Guest Yig Posted September 24, 2007 Posted September 24, 2007 Hi, I have used Routing and Remote Access on my Windows 2003 SP2 server to create a VPN server. It is working, but not like I was expecting. I granted permissions to a few users but when they connect, they can only access the server with the VPN, not the rest of the network. I have a firewall in front of it but it allows VPN passthru and port 1723 is forwarded to the server. What do I need to check to make sure that the network is available? Thanks!
Guest Johan Strange Posted September 24, 2007 Posted September 24, 2007 RE: Problem with VPN setup If you open Routing and Remote Access, right click your Server (local) and select properties under General Place a check in Router then select LAN routing only. This should allow you to access the LAN. With PPTP you need to use 1723 and 47 . or UDP 500 and 1723 Does this help? -- Johan Strange _______________________________ MCSE, MCSA + Messaging, CompA+ Logic42 Computer Solutions - The answer to everything "Yig" wrote: > Hi, > > I have used Routing and Remote Access on my Windows 2003 SP2 server to > create a VPN server. > > It is working, but not like I was expecting. > > I granted permissions to a few users but when they connect, they can > only access the server with the VPN, not the rest of the network. > > I have a firewall in front of it but it allows VPN passthru and port > 1723 is forwarded to the server. > > What do I need to check to make sure that the network is available? > > Thanks! > >
Guest Yig Posted September 24, 2007 Posted September 24, 2007 Re: Problem with VPN setup Hi John, Yes, that helped. I modified it as you said. I will have to try tonight. I will also forward port 47 to the server then. Thanks! On Sep 24, 10:28 am, Johan Strange <JohanStra...@discussions.microsoft.com> wrote: > If you open Routing and Remote Access, right click your Server (local) and > select properties under General Place a check in Router then select LAN > routing only. This should allow you to access the LAN. > > With PPTP you need to use 1723 and 47 . or UDP 500 and 1723 > > Does this help? > > -- > Johan Strange > _______________________________ > MCSE, MCSA + Messaging, CompA+ > > Logic42 Computer Solutions - The answer to everything > > "Yig" wrote: > > Hi, > > > I have used Routing and Remote Access on my Windows 2003 SP2 server to > > create a VPN server. > > > It is working, but not like I was expecting. > > > I granted permissions to a few users but when they connect, they can > > only access the server with the VPN, not the rest of the network. > > > I have a firewall in front of it but it allows VPN passthru and port > > 1723 is forwarded to the server. > > > What do I need to check to make sure that the network is available? > > > Thanks!
Guest Johan Strange Posted September 24, 2007 Posted September 24, 2007 Re: Problem with VPN setup GL - another thing to consider is name resolution , you can test this by adding an entry to your hosts file. -- Johan Strange _______________________________ MCSE, MCSA + Messaging, CompA+ Logic42 Computer Solutions - The answer to everything "Yig" wrote: > Hi John, > > Yes, that helped. > > I modified it as you said. > > I will have to try tonight. > > I will also forward port 47 to the server then. > > Thanks! > > On Sep 24, 10:28 am, Johan Strange > <JohanStra...@discussions.microsoft.com> wrote: > > If you open Routing and Remote Access, right click your Server (local) and > > select properties under General Place a check in Router then select LAN > > routing only. This should allow you to access the LAN. > > > > With PPTP you need to use 1723 and 47 . or UDP 500 and 1723 > > > > Does this help? > > > > -- > > Johan Strange > > _______________________________ > > MCSE, MCSA + Messaging, CompA+ > > > > Logic42 Computer Solutions - The answer to everything > > > > "Yig" wrote: > > > Hi, > > > > > I have used Routing and Remote Access on my Windows 2003 SP2 server to > > > create a VPN server. > > > > > It is working, but not like I was expecting. > > > > > I granted permissions to a few users but when they connect, they can > > > only access the server with the VPN, not the rest of the network. > > > > > I have a firewall in front of it but it allows VPN passthru and port > > > 1723 is forwarded to the server. > > > > > What do I need to check to make sure that the network is available? > > > > > Thanks! > > >
Guest Yig Posted September 25, 2007 Posted September 25, 2007 Re: Problem with VPN setup I tried last night and I got the same results. The VPN connection point to the correct DNS and WINS and it gets an IP address from the DHCP. The server who is accepting VPN connections has only 1 NIC. Is that the problem? On Sep 24, 11:32 am, Johan Strange <JohanStra...@discussions.microsoft.com> wrote: > GL - another thing to consider is name resolution , you can test this by > adding an entry to your hosts file. > -- > Johan Strange > _______________________________ > MCSE, MCSA + Messaging, CompA+ > > Logic42 Computer Solutions - The answer to everything > > "Yig" wrote: > > Hi John, > > > Yes, that helped. > > > I modified it as you said. > > > I will have to try tonight. > > > I will also forward port 47 to the server then. > > > Thanks! > > > On Sep 24, 10:28 am, Johan Strange > > <JohanStra...@discussions.microsoft.com> wrote: > > > If you open Routing and Remote Access, right click your Server (local) and > > > select properties under General Place a check in Router then select LAN > > > routing only. This should allow you to access the LAN. > > > > With PPTP you need to use 1723 and 47 . or UDP 500 and 1723 > > > > Does this help? > > > > -- > > > Johan Strange > > > _______________________________ > > > MCSE, MCSA + Messaging, CompA+ > > > > Logic42 Computer Solutions - The answer to everything > > > > "Yig" wrote: > > > > Hi, > > > > > I have used Routing and Remote Access on my Windows 2003 SP2 server to > > > > create a VPN server. > > > > > It is working, but not like I was expecting. > > > > > I granted permissions to a few users but when they connect, they can > > > > only access the server with the VPN, not the rest of the network. > > > > > I have a firewall in front of it but it allows VPN passthru and port > > > > 1723 is forwarded to the server. > > > > > What do I need to check to make sure that the network is available? > > > > > Thanks!
Guest Johan Strange Posted September 25, 2007 Posted September 25, 2007 Re: Problem with VPN setup Hi, One NIC is fine. Usually I decide how many connections I will be supporting, if I am using RRAS for VPN it would not be many anyway. I then create an exclusion in DHCP and the IP Tab in Server (local) create a static pool based on the DHCP exclusion. The RRAS will assign itself the first address in the pool which you will be able to see under IP Routing/General. When you connect from your client you will then take one of teh remaining IP addresses in the pool. You can see the connection under "Remote Access Clients". Right click and select status. Can you browse the Web on the VPN client when connected? check "use default gateway on remote network" under the General tab of the client TCP/IP settings (Advanced). Also can you ping another node on your network by IP? What error do you see when you try to access other devices through the VPN connection? -- Johan Strange _______________________________ MCSE, MCSA + Messaging, CompA+ Logic42 Computer Solutions - The answer to everything "Yig" wrote: > I tried last night and I got the same results. > > The VPN connection point to the correct DNS and WINS and it gets an IP > address from the DHCP. > > The server who is accepting VPN connections has only 1 NIC. Is that > the problem? > > > > On Sep 24, 11:32 am, Johan Strange > <JohanStra...@discussions.microsoft.com> wrote: > > GL - another thing to consider is name resolution , you can test this by > > adding an entry to your hosts file. > > -- > > Johan Strange > > _______________________________ > > MCSE, MCSA + Messaging, CompA+ > > > > Logic42 Computer Solutions - The answer to everything > > > > "Yig" wrote: > > > Hi John, > > > > > Yes, that helped. > > > > > I modified it as you said. > > > > > I will have to try tonight. > > > > > I will also forward port 47 to the server then. > > > > > Thanks! > > > > > On Sep 24, 10:28 am, Johan Strange > > > <JohanStra...@discussions.microsoft.com> wrote: > > > > If you open Routing and Remote Access, right click your Server (local) and > > > > select properties under General Place a check in Router then select LAN > > > > routing only. This should allow you to access the LAN. > > > > > > With PPTP you need to use 1723 and 47 . or UDP 500 and 1723 > > > > > > Does this help? > > > > > > -- > > > > Johan Strange > > > > _______________________________ > > > > MCSE, MCSA + Messaging, CompA+ > > > > > > Logic42 Computer Solutions - The answer to everything > > > > > > "Yig" wrote: > > > > > Hi, > > > > > > > I have used Routing and Remote Access on my Windows 2003 SP2 server to > > > > > create a VPN server. > > > > > > > It is working, but not like I was expecting. > > > > > > > I granted permissions to a few users but when they connect, they can > > > > > only access the server with the VPN, not the rest of the network. > > > > > > > I have a firewall in front of it but it allows VPN passthru and port > > > > > 1723 is forwarded to the server. > > > > > > > What do I need to check to make sure that the network is available? > > > > > > > Thanks! > > >
Guest Yig Posted September 25, 2007 Posted September 25, 2007 Re: Problem with VPN setup I used unassigned addresses to create a static pool. Do I need to configure a route? When I connected last night, I tried to ping other servers but I got a time out message. I can ping or connect with VNC on the machine running the VPN. I will try again tonight. On Sep 25, 1:16 pm, Johan Strange <JohanStra...@discussions.microsoft.com> wrote: > Hi, One NIC is fine. Usually I decide how many connections I will be > supporting, if I am using RRAS for VPN it would not be many anyway. I then > create an exclusion in DHCP and the IP Tab in Server (local) create a static > pool based on the DHCP exclusion. The RRAS will assign itself the first > address in the pool which you will be able to see under IP Routing/General. > When you connect from your client you will then take one of teh remaining IP > addresses in the pool. You can see the connection under "Remote Access > Clients". Right click and select status. > > Can you browse the Web on the VPN client when connected? check "use default > gateway on remote network" under the General tab of the client TCP/IP > settings (Advanced). > > Also can you ping another node on your network by IP? > > What error do you see when you try to access other devices through the VPN > connection? > > -- > Johan Strange > _______________________________ > MCSE, MCSA + Messaging, CompA+ > > Logic42 Computer Solutions - The answer to everything > > "Yig" wrote: > > I tried last night and I got the same results. > > > The VPN connection point to the correct DNS and WINS and it gets an IP > > address from the DHCP. > > > The server who is accepting VPN connections has only 1 NIC. Is that > > the problem? > > > On Sep 24, 11:32 am, Johan Strange > > <JohanStra...@discussions.microsoft.com> wrote: > > > GL - another thing to consider is name resolution , you can test this by > > > adding an entry to your hosts file. > > > -- > > > Johan Strange > > > _______________________________ > > > MCSE, MCSA + Messaging, CompA+ > > > > Logic42 Computer Solutions - The answer to everything > > > > "Yig" wrote: > > > > Hi John, > > > > > Yes, that helped. > > > > > I modified it as you said. > > > > > I will have to try tonight. > > > > > I will also forward port 47 to the server then. > > > > > Thanks! > > > > > On Sep 24, 10:28 am, Johan Strange > > > > <JohanStra...@discussions.microsoft.com> wrote: > > > > > If you open Routing and Remote Access, right click your Server (local) and > > > > > select properties under General Place a check in Router then select LAN > > > > > routing only. This should allow you to access the LAN. > > > > > > With PPTP you need to use 1723 and 47 . or UDP 500 and 1723 > > > > > > Does this help? > > > > > > -- > > > > > Johan Strange > > > > > _______________________________ > > > > > MCSE, MCSA + Messaging, CompA+ > > > > > > Logic42 Computer Solutions - The answer to everything > > > > > > "Yig" wrote: > > > > > > Hi, > > > > > > > I have used Routing and Remote Access on my Windows 2003 SP2 server to > > > > > > create a VPN server. > > > > > > > It is working, but not like I was expecting. > > > > > > > I granted permissions to a few users but when they connect, they can > > > > > > only access the server with the VPN, not the rest of the network. > > > > > > > I have a firewall in front of it but it allows VPN passthru and port > > > > > > 1723 is forwarded to the server. > > > > > > > What do I need to check to make sure that the network is available? > > > > > > > Thanks!
Guest Johan Strange Posted September 25, 2007 Posted September 25, 2007 Re: Problem with VPN setup Hi, If your network is split over VLANs or Subnets then yes you need a route but if the servers you are trying to reach are on the same subnet then no you do not. -- Johan Strange _______________________________ MCSE, MCSA + Messaging, CompA+ Logic42 Computer Solutions - The answer to everything "Yig" wrote: > I used unassigned addresses to create a static pool. > > Do I need to configure a route? > > When I connected last night, I tried to ping other servers but I got a > time out message. I can ping or connect with VNC on the machine > running the VPN. > > I will try again tonight. > > On Sep 25, 1:16 pm, Johan Strange > <JohanStra...@discussions.microsoft.com> wrote: > > Hi, One NIC is fine. Usually I decide how many connections I will be > > supporting, if I am using RRAS for VPN it would not be many anyway. I then > > create an exclusion in DHCP and the IP Tab in Server (local) create a static > > pool based on the DHCP exclusion. The RRAS will assign itself the first > > address in the pool which you will be able to see under IP Routing/General. > > When you connect from your client you will then take one of teh remaining IP > > addresses in the pool. You can see the connection under "Remote Access > > Clients". Right click and select status. > > > > Can you browse the Web on the VPN client when connected? check "use default > > gateway on remote network" under the General tab of the client TCP/IP > > settings (Advanced). > > > > Also can you ping another node on your network by IP? > > > > What error do you see when you try to access other devices through the VPN > > connection? > > > > -- > > Johan Strange > > _______________________________ > > MCSE, MCSA + Messaging, CompA+ > > > > Logic42 Computer Solutions - The answer to everything > > > > "Yig" wrote: > > > I tried last night and I got the same results. > > > > > The VPN connection point to the correct DNS and WINS and it gets an IP > > > address from the DHCP. > > > > > The server who is accepting VPN connections has only 1 NIC. Is that > > > the problem? > > > > > On Sep 24, 11:32 am, Johan Strange > > > <JohanStra...@discussions.microsoft.com> wrote: > > > > GL - another thing to consider is name resolution , you can test this by > > > > adding an entry to your hosts file. > > > > -- > > > > Johan Strange > > > > _______________________________ > > > > MCSE, MCSA + Messaging, CompA+ > > > > > > Logic42 Computer Solutions - The answer to everything > > > > > > "Yig" wrote: > > > > > Hi John, > > > > > > > Yes, that helped. > > > > > > > I modified it as you said. > > > > > > > I will have to try tonight. > > > > > > > I will also forward port 47 to the server then. > > > > > > > Thanks! > > > > > > > On Sep 24, 10:28 am, Johan Strange > > > > > <JohanStra...@discussions.microsoft.com> wrote: > > > > > > If you open Routing and Remote Access, right click your Server (local) and > > > > > > select properties under General Place a check in Router then select LAN > > > > > > routing only. This should allow you to access the LAN. > > > > > > > > With PPTP you need to use 1723 and 47 . or UDP 500 and 1723 > > > > > > > > Does this help? > > > > > > > > -- > > > > > > Johan Strange > > > > > > _______________________________ > > > > > > MCSE, MCSA + Messaging, CompA+ > > > > > > > > Logic42 Computer Solutions - The answer to everything > > > > > > > > "Yig" wrote: > > > > > > > Hi, > > > > > > > > > I have used Routing and Remote Access on my Windows 2003 SP2 server to > > > > > > > create a VPN server. > > > > > > > > > It is working, but not like I was expecting. > > > > > > > > > I granted permissions to a few users but when they connect, they can > > > > > > > only access the server with the VPN, not the rest of the network. > > > > > > > > > I have a firewall in front of it but it allows VPN passthru and port > > > > > > > 1723 is forwarded to the server. > > > > > > > > > What do I need to check to make sure that the network is available? > > > > > > > > > Thanks! > > >
Guest Yig Posted September 25, 2007 Posted September 25, 2007 Re: Problem with VPN setup Everything is in the same subnet. In RRA, if I look in IP Routing under General, I see that the Internal interface display that it is unavailable. Can you tell me what is that? Thanks! On Sep 25, 3:26 pm, Johan Strange <JohanStra...@discussions.microsoft.com> wrote: > Hi, > > If your network is split over VLANs or Subnets then yes you need a route but > if the servers you are trying to reach are on the same subnet then no you do > not. > -- > Johan Strange > _______________________________ > MCSE, MCSA + Messaging, CompA+ > > Logic42 Computer Solutions - The answer to everything > > "Yig" wrote: > > I used unassigned addresses to create a static pool. > > > Do I need to configure a route? > > > When I connected last night, I tried to ping other servers but I got a > > time out message. I can ping or connect with VNC on the machine > > running the VPN. > > > I will try again tonight. > > > On Sep 25, 1:16 pm, Johan Strange > > <JohanStra...@discussions.microsoft.com> wrote: > > > Hi, One NIC is fine. Usually I decide how many connections I will be > > > supporting, if I am using RRAS for VPN it would not be many anyway. I then > > > create an exclusion in DHCP and the IP Tab in Server (local) create a static > > > pool based on the DHCP exclusion. The RRAS will assign itself the first > > > address in the pool which you will be able to see under IP Routing/General. > > > When you connect from your client you will then take one of teh remaining IP > > > addresses in the pool. You can see the connection under "Remote Access > > > Clients". Right click and select status. > > > > Can you browse the Web on the VPN client when connected? check "use default > > > gateway on remote network" under the General tab of the client TCP/IP > > > settings (Advanced). > > > > Also can you ping another node on your network by IP? > > > > What error do you see when you try to access other devices through the VPN > > > connection? > > > > -- > > > Johan Strange > > > _______________________________ > > > MCSE, MCSA + Messaging, CompA+ > > > > Logic42 Computer Solutions - The answer to everything > > > > "Yig" wrote: > > > > I tried last night and I got the same results. > > > > > The VPN connection point to the correct DNS and WINS and it gets an IP > > > > address from the DHCP. > > > > > The server who is accepting VPN connections has only 1 NIC. Is that > > > > the problem? > > > > > On Sep 24, 11:32 am, Johan Strange > > > > <JohanStra...@discussions.microsoft.com> wrote: > > > > > GL - another thing to consider is name resolution , you can test this by > > > > > adding an entry to your hosts file. > > > > > -- > > > > > Johan Strange > > > > > _______________________________ > > > > > MCSE, MCSA + Messaging, CompA+ > > > > > > Logic42 Computer Solutions - The answer to everything > > > > > > "Yig" wrote: > > > > > > Hi John, > > > > > > > Yes, that helped. > > > > > > > I modified it as you said. > > > > > > > I will have to try tonight. > > > > > > > I will also forward port 47 to the server then. > > > > > > > Thanks! > > > > > > > On Sep 24, 10:28 am, Johan Strange > > > > > > <JohanStra...@discussions.microsoft.com> wrote: > > > > > > > If you open Routing and Remote Access, right click your Server (local) and > > > > > > > select properties under General Place a check in Router then select LAN > > > > > > > routing only. This should allow you to access the LAN. > > > > > > > > With PPTP you need to use 1723 and 47 . or UDP 500 and 1723 > > > > > > > > Does this help? > > > > > > > > -- > > > > > > > Johan Strange > > > > > > > _______________________________ > > > > > > > MCSE, MCSA + Messaging, CompA+ > > > > > > > > Logic42 Computer Solutions - The answer to everything > > > > > > > > "Yig" wrote: > > > > > > > > Hi, > > > > > > > > > I have used Routing and Remote Access on my Windows 2003 SP2 server to > > > > > > > > create a VPN server. > > > > > > > > > It is working, but not like I was expecting. > > > > > > > > > I granted permissions to a few users but when they connect, they can > > > > > > > > only access the server with the VPN, not the rest of the network. > > > > > > > > > I have a firewall in front of it but it allows VPN passthru and port > > > > > > > > 1723 is forwarded to the server. > > > > > > > > > What do I need to check to make sure that the network is available? > > > > > > > > > Thanks!
Guest Yig Posted September 26, 2007 Posted September 26, 2007 Re: Problem with VPN setup I got it to work! There was a policy that was added that denied acces to the network. I switched the permissions around and it is now working. Thanks for the help, really appreciated it. On Sep 25, 4:12 pm, Yig <snakybast...@gmail.com> wrote: > Everything is in the same subnet. > > In RRA, if I look in IP Routing under General, I see that the Internal > interface display that it is unavailable. Can you tell me what is > that? > > Thanks! > > On Sep 25, 3:26 pm, Johan Strange > > > > <JohanStra...@discussions.microsoft.com> wrote: > > Hi, > > > If your network is split over VLANs or Subnets then yes you need a route but > > if the servers you are trying to reach are on the same subnet then no you do > > not. > > -- > > Johan Strange > > _______________________________ > > MCSE, MCSA + Messaging, CompA+ > > > Logic42 Computer Solutions - The answer to everything > > > "Yig" wrote: > > > I used unassigned addresses to create a static pool. > > > > Do I need to configure a route? > > > > When I connected last night, I tried to ping other servers but I got a > > > time out message. I can ping or connect with VNC on the machine > > > running the VPN. > > > > I will try again tonight. > > > > On Sep 25, 1:16 pm, Johan Strange > > > <JohanStra...@discussions.microsoft.com> wrote: > > > > Hi, One NIC is fine. Usually I decide how many connections I will be > > > > supporting, if I am using RRAS for VPN it would not be many anyway. I then > > > > create an exclusion in DHCP and the IP Tab in Server (local) create a static > > > > pool based on the DHCP exclusion. The RRAS will assign itself the first > > > > address in the pool which you will be able to see under IP Routing/General. > > > > When you connect from your client you will then take one of teh remaining IP > > > > addresses in the pool. You can see the connection under "Remote Access > > > > Clients". Right click and select status. > > > > > Can you browse the Web on the VPN client when connected? check "use default > > > > gateway on remote network" under the General tab of the client TCP/IP > > > > settings (Advanced). > > > > > Also can you ping another node on your network by IP? > > > > > What error do you see when you try to access other devices through the VPN > > > > connection? > > > > > -- > > > > Johan Strange > > > > _______________________________ > > > > MCSE, MCSA + Messaging, CompA+ > > > > > Logic42 Computer Solutions - The answer to everything > > > > > "Yig" wrote: > > > > > I tried last night and I got the same results. > > > > > > The VPN connection point to the correct DNS and WINS and it gets an IP > > > > > address from the DHCP. > > > > > > The server who is accepting VPN connections has only 1 NIC. Is that > > > > > the problem? > > > > > > On Sep 24, 11:32 am, Johan Strange > > > > > <JohanStra...@discussions.microsoft.com> wrote: > > > > > > GL - another thing to consider is name resolution , you can test this by > > > > > > adding an entry to your hosts file. > > > > > > -- > > > > > > Johan Strange > > > > > > _______________________________ > > > > > > MCSE, MCSA + Messaging, CompA+ > > > > > > > Logic42 Computer Solutions - The answer to everything > > > > > > > "Yig" wrote: > > > > > > > Hi John, > > > > > > > > Yes, that helped. > > > > > > > > I modified it as you said. > > > > > > > > I will have to try tonight. > > > > > > > > I will also forward port 47 to the server then. > > > > > > > > Thanks! > > > > > > > > On Sep 24, 10:28 am, Johan Strange > > > > > > > <JohanStra...@discussions.microsoft.com> wrote: > > > > > > > > If you open Routing and Remote Access, right click your Server (local) and > > > > > > > > select properties under General Place a check in Router then select LAN > > > > > > > > routing only. This should allow you to access the LAN. > > > > > > > > > With PPTP you need to use 1723 and 47 . or UDP 500 and 1723 > > > > > > > > > Does this help? > > > > > > > > > -- > > > > > > > > Johan Strange > > > > > > > > _______________________________ > > > > > > > > MCSE, MCSA + Messaging, CompA+ > > > > > > > > > Logic42 Computer Solutions - The answer to everything > > > > > > > > > "Yig" wrote: > > > > > > > > > Hi, > > > > > > > > > > I have used Routing and Remote Access on my Windows 2003 SP2 server to > > > > > > > > > create a VPN server. > > > > > > > > > > It is working, but not like I was expecting. > > > > > > > > > > I granted permissions to a few users but when they connect, they can > > > > > > > > > only access the server with the VPN, not the rest of the network. > > > > > > > > > > I have a firewall in front of it but it allows VPN passthru and port > > > > > > > > > 1723 is forwarded to the server. > > > > > > > > > > What do I need to check to make sure that the network is available? > > > > > > > > > > Thanks!- Hide quoted text - > > - Show quoted text -
Recommended Posts