10-10-2008 09:57 AM - edited 03-03-2019 11:52 PM
Hi,
Our router (integrated services 2811) PAT to a single sub net. We have a web server located on the sub net.
When using public DNS from a computer on the LAN (other than the web server) we obviously get the public IP address for our website. This results in the request being sent to the WAN port of the router. Even though the router is configured to forward port 80 on the WAN port to the web server, it does not forward the request if the request originally came from the LAN.
Quite simply, the question is: How do you forward LAN requests made to the public IP address (WAN) on the router back into the LAN?
From what I have found online is that this is nearly impossible to do. If it is, why? A cheap Lynksys router does it quite easily.
10-10-2008 01:35 PM
Going home now so won't be back till Tuesday (long weekend). Will continue the discussion then.
10-10-2008 01:43 PM
Here's the issue (I think)
I don't know about Microsoft's VPN server (Remote Access Server?), but you should find a way to tell it to NOT nat traffic destined for the 10.10.130.0 subnet, but you can NAT everything else.
What I think is happening is the network on your side is the return traffic is being natted which is why your clients on the dial up side can't see the DNS server on it's private interface.
The two endpoints of the VPN (both public interfaces) are transparent after a VPN tunnel is established. The private networks on both ends should be like it's in your same office. When a person from the 10.10.130.0 network makes a request to the 10.10.10.0 network, it shouldn't be natted at all, and you should find a way to exclude those. Can you ping a host across the tunnel? If not, you are trying to nat the connection.
Here's a starting point:
http://technet.microsoft.com/en-us/library/cc780391.aspx
Hopefully this helps.
John
10-14-2008 07:43 AM
Hi again.
We can currently ping from any host on the main network (the one with the web server) to any vpn connected client (such as a server in a remote site). We can only ping from the client connected to the VPN in the remote office to any client in the main office as expected.
I suppose that if we would enable Routing and Remote access on the servers that then we would be combining all our networks into one routed network. We could then set the DNS to the internal IP address of the web server. The problem I see with that is that the entire network will be browse-able by any client. I am not aware of any way to turn off network discovery over a VPN hosted by a Microsoft OS. Also, should one of our offices be infected with a virus, this could increase how wide spread of an impact it has.
Thoughts?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide