easier.

So when you look at the bindings, you see NetBIOS interface, both WINS and NetBEUI, WINS with both NICs and a WAN wrapper, NetBEUI with both NICs and 3 WAN wrappers


Remote Access Server Service, WINS and NetBEUI,WINS with both NICs and a WAN wrapper, NetBEUI with both NICs and 3 WAN wrappers


Routing and "", both WINS and NetBEUI, WINS with both NICs and a WAN wrapper, NetBEUI with both NICs and 3 WAN wrappers

Server...""" each with both NICs

Workstation...""" each with both NICs

I also read about one of the adapters shouldn't have a gateway, which is the router at 192.168.200.1.

And the SAM, you need to add VPN clients to the local user admin list, or do a regedit to point to the PDC SAM.

Just an update, we removed NetBEUI, because that was causing the NetBIOS multiple name errors.

Next problem is the port forwarding in the router. With just port 1723 forwarded to 192.168.200.99, allowing IP type 47 GRE through, the external clients cannot receive a response. If we drop everything on the router, leaving that IP wide open, it connects fine. Raise the blocks again, and the client gets error 752...no host found. We can button things up to just 1723 and type 47 as the client is connected, and it stays fine. But disconnect the client, and cannot reconnect again. Drop the wall, adn the client connects fine.

So what on the router is needed for that initial contact?

I have two links concerning VPN.

I doubt that it will solve your problem, may be it can lead you to the right place.
http://search.win2000mag.net/faq/query.html?col=faq&qt=vpn

http://www.microsoft.com/TechNet/sbs/reskit/sbs45res/part3/sbrk0323.asp

[ 04-25-2001: Message edited by: JackMDS ]

Try port 1701 also.


Minvaren

Finally got SNET to redo the port forwarding on the Cisco 2600, it seems they had something in there that was screwing it up. It is fully functional now allowing just port 1723 forwarded, along with GRE.

Now my next issue, I created an LMHosts file on a test client, with the IP and computer names. Connecting through VPN using only TCP/IP. Browsing does take a while, no WINS server running, you can ping computer by name, you can do a find computer and it will pop into network neighborhood. Try to double click the computer to open up and view it's shares, and you're presented with a password box.

Now I gave access to entire network in the VPN setup. In user manager, the person has an NT account, with dial up permission. The server that is attempting to be accessed has basic shares to all domain users, so the account has permission to view it.

What cures the login again on the computer we're trying to access from the remote client.