How to change network interface on RRAS?

Gundamtdk

In the RRAS wizard you can select the network interface to setup a VPN connection.

Though after the wizard how do I change the network interface?

Goldmember

From my understanding you need to use the configuration wizard again.

Once you setup , you can't move the VPN settings to another interface.

You need to choose the correct network interface and run the wizard.

Its simple.

Gundamtdk

Goldmember wrote:

From my understanding you need to use the configuration wizard again.

Once you setup , you can't move the VPN settings to another interface.

You need to choose the correct network interface and run the wizard.

Its simple.

That is troublesome.

BTW, how do I tell which network interface is setup for the VPN connection in RRAS?

Goldmember

Check out Lesson 3 Chapter 10 of MS Press book

dynamik

I believe the wizard only runs the first time you use RRAS. I don't think that's something you can load up again.

Gundamtdk

Goldmember wrote:

Check out Lesson 3 Chapter 10 of MS Press book

I don't have the MS press book

Goldmember

If you give me tomorrow I can answer with more detail.

I just started Chapter 10 today...



Otherwise check out this link about RRAS and VPN on technet

http://www.microsoft.com/technet/community/chats/trans/windowsnet/wnet_102005.mspx

What book are you using?

Goldmember

Alright...I reached Lesson 3 today.

The answer to your question....it depends on what you need to accomplish!


First off, you need to create a demand-dial(VPN) interface.
Go to network interfaces node and right-click and create a demand dial interface.
Make this interface VPN and put in the proper user account and IP address.

You can go to the ports node to configure the maximum amount of connections allowed to this interface.


This make sense????

If you need more help let us know.

Gundamtdk

Goldmember wrote:

Alright...I reached Lesson 3 today.

The answer to your question....it depends on what you need to accomplish!


First off, you need to create a demand-dial(VPN) interface.
Go to network interfaces node and right-click and create a demand dial interface.
Make this interface VPN and put in the proper user account and IP address.

You can go to the ports node to configure the maximum amount of connections allowed to this interface.


This make sense????

If you need more help let us know.

Why would I need a demand dial inference?

A VPN connection can work without a dial inference.

Goldmember

What are you trying to accomplish?

A VPN interface is a type of demand dial interface?

Weren't you talking about interfaces in your initial post?

dynamik

I think he's asking about how he can control which interfaces are used for incoming VPN connections (which I don't believe are considered demand-dial connections). To be honest, I played around with this briefly, but I didn't see anywhere where I could specify which interfaces to use. You can always setup inbound/outbound filters on your interfaces to control it that way, but I'm kind of surprised that you can't explicitly choose an interface to use. Remote access policies probably offer some addition control options as well.

Goldmember

Thanks Dynamik.

What is he trying to accomplish?

Under REmote Access Policies you can define NAS-Media-Type to any media you want.

This will allow or deny connections based on media.

You can also specify the NAS Host IP address and deny connections this way.


Lets say you have 2 network cards and you want to deny all VPN's to a certain card, DENY All VPN's to this IP address. No connections will be made.

Mishra

demand-dial connections are dial up connections that stay connection 100% of the time. It prevents users from getting on the internet and it waiting a minute to reconnect the dial up connection.

If you want to re-do your RRAS wizard you can right click the server in the MMC and disable (or whatever the word is) and re-install and it will walk you through the wizard again.

I remember seeing the interface option and it listing the interfaces there. You should be able to properties something but I would have to re-do it when I get home.

Goldmember

I just tried what Mishra said and it will probably work for Gundamtk.

I got denied because I only have one network interface. If you have 2 interfaces you can configure the VPN by disabling then enabling remote access from the server.

Mishra

Enabling RRAS as a VPN

If you're already using RRAS for IP routing or remote access, you can enable it as a VPN server without reinstalling. (Of course, if you want to start from scratch, you can always right-click the server and use the Disable Routing And Remote Access command to wipe out the server's configuration.)

Recall that the General tab of the server Properties dialog box contains controls that you use to specify whether your RRAS server is a router, a remote access server, or both. The first step in converting your existing RRAS server to handle VPN traffic is to make sure the Remote Access Server checkbox is marked on this tab. Making this change requires you to stop and restart the RRAS service, but that's OK because the snap-in will do it for you. Then you must configure VPN ports.

dynamik

I wouldn't recommend disabling and re-enabling RRAS because it will trash your entire configuration if you do that.

I played around with this a bit more, and here's what I found:

When you run the wizard, you select the interface that is connected to the internet, and you're allowed to configure a basic firewall on it.

If you want to set this up manually, just go to IP Routing > NAT/Basic Firewall > Whatever interface you want > properties and choose public interface. That will bring up the Address Pool, Services and Ports, and ICMP tabs. You can enable and disable one or both types of VPN connections in the Services and Ports section.

Goldmember

Like Dynamik said earlier you can also deny VPN's through Remote Access Policies. You can choose the Port IP address, essentially disabling VPN's on that interface.


I like the NAT/Firewall method. It seems cleaner because you are using the Firewall instead of Policy configuration.


Also, disabling RRAS and enabling is not recommended, but sometimes if you initial configuration is unwarranted then disabling might be the best way to go. It depends on how much has been configured because the initial RRAS Wizard makes thing easier to setup if you know ahead of time what you are trying to accomplish.