I have seen a lot of IP addressing, NIC, NAT related queries in different newsgroups. This blog is aimed to give you a quick view on this.
First the basics on IP address/routing on RRAS perspective:
Let us now take some examples:
1) RRAS server behind a NAT router with single NIC
Internet --> NAT router ---> LAN ----> RRAS server (single NIC)
Assume RRAS server is running DNS/WINS, DHCP and DC (like in SBS server scenario).
Say all the LAN clients as well as VPN clients share the same address pool - say 192.168.1.x, NAT router private NIC has IP address as 192.168.1.1 and RRAS server LAN NIC as 192.168.1.2 (it is better to have static IP address - so that NAT router can redirect correctly).
1) Configure DHCP server with a pool - 192.168.1.3-192.168.1.254 (note: 192.168.1.1 is given to NAT router and 192.168.1.2 to RRAS server itself) and default gateway as 192.168.1.1 (i.e. NAT router's LAN IP address).
2) Configure RRAS for single NIC - Select DHCP as the way to obtain IP address pool http://blogs.technet.com/rrasblog/archive/2006/06/19/437171.aspx
2.1) As you are running DNS/WINS on the same machine on RRAS, you may need to disable registering of RRAS tunnel adapter address into DNS/WINS - otherwise LAN machines will not be able to reach DNS/WINS server. Refer to http://support.microsoft.com/kb/292822/EN-US for more information.
2.2) As you are running multiple services on RRAS box, ensure you turn off static filters when configuring RRAS server (http://blogs.technet.com/rrasblog/archive/2006/07/06/440398.aspx)
3) Enable NAT router to redirect PPTP packets coming on its public interface to RRAS server: http://blogs.technet.com/rrasblog/archive/2006/06/14/435826.aspx
Note: RRAS server with L2TP behind a NAT router is not a "recommended scenario". Refer to following KB for further details: http://support.microsoft.com/default.aspx?scid=kb;en-us;818043
4) Create a VPN client - with "Use default gateway" check on and VPN server address as NAT router's public IP address. Ensure you are able to ping VPN server's internal interface, LAN NIC and the LAN clients by name as well as IP address.
In the above scenario, if you want to give different address pool to VPN clients and LAN clients, you can configure RRAS server with static IP address pool and give a different pool - like 192.168.2.x. Ensure you configure DHCP server scope to pass a static route (192.168.2.0/255.255.255.0 with gateway as 192.168.1.2 or RRAS server's LAN IP address) to LAN clients. This route will enable LAN client to reach VPN clients. VPN clients can reach LAN clients - because they have a default route towards VPN server.
2) RRAS server with two NIC
Internet --> RRAS server (two NIC) --> LAN
Assume RRAS server is running as NAT router too (for LAN machines as well as VPN clients)
Say all the LAN clients as well as VPN clients share the same address pool - say 192.168.1.x, RRAS server has a public IP address (say 22.214.171.124) and RRAS server LAN NIC as 192.168.1.2.
Note: In this scenario too you can have RAS as well as LAN clients sharing the same IP address pool OR have different pools
All the steps for this configuration remains same - except configure RRAS server for two NICs (one facing internet and one facing intranet) and enable NAT on RRAS server itself.
Please send us back your feedback or any queries that you may have
Samir JainLead Program ManagerRRAS, Windows Enterprise Networking
[This posting is provided "AS IS" with no warranties, and confers no rights.]