TranTO
asked on
VPN Windows Server 2003
Hello
I have setup a VPN server (W2003), and few remote clients to access to the server (W2K)
From a remote client, I can connect to the server, according to the prompt, it's connected to the server somehow and I can ping from remote client to the VPN server either by name or by IP. But that is just about all I can do, I went to network places, trying to look for some other network groups and do some drive mapping to my remote client but there is nothing there other than my own network at home to map to.
Thanks very much
Tran
I have setup a VPN server (W2003), and few remote clients to access to the server (W2K)
From a remote client, I can connect to the server, according to the prompt, it's connected to the server somehow and I can ping from remote client to the VPN server either by name or by IP. But that is just about all I can do, I went to network places, trying to look for some other network groups and do some drive mapping to my remote client but there is nothing there other than my own network at home to map to.
Thanks very much
Tran
ASKER
Hello
1. No packet filtering whatsoever, only using basic firewall comes with Windows 2003
2. How can I make sure that RRAS routing is configured to route from the VPN to remote subnet? I did check the routing and remote access setting , but doesn't seem to have anything that would cause this problem. It strikes to me as this is something rather simple, but until you know what it is, of course nothing is simple!
1. No packet filtering whatsoever, only using basic firewall comes with Windows 2003
2. How can I make sure that RRAS routing is configured to route from the VPN to remote subnet? I did check the routing and remote access setting , but doesn't seem to have anything that would cause this problem. It strikes to me as this is something rather simple, but until you know what it is, of course nothing is simple!
if you can ping well through the VPN connection, that means the link and IP layers of VPN are good. for file and printer sharing over the VPN connection, you should make sure the followings are bound to the VPN connection, just double-click the connection icon to get into its properties page to check it:
1) client of microsoft network
2) file and printer sharing for microsoft networks
3) NETBIOS over TCPIP is enabled
4) ICF/ICS is disabled
NOTE: the VPN connection and its host physical connection are logically isolated, so even your host conection has no file and printer sharing enabled, your VPN connection may has its own netowork bindings such file and printer sharing.
hope it helps,
bbao
1) client of microsoft network
2) file and printer sharing for microsoft networks
3) NETBIOS over TCPIP is enabled
4) ICF/ICS is disabled
NOTE: the VPN connection and its host physical connection are logically isolated, so even your host conection has no file and printer sharing enabled, your VPN connection may has its own netowork bindings such file and printer sharing.
hope it helps,
bbao
ASKER
Hi
Thanks for the quick suggestion, but not working.
I think the problem is with the Windows 2003 server, not with client.
From Server:
1. I cannot ping the remote client, neither by name nor by IP address
2. I don't see the remote client anywhere in the 'Network places'
3. Event Viewer, however said the connection is there and everything is OK, here is the information inside Event Viewer:
The user TTT\User1 has connected adn has been sucessfully authenticated on port VPN5-126. Data sent and received over this line is strongly encrypted.
The user TTT\User1 logon connected on port VPN5-126 has been assigined address 169.254.85.102
From remote Client:
1. I can ping the Server, either by name or IP address
2. However, I cannot see the server anywhere in the 'Network places'
Hope you can, or somebody out there might have the answer
Thanks
TT
Thanks for the quick suggestion, but not working.
I think the problem is with the Windows 2003 server, not with client.
From Server:
1. I cannot ping the remote client, neither by name nor by IP address
2. I don't see the remote client anywhere in the 'Network places'
3. Event Viewer, however said the connection is there and everything is OK, here is the information inside Event Viewer:
The user TTT\User1 has connected adn has been sucessfully authenticated on port VPN5-126. Data sent and received over this line is strongly encrypted.
The user TTT\User1 logon connected on port VPN5-126 has been assigined address 169.254.85.102
From remote Client:
1. I can ping the Server, either by name or IP address
2. However, I cannot see the server anywhere in the 'Network places'
Hope you can, or somebody out there might have the answer
Thanks
TT
if you dont mind, please post your "ipconfig /all" and "route print" results at here BEFORE and AFTER the VPN connection established on the server and client, i think it should be helpful for the troubleshooting.
ASKER
Hello bbao,
Well, to be honest, I'm a little afraid of posting the 3 things that you mentioned earlier here, since I have a very limited knowlege in this area also, security is a concern, and this is our production server. It's all right, I will just have to look again to see where I might be missing, but if you can think of anything, please do let me know.
Thanks very much for your help
TT
Well, to be honest, I'm a little afraid of posting the 3 things that you mentioned earlier here, since I have a very limited knowlege in this area also, security is a concern, and this is our production server. It's all right, I will just have to look again to see where I might be missing, but if you can think of anything, please do let me know.
Thanks very much for your help
TT
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello
Well, it was rather simple (well always simple when you know)
all I need to do was to join the domain as soon as VPN is connected and it's working fine after that.
Thanks everyone for your input....greatly appreciated
Well, it was rather simple (well always simple when you know)
all I need to do was to join the domain as soon as VPN is connected and it's working fine after that.
Thanks everyone for your input....greatly appreciated
nice to hear it and glad to help. :)
ASKER
Thanks bbao...now I have different problem....can you help? I posted but doens't seem to have much help there and most of the time I find peole always want you to change completely your current configuration in order to help!
Here it is.....another network...
ISP---LinksysRouter---Exte rnalNIC--- W2K3Server ---Interna lNIC---Hub ---XPClien t
Linksys router BEFSR41:
===============
Router WAN IP: 65.92.144.22 Router LAN IP: 192.168.1.1
DNS1: 209.226.175.224 SM: 255.255.255.0
DNS2: 198.235.216.110 DHCP server DISABLED
Windows 2003 server:
==============
External NIC: IP: 192.168.1.2 Internal NIC: IP: 192.168.1.3
SM: 255.255.255.0 SM: 255.255.255.0
GW:192.168.1.1 GW: Blank
DNS: 192.168.1.3 DNS: 192.168.1.3
DHCP server enabled with range from 192.168.0.10 to 192.168.0.254
NAT is activated at server as well
DNS is running only for my internal domain name
Windows XP client:
============
Dynamically received whatever is assigned by server
Problem: The server can access Internet, only client cannot access to internet. However client can access server, I can map network drive without much problem.
thanks very much, please help anyone everyone!
TT
Here it is.....another network...
ISP---LinksysRouter---Exte
Linksys router BEFSR41:
===============
Router WAN IP: 65.92.144.22 Router LAN IP: 192.168.1.1
DNS1: 209.226.175.224 SM: 255.255.255.0
DNS2: 198.235.216.110 DHCP server DISABLED
Windows 2003 server:
==============
External NIC: IP: 192.168.1.2 Internal NIC: IP: 192.168.1.3
SM: 255.255.255.0 SM: 255.255.255.0
GW:192.168.1.1 GW: Blank
DNS: 192.168.1.3 DNS: 192.168.1.3
DHCP server enabled with range from 192.168.0.10 to 192.168.0.254
NAT is activated at server as well
DNS is running only for my internal domain name
Windows XP client:
============
Dynamically received whatever is assigned by server
Problem: The server can access Internet, only client cannot access to internet. However client can access server, I can map network drive without much problem.
thanks very much, please help anyone everyone!
TT
hi TT, just studied your last post and found some problems here:
1) DHCP server's scope (192.168.0.0/24) is not matchable with yourr LAN's subnet (192.168.1.0/24), typo?
2) the internal and external NIC's IP are in same subnet 192.168.1.0/24, commonly this is useless, typo?
3) might be the reason, if your XP client can not get default gateway setting from the DHCP server, the symptom may occur. invoke IPCONFIG /ALL on the XP client to check if its GW is blank.
hope it helps,
bbao
1) DHCP server's scope (192.168.0.0/24) is not matchable with yourr LAN's subnet (192.168.1.0/24), typo?
2) the internal and external NIC's IP are in same subnet 192.168.1.0/24, commonly this is useless, typo?
3) might be the reason, if your XP client can not get default gateway setting from the DHCP server, the symptom may occur. invoke IPCONFIG /ALL on the XP client to check if its GW is blank.
hope it helps,
bbao
ASKER
Hello bbao
1. OK fixed to get DHCP server with scope 192.168.1.0/24
2. Yes, both same subnet, is this a problem?
3. XP client doesn't have any problem of getting DGW from DHCP server, IPconfig /all
shows 192.168.1.2 (which is external Nic card) is this the way it supposed to be
Thanks for the quick reply....
TT
1. OK fixed to get DHCP server with scope 192.168.1.0/24
2. Yes, both same subnet, is this a problem?
3. XP client doesn't have any problem of getting DGW from DHCP server, IPconfig /all
shows 192.168.1.2 (which is external Nic card) is this the way it supposed to be
Thanks for the quick reply....
TT
> 1. OK fixed to get DHCP server with scope 192.168.1.0/24
please also make sure the DHCP sever is working with the proper DHCP options, such as those for DNS, DGW, WINS...
> 2. Yes, both same subnet, is this a problem?
> 3. XP client doesn't have any problem of getting DGW from DHCP server, IPconfig /all
shows 192.168.1.2 (which is external Nic card) is this the way it supposed to be
sure, it is a problem. it seems that the XP client can reach 2K3's external NIC without passing through the internal NIC, because XP's DGW is 2K3's external IP. so the 2K3's internal NIC is useless at here.
in fact, just change your XP's DGW to BEFSR41, then everything should be fine.
commonly, the BEFSR41 should be the gateway/firewall for your LAN, so you dont need make the 2K3 to act as the NAT gateway. in fact, i think that NAT is not working with your current configuration, because you are expecting NAT to work on same NIC/IP, hehe.
btw, where is the original position of your question, if it is an EE's question too, it think it would be better that we post the comments at there for easy referrence later.
later,
bbao
please also make sure the DHCP sever is working with the proper DHCP options, such as those for DNS, DGW, WINS...
> 2. Yes, both same subnet, is this a problem?
> 3. XP client doesn't have any problem of getting DGW from DHCP server, IPconfig /all
shows 192.168.1.2 (which is external Nic card) is this the way it supposed to be
sure, it is a problem. it seems that the XP client can reach 2K3's external NIC without passing through the internal NIC, because XP's DGW is 2K3's external IP. so the 2K3's internal NIC is useless at here.
in fact, just change your XP's DGW to BEFSR41, then everything should be fine.
commonly, the BEFSR41 should be the gateway/firewall for your LAN, so you dont need make the 2K3 to act as the NAT gateway. in fact, i think that NAT is not working with your current configuration, because you are expecting NAT to work on same NIC/IP, hehe.
btw, where is the original position of your question, if it is an EE's question too, it think it would be better that we post the comments at there for easy referrence later.
later,
bbao
ASKER
Hello bbao,
I posted the question under title " WXP Client connect to W2003 server but not to Internet" under Microsoft Network.
I know what you mean, I can very easily hookup the client directly to the Linksys router, but for now just say I like to surf the internet through the server
ISP---LinksysRouter---Exte rnalNIC--- W2K3Server ---Interna lNIC---Hub ---XPClien t
and your suggestion so far, doesn't seem to work yet. I did have a whole print screen of both client and server posted in the original question, not sure what I'm missing, thanks very much for your help so far
TT
I posted the question under title " WXP Client connect to W2003 server but not to Internet" under Microsoft Network.
I know what you mean, I can very easily hookup the client directly to the Linksys router, but for now just say I like to surf the internet through the server
ISP---LinksysRouter---Exte
and your suggestion so far, doesn't seem to work yet. I did have a whole print screen of both client and server posted in the original question, not sure what I'm missing, thanks very much for your help so far
TT
please post the URL of that question, thanks.
ASKER
try the followings:
ISP---LinksysRouter---Exte rnalNIC--- W2K3Server ---Interna lNIC---Hub ---XPClien t
^ ^ ^ ^
192.168.1.1 192.168.1.2 192.168.2.2 192.168.2.3 (DHCP enabled)
DHCP scope of W2K3: 192.168.2.3 to 192.168.2.254 mask 255.255.255.0
DHCP of BEFSR41 is disabled
link BEFSR41 and W2K3 with cross-over cable, dont use hub
NAT is enabled for the external and internal NICs of W2K3, make sure the direction is correct
hope it helps,
bbao
ISP---LinksysRouter---Exte
^ ^ ^ ^
192.168.1.1 192.168.1.2 192.168.2.2 192.168.2.3 (DHCP enabled)
DHCP scope of W2K3: 192.168.2.3 to 192.168.2.254 mask 255.255.255.0
DHCP of BEFSR41 is disabled
link BEFSR41 and W2K3 with cross-over cable, dont use hub
NAT is enabled for the external and internal NICs of W2K3, make sure the direction is correct
hope it helps,
bbao
ASKER
I ahve not beeen here for long time..yeah plesae close this
hi TranTO, you may choose to accept one or more helpful comments to close the question, or to ask EE moderator to delete or PAQ it and get refund. regards, bbao
You need to make sure that there is no port filter that blocks your MS service protocol packets (TCP/UDP 135, 138, 139 and 445) from communicating with your remote machines.
You also need to make sure that your RRAS routing is configured to route from the VPN to your remote subnet.