Member Avatar for Kurtismonger

I have a Windows 2003 server configured as a RRAS (Routing and Remote Access Server). This server was configured by the previous IT person, who didn't do a lot of things correctly. The VPN works okay, in the sense users can connect via VPN and then use remote desktop to remote into a PC inside the network and then do work from that PC. However, my understanding with VPN is, I should be able to do anything on the remote network as if I was actually there such as map network drives and printers without having to remote control a PC. Currently I am unable to do this and I believe the problem is that the RRAS server is setup to give out IP addresses to the VPN connections that are completely different than our internal network IP range, which use the standard 192.168.10.n. Once I connect to the VPN and run an IPCONFIG /ALL, I see the VPN gets the auto IP range of 169.254.12.xxx

I guess my question is wouldn't I want my RRAS to give out IP's in the range of my internal network that I reserved in the DHCP server? Also, is my understanding of VPN correct? Shouldn't users be able to access network resources that they have permission to in Active Directory?

  • 2 Contributors
  • 5 Replies
  • 208 Views
  • 8 Hours Discussion Span
  • Latest Post Latest Post by Kurtismonger
Member Avatar for jbennet

Go into Acive Directory users and groups and you can change the dial-in IP settings for each user/group.

Member Avatar for Kurtismonger

I don't know if it matters, but the RRAS is on a separate box from my PDC. The RRAS has it's own users for VPN setup under Computer Managment. I can change the users dial-in settings there, which I did and it assigned me an IP for the correct range, however I still can't map to a drive. When I try to do so I get prompted for a username and password. I've tried my own user pass and the admin user pass.

The IP address is the correct range, as are the network DNS servers, however the gateway is the same IP as the connection's IP and subnet mask is 255.255.255.255.

Member Avatar for Kurtismonger

Okay, this could be part of the problem. The RRAS is not part of the domain its a member of WORKGROUP. Wouldn't I want this on the domain?
The original IT guy set this up to replace a hardware firewall that croaked, so this is also functioning as our firewall.

Member Avatar for jbennet

It depends. In theory, it should be, in order for authentication, remote logon, accessing roaming profiles etc... but if you attach it to your domain you need to beware the security repercussions.

Member Avatar for Kurtismonger

So can I do what I want to do, allow VPN users to map drives, without having it on the domain? I don't need much in the way of roaming profiles, etc. Just one mapped drive for a couple of my users.
I'm aware of the potential issues, but since I didn't configure it I can't be sure I can button it up either.
Ideally, if there is way to map the drive without attaching it to the domain, I would like to do that. And then I can lobby for putting a real hardware firewall in place.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.