Windows Server 2008 R2 RAS VPN: access server on internal interface ip

Posted by Mathias on Server Fault See other posts from Server Fault or by Mathias
Published on 2011-03-18T14:34:05Z Indexed on 2012/04/09 11:32 UTC
Read the original article Hit count: 368

short question: I'm usually a linux admin but need to setup a Win2k8 R2 server for a student project. The server is running as VM on a root server and has a public internet IP assigned. Additionally I need a VPN server to access some services running on the server. I managed to set up a working VPN gateway via the Routing and RAS service which assigns clients an IP in the private subnet 192.168.88.0/24 with the Interface "Internal" listening on 192.168.88.1. Additionally I set up the external interface as NAT interface.

So I can connect to the VPN server, get an IP assigned and the server additionally does NAT and I can access the internet over the VPN connection. The only thing I additionally need, is that I can access the server itself over that internal IP (e.g. client 192.168.88.2, server 192.168.88.1) as I want to access some services which I don't like to expose to the internet and restrict them to connected VPN clients.

Does anybody have a hint, which configuration I'm missing here to be able to access the server over the VPN connection?

EDIT: VPN clients get assigned the IP from the private subnet with subnetmask 255.255.255.255, I guess that might be the reason I can't access the server on the private IP address although it's in the same network range. Any ideas how to change this? I defined a static address pool in the Routing and RAS service, but I can't change the netmask there.

EDIT2: I can't access the server from the client, but I can fully access the client from the server (ping, HTTP). I guess it has to do with firewall configuration.

Thanks in advance, Mathias

© Server Fault or respective owner

Related posts about vpn

Related posts about windows-server-2008-r2