Remote client access to srv behind router

Discussion in 'Server Networking' started by Don, Apr 28, 2005.

  1. Don

    Don Guest

    I want to use a laptop that is currently connecting to a server (DC) on a LAN
    and give it remote access to the server resources from a remote location. The
    server currently sits behind a router and the server is runnning Win Srv 2003
    Std Ed.
    Clearly this will be a VPN connection and the user profile will need to be
    permitted remote access.

    Once the VPN connection is established to the router, what else needs to be
    done to give the user access to shared resources on the server? Also is there
    anything else that needs to be done to permit the user to print locally at
    their remote location.

    Lastly, when looking at routers other than it needing to support VPN
    connections are there any other features that the router needs to have?

    Don, Apr 28, 2005
    1. Advertisements

  2. Don

    Don Guest


    I'm not looking to use Remote Desktop. My post indicated that I'm looking to
    establish a connection to the VPN router and then the need to access
    resources on the server. The user will have their laptop with them. There
    will not be a Remote Desktop to operate.

    Thanks, but I'm not looking for a consultant.

    Don, Apr 29, 2005
    1. Advertisements

  3. Don

    Bill Grant Guest

    There is no simple answer to this if we don't know what the target
    router is. Is this router capable of hosting a VPN connection by itself? Or
    will you need to use the remote server as the VPN endpoint? The two
    situations are very different.

    If the server is to host the VPN connection, you will need to use port
    forwarding on the router to extend the VPN connection to the server.
    Bill Grant, Apr 30, 2005
  4. Don

    Don Guest

    Hey Bill,

    The VPN endpoint is the router.

    At this point I've setup the laptop with a VPN connection and I'm able to
    establish the VPN connection from the laptop to the VPN router. Now I need to
    be able to gain access to the servers shared resources.

    Just to make sure we're on the same page. The laptop is config'd to connect
    to the office domain server when the laptop is in the office. It's this same
    laptop that's going to be mobile. The laptop needs to be able to connect to
    the VPN router and then make use of the same server shared resources it has
    in the office. There is only one server which is the DC and it's running
    DHCP, AD, WINS, & DNS. ISA is not involved.

    As best I understand the roadblock to be. Even though I have established a
    connection to the VPN Router, I'm still not logged onto the network itself.
    Thus no access to the LAN behind the router is being given.

    An extra detail: When the user powers up the laptop they are still required
    to "logon" to the laptop just as if their in the office. The third field on
    the logon screen still reflect the domain not "local" computer.

    Hope this helps clarify.

    Thanks for the feedback.
    Don, Apr 30, 2005
  5. Don

    Bill Grant Guest

    Making a VPN connection simply sets up an IP connection to the router.
    It does not do a domain login (and it doesn't carry LAN broadcasts). The
    username/password you supply is only used to validate the fact that you are
    entitled to make a VPN connection.

    Check that the client has the correct IP address and subnet mask for the
    LAN, and the correct DNS address and DNS suffix. Can you ping the DC by
    Bill Grant, May 1, 2005
  6. Don

    Don Guest

    Hey Bill,

    Thanks for the follow-up. Yes I'm on the same pg with you about what
    establishing a VPN connection to the router accomplishes.

    Unfortunately, I will not have access to the laptop until Monday late or
    Tues. So I'll try the ping then.

    However, I did establish the same VPN connection with another computer from
    a remote location that is not config'd for the DC. It's simply the standard
    "workgroup" setup. When the VPN connection is made "ipconfig /all" shows the
    VPN connection via PPP/SLIP. And is asigned the IP Address setup on the
    router VPN config. I do see however that the subnet is wrong. Its showing when it should be Also the Gateway, DNS, and
    WINS are wrong.

    The connection status, Deatils Tab indicates the Server IP Address as which is the router IP on the LAN side.

    With regards to PING. I can ping the DC IP Address but not the DC name.
    Based upon the wrong info above, I'm ot going to be able to ping the DC.

    Don, May 2, 2005
  7. Remote Destop and VPN work together. The VPN is established, then RD is run
    over the VPN.
    RD is running on the machine they contact, not the machine they are sitting
    Phillip Windell, May 2, 2005
  8. Save yourself a TON of trouble. After the VPN connects, use Remote Desktop
    from that point. It is the only truely *efficient* way I have ever performed
    Phillip Windell, May 2, 2005
  9. Don

    Don Guest

    Hey Phillip,

    Thanks for the post. Yes RDC does run on the workstation in the office
    however the computer that would be in the office will be traveling with the
    user.Thus there is no workstation in the office to RDC. This is the issue.

    The user needs to access the shared resources (folders/files) residing on
    the server from his remote localtion.

    Don, May 3, 2005
  10. Don't worry about the mask. That is normal.
    Worry about that. The does need to be correct. Manually enter them if you
    have to. RRAS won't give all the DHCP Options unless you configure the DHCP
    Agent on RRAS.
    Perfectly normal since the DNS & WINS entries are wrong. Get those
    Phillip Windell, May 3, 2005
  11. Ok, I see. Well if the laptop is both on and off location, then I take it
    that it is a Domain Member?

    Assuming so....
    Make sure that the laptop recieves a good DNS and WINS entry when connecting
    to the VPN. If at all else you can manually configure those in the Dialup
    Connectiod and just let the IP# & Mask be automatic. Then, when at the
    Crtl-Alt-Del prompt on the Laptop, enable the box that says "Log on with
    Dialup Connection". Choose the right connection when prompted. The machine
    should function on the LAN the same as if it was physically there (except
    much slower).
    Phillip Windell, May 3, 2005
  12. Don

    Don Guest

    Yes it is a domain member.

    Concerning the DNS & WINS info is bad when the VPN connection is made, I'll
    give the dial-up config a go.


    Don, May 5, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.