Archived from groups: microsoft.public.win2000.security (
More info?)
Hi John.
Yeah. It does not like setting up vpn with just one nic. What I do when I set up rras
is to select the last option on the list - manual setup and it always worked fine for
me. You may need to disable it and start over at which time you will get the wizard
again and then select the last option - manual. --- Steve
"John Barwell" <johnbarwell@msmdirect.co.uk> wrote in message
news:HfZzc.15812$NK4.2611296@stones.force9.net...
> Dear Steve,
>
> I am just going through the wizard for the RRAS. When I get to the Internet
> Connection stage I can only select my NIC. When I try to select that card I
> get the following error
>
> "You have choosen the last available connection as the internet connection.
> A VPN server requires that one connection be used as the private internet
> connection"
>
> Please can I advise as I think this is having an impact on the working of
> the VPN server?
>
> Many Thanks,
>
>
> John Barwell
>
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:x8Lzc.59695$Sw.29045@attbi_s51...
> > Hi John.
> >
> > I am not quite sure what you mean about "not being picked up by the remote
> client".
> > If the client has deny configured in their AD account for dial up and
> they dial in
> > to a W2K rras server that is a domain member and in the RAS and IAS group,
> they
> > should get a message that says they are not allowed access after they
> enter their
> > domain credentials.
> >
> > You say you are using the same exact settings for dial up and dsl? I
> assume you mean
> > that at least the vpn connectoid is configured to use the public IP
> address assigned
> > to your router wan interface. The router also needs to be configured to
> port forward
> > the proper ports and protocols to your internal rras server. Assuming you
> are using
> > pptp since you can not use l2tp through NAT into a W2K rras server,
> configure port
> > 1723 TCP to port forward to the internal IP address of your rras server
> and allow
> > protocol 47 which may be referred to as pptp pass through. Also configure
> the vpn
> > client connectoid to use pptp - not auto if using the built in W2K vpn
> client. You
> > can do that in properties/network type. The rras server will need to be
> able to hand
> > out at least ten IP addresses either through a static pool or the use of a
> dhcp
> > server on the rras computer. --- Steve
> >
> >
http://support.microsoft.com/default.aspx?scid=kb;en-us;308208
> >
> > "John Barwell" <john.barwell@btinternet.com> wrote in message
> > news:canrf3$dsu$1@titan.btinternet.com...
> > > Hi Steve,
> > >
> > > I have already configured the settings in AD. However they are not being
> > > picked up by the remote client. Also I ran into another problem last
> night.
> > > I can connect using a dialup connection. However when I try the exact
> same
> > > setting for DSL I cannot. Any ideas?
> > >
> > > Many Thanks,
> > >
> > > John
> > > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> > > news:f_Fzc.109505$Ly.59278@attbi_s01...
> > > > The dial restriction needs to be configured for their accounts on the
> > > remote access
> > > > server, or in AD Users and Computers if the rras server is a domain
> > > member.
> > > > Depending on your configuration the dial in options could be allow,
> deny,
> > > or control
> > > > through remote access policy. --- Steve
> > > >
> > > > "John Barwell" <johnbarwell@msmdirect.co.uk> wrote in message
> > > > news:JmFzc.15539$NK4.2497019@stones.force9.net...
> > > > > Dear All,
> > > > >
> > > > > I am setting up VPN access for my remote users. I have a Draytek
> 2600
> > > > > router. I have managed to get the majority of the configuration
> done.
> > > > > However the problem I have is that anyone of my users can login
> using
> > > the
> > > > > VPN, even when I have restricted the Dial In property on the user's
> > > account.
> > > > > Can someone offer me some advice on how to restrict users loggin in
> > > > > remotely?
> > > > >
> > > > > Thanks,
> > > > >
> > > > >
> > > > > John Barwell
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>