I have read a lot of the posts using the Keywords Microsoft Loopback Adapter
and they kind of answer my question which is what do I need to do to use a
VPN connection to attach my virtual network to the corporate forests.

I have resently moved to a remote site and my connection to the corp network
is through a VPN. When I was connected physically to the Corp network I had
access to all the forests that we have on the network.

On the Host machine, a dell server with Windows Server 2003R2 sp2 on it, I
can still access the resources on all the forests, but the VPC's have all
lost that functionality. My network admin advised me to add a M. Loopback
Adapter which I have done. I also have enabled ICS on the VPN Miniport for
the MLA to use internet, which didn't work. I enable ICS on the physical
network card and now the internet works on the VPC's.



My problem is that I think I am getting too many parts (not enough parts?)
to make this work. In other words, I'm confused.

The functionality that I need is:
1.) to have the VPC (with the OS's of XPPro and WS2003/8) be available to
the host
via Remote Desktop Connection.
2.) To have the VPC's be able to use the internet (host always connected via
a WRT54G router with an internal IP of 192.168.3.1).
3.) To have the VPC's be able to see the corporate forests and each other
and the local host (yes it is part of one of the corporate forests)

Sounds simple and probably is. Can anyone help?

--
Thanks, Marc

"Marc" <Marc@xxxxxx> wrote in message
news:43C9FD0A-24AA-489F-8717-6C14C330A5F9@xxxxxx

> I have read a lot of the posts using the Keywords Microsoft Loopback
> Adapter
> and they kind of answer my question which is what do I need to do to use a
> VPN connection to attach my virtual network to the corporate forests.
>
> I have resently moved to a remote site and my connection to the corp
> network
> is through a VPN. When I was connected physically to the Corp network I
> had
> access to all the forests that we have on the network.
>
> On the Host machine, a dell server with Windows Server 2003R2 sp2 on it, I
> can still access the resources on all the forests, but the VPC's have all
> lost that functionality. My network admin advised me to add a M. Loopback
> Adapter which I have done. I also have enabled ICS on the VPN Miniport
> for
> the MLA to use internet, which didn't work. I enable ICS on the physical
> network card and now the internet works on the VPC's.
>
> My problem is that I think I am getting too many parts (not enough parts?)
> to make this work. In other words, I'm confused.
>
> The functionality that I need is:
> 1.) to have the VPC (with the OS's of XPPro and WS2003/8) be available to
> the host
> via Remote Desktop Connection.
> 2.) To have the VPC's be able to use the internet (host always connected
> via
> a WRT54G router with an internal IP of 192.168.3.1).
> 3.) To have the VPC's be able to see the corporate forests and each other
> and the local host (yes it is part of one of the corporate forests)
>
> Sounds simple and probably is. Can anyone help?
>
> --
> Thanks, Marc

No, it is not simple, but it might be possible. ICS (I would have used
RRAS/NAT on a server) and a loopback adapter will let you share the host's
Internet connection but it doesn't help with the VPN link, which is what you
need to see the corporate network.

Exactly what sort of VPN connection do you have? Is it configured as a
site-to-site VPN link? Can all machines in your site see all machines on the
corporate LAN?

What you need to be able to do is route your virtual network to the
corporate network through the VPN link. By default this doesn't happen.

You probably can't do anything simply by making changes at your end of
the connection. For the routing to work, the VPN server at the corporate end
has to know the IP addresses of your local networks and have a route to send
them through the VPN link. By default it will only have a route for your LAN
network 192.168.3.0/24 . Even if you changed the routing at your end to send
corporate traffic from the virtual network through the VPN, nothing would
work because the VPN corporate router would not know how to route the
traffic back through the VPN link.

One thing though, the Host machine is visible on the Corp Network.
--
Thanks, Marc


"Bill Grant" wrote:

> No, it is not simple, but it might be possible. ICS (I would have used
> RRAS/NAT on a server) and a loopback adapter will let you share the host's
> Internet connection but it doesn't help with the VPN link, which is what you
> need to see the corporate network.
>
> Exactly what sort of VPN connection do you have? Is it configured as a
> site-to-site VPN link? Can all machines in your site see all machines on the
> corporate LAN?
>
> What you need to be able to do is route your virtual network to the
> corporate network through the VPN link. By default this doesn't happen.
>
> You probably can't do anything simply by making changes at your end of
> the connection. For the routing to work, the VPN server at the corporate end
> has to know the IP addresses of your local networks and have a route to send
> them through the VPN link. By default it will only have a route for your LAN
> network 192.168.3.0/24 . Even if you changed the routing at your end to send
> corporate traffic from the virtual network through the VPN, nothing would
> work because the VPN corporate router would not know how to route the
> traffic back through the VPN link.

"Marc" <Marc@xxxxxx> wrote in message
news:37B3D621-FA83-4C07-8C86-31286BB7488D@xxxxxx

> One thing though, the Host machine is visible on the Corp Network.
> --
> Thanks, Marc
>
>

Yes, the host machine is not the problem. If you make a dialup type
connection from this server, the corp VPN server will have a host route back
to it through the tunnel. But that is the real problem - it is just a host
route to that machine. It will not route traffic for your guests behind this
machine. This really has nothing to do with virtual machines. That is the
way VPN connections work.

With remote sites, the solution is to use a site-to-site VPN link.
Instead of a dialup type connection, you have a router to router connection
(ie you need a router at each end which can do subnet routing through the
tunnel). That doesn't really fill the bill for you because what you are
running is a mini-site of virtual machines within your site!

If you could run NAT on the server to use the VPN connection as its
"public" interface, things would work. All traffic from the vms going to the
corporate LAN would be using the server's IP address and would be routed
correctly. That is pretty tricky to set up.

To configure RRAS as a NAT router you need the connection to appear in
RRAS as an interface. A standard dialup connection doesn't do that. You
would need to set up a demand-dial interface and establish the connection
through that. (You do not need to use the dial on demand feature. You just
need the interface associated with the connection).

Now you can configure NAT using the dd interface as the public interface
and the loopback adapter as the private interface. Your vms are now routed
to the corporate network through NAT rather than to your local network (as
they were when the public interface of NAT was the NIC in the host).

This is a bit esoteric, so if you want to take it offline you could
email me at

grantaw at aliencamel dot com