Solved

VPN client problem when trying to initiate client connection from behind a firewall

Posted on 2004-04-22
6
1,497 Views
Last Modified: 2013-11-21
I have set up a vpn server using W2003 RRAS.  

I have set up a pptp client on my laptop and I can connect with this if I use a modem connection.

However if I am at a client's office I still need to connect to my network through their system.  So if I plug my laptop into their ethernet network I can get a connection the internet but I cannot get to my network using the VPN.  It seems that the request gets to my server but the response is lost.  I would guess a firewall issue.

I need to have access to my network from anywhere inside or oustside any of my client's firewalls.  I do not really want to have to ask them to configure their firewalls to allow responses from my server.  Is there a way round this?

Is my understanding of the problem correct?  Is it possible to use pptp in this scenario?  If not, are any other VPN methods going to give me the functionality I require.

Much obliged

Wing
0
Comment
Question by:WingYip
6 Comments
 
LVL 11

Expert Comment

by:YohanShminge
ID: 10888483
Hi WingYip,

It sounds like your client's office is blocking inbound and outbound connections on certain ports, such as VPN's port.  They probably only allow basic services such as internet and email, which use ports 80, 110 and 25 respectively.  Without talking to their IT staff, the only way to get around this is to make your own connection to the internet, via dial-up or wireless.
0
 

Assisted Solution

by:Stevel123
Stevel123 earned 50 total points
ID: 10888982
WingWip

There are a number of potential problems here...
Are you 100% sure your request is actually getting to your server from within your clients network...unless you are allocated a public address while on their Lan, then your outbound request to your server will be either Nat'd, Pat'd or Proxied.
You will then see the IP address of either their firewall or Proxy server, depending upon how their environment is configured. If the packet is reaching your server, then it is likely the firewall will not need other mods as the outbound connection will be statefull which means replies will be allowed back through the internet facing firewall.
If you have multiple clients, then each will almost certainly have a different environment with its own issues about how you connect outbound.
The only sure way to connect without asking each client to modify their environments is to use an external connection such as ras via an ISP or one of the charge orientated services that allow you to connect to the 3rd party via http / https and establish a terminal services session to your server via their site...this would then appear to your customers firewalls as regular http / https traffic.

Cheers
Steve
0
 
LVL 6

Expert Comment

by:Technicon-SG
ID: 10889160
if you have a little money to spend...Cisco offers a WebVPN...this is an application layer VPN solution that works over standard web ports.  As far as I can tell I dont see another solution that would meet your needs via VPN.  Cisco 3005 VPN concentrators have sold on Ebay for about $1300 but new I think they are about $3000.

There may be other solutions outside of VPN that may work for you.  It would depend on what services you are accessing with your VPN.

If data access is the main concern ( ie...email, documents, software access, etc...) then you could run RDP over port 80, 21, or any other common port.  This would allow you remotly access a desktop on your network and do what ever you need to do.  This assumes that those ports are available on your network.

I think this would be the best solution for what you have described.

0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 1

Author Comment

by:WingYip
ID: 10890205
So I could use rdp to access my network from somewhere else?  How is that setup?

Wing
0
 
LVL 6

Accepted Solution

by:
Technicon-SG earned 75 total points
ID: 10890339
First lets start by saying if you are going to open RPD to the internet you will need to use a strong password for the user account and you will need to enable RDP access to the computer.

Second RDP normally uses port 3389...have your router forward inbound traffic from common port ( 80, 443, 21, 25, etc... whatever port you are not currently using for another service) to 3389 on the computer you want to access.

Third on your laptop lauch the RDP client and enter the ip address to connect to your computer followed by ":common port" ( ie... x.x.x.x:80 or x.x.x.x:21)  this will send the client request over the specified port.  When the request reaches your router it will be rerouted to 3389 on your computer.  You will be able to login to you computer and access network resources.
0
 
LVL 1

Author Comment

by:WingYip
ID: 10890857
Hmmmm

Doesn't sound bullet proof does it!

Thanks all

Wing
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now