PRIVATE NETWORK CONFIGURATION Part 2
- This document asumes the following:
- You have RDP access to the server
- You are using Windows 2008 server Full
- You have Administrator access to the server
- The private interface to be used is Ethernet 2
- The private IP assigned to your server is 10.10.3.148/30
- Our VPN Server will be used for testing, its IP address is 10.10.2.186
We assume you have finished the configuration of the first stage, where you activated the Network Policy and Access Services ROLE (NPAS).
After this is done, ideally the server should be rebooted, to make sure things go smoothly.
1. Configuring The Secondary NIC.
This step should be done, configuring ONLY the IP and the Netmask. NO DEFAULT GATEWAY FOR THE SECONDARY NIC SHOULD BE SET AT ANY POINT.
The configuration should look like this:
2. Enabling RRA
We must enable and configure the Routing and Remote access service, in order to be able to add the static routes we need.
Click in Start —–> administrative Tools —-> Routing and Remote Access as depicted in the follwing screen capture.
Once this is done, we must “configure and Enable Routing and Remote Access” as depicted in the next screen shot.
The wizard begins, click on Next.
From the following meny, select the “Custom Configuration” as depicted in the following screen shot.
From the next menu select “Lan Routing” and click Next.
After this, click on “Finish” in order to end the wizard. A message should appear as depicted next.
3. Adding the Static Route to our Private Network.
By default, we use the entire 10.0.0.0/8 network for the Private Network connectivity of our servers. This means that each server must have a “Default” route configured ONLY on the Primary NIC (the internet NIC) and the Private Network must be reached with a Static Route. Here we proceed to add it.
Once we have Enabled and configured the RRA service, we will see new menus available in this section, we are interested in the ones in the IPv4 as shown below.
We then must “right-click” on the Static Route item and click on “New Static Route”
After you click this, a new windows will pop up and you will be able to add the configuration.
NOTE: You must be sure to select the correct NIC, in this case is the NIC #2
The Private network details should look like the following screen shot:
Then click OK, this is the end of the configuration.
4. Testing it.
Well, we need to make sure the private traffic does not leave via the Public Nic, otherwise this whole configuration will not do us any good.
We will ping and traceroute to our VPN server’s Private Network to make sure the traffic ONLY touches the private network.
With this, all the traffic destined to the private network, will indeed use the private network infrastructure, not the public one.