Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

VPN client problem when trying to initiate client connection from behind a firewall

Posted on 2004-04-22
6
Medium Priority
?
1,530 Views
Last Modified: 2013-11-21
I have set up a vpn server using W2003 RRAS.  

I have set up a pptp client on my laptop and I can connect with this if I use a modem connection.

However if I am at a client's office I still need to connect to my network through their system.  So if I plug my laptop into their ethernet network I can get a connection the internet but I cannot get to my network using the VPN.  It seems that the request gets to my server but the response is lost.  I would guess a firewall issue.

I need to have access to my network from anywhere inside or oustside any of my client's firewalls.  I do not really want to have to ask them to configure their firewalls to allow responses from my server.  Is there a way round this?

Is my understanding of the problem correct?  Is it possible to use pptp in this scenario?  If not, are any other VPN methods going to give me the functionality I require.

Much obliged

Wing
0
Comment
Question by:WingYip
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 11

Expert Comment

by:YohanShminge
ID: 10888483
Hi WingYip,

It sounds like your client's office is blocking inbound and outbound connections on certain ports, such as VPN's port.  They probably only allow basic services such as internet and email, which use ports 80, 110 and 25 respectively.  Without talking to their IT staff, the only way to get around this is to make your own connection to the internet, via dial-up or wireless.
0
 

Assisted Solution

by:Stevel123
Stevel123 earned 200 total points
ID: 10888982
WingWip

There are a number of potential problems here...
Are you 100% sure your request is actually getting to your server from within your clients network...unless you are allocated a public address while on their Lan, then your outbound request to your server will be either Nat'd, Pat'd or Proxied.
You will then see the IP address of either their firewall or Proxy server, depending upon how their environment is configured. If the packet is reaching your server, then it is likely the firewall will not need other mods as the outbound connection will be statefull which means replies will be allowed back through the internet facing firewall.
If you have multiple clients, then each will almost certainly have a different environment with its own issues about how you connect outbound.
The only sure way to connect without asking each client to modify their environments is to use an external connection such as ras via an ISP or one of the charge orientated services that allow you to connect to the 3rd party via http / https and establish a terminal services session to your server via their site...this would then appear to your customers firewalls as regular http / https traffic.

Cheers
Steve
0
 
LVL 6

Expert Comment

by:Technicon-SG
ID: 10889160
if you have a little money to spend...Cisco offers a WebVPN...this is an application layer VPN solution that works over standard web ports.  As far as I can tell I dont see another solution that would meet your needs via VPN.  Cisco 3005 VPN concentrators have sold on Ebay for about $1300 but new I think they are about $3000.

There may be other solutions outside of VPN that may work for you.  It would depend on what services you are accessing with your VPN.

If data access is the main concern ( ie...email, documents, software access, etc...) then you could run RDP over port 80, 21, or any other common port.  This would allow you remotly access a desktop on your network and do what ever you need to do.  This assumes that those ports are available on your network.

I think this would be the best solution for what you have described.

0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
LVL 1

Author Comment

by:WingYip
ID: 10890205
So I could use rdp to access my network from somewhere else?  How is that setup?

Wing
0
 
LVL 6

Accepted Solution

by:
Technicon-SG earned 300 total points
ID: 10890339
First lets start by saying if you are going to open RPD to the internet you will need to use a strong password for the user account and you will need to enable RDP access to the computer.

Second RDP normally uses port 3389...have your router forward inbound traffic from common port ( 80, 443, 21, 25, etc... whatever port you are not currently using for another service) to 3389 on the computer you want to access.

Third on your laptop lauch the RDP client and enter the ip address to connect to your computer followed by ":common port" ( ie... x.x.x.x:80 or x.x.x.x:21)  this will send the client request over the specified port.  When the request reaches your router it will be rerouted to 3389 on your computer.  You will be able to login to you computer and access network resources.
0
 
LVL 1

Author Comment

by:WingYip
ID: 10890857
Hmmmm

Doesn't sound bullet proof does it!

Thanks all

Wing
0

Featured Post

Looking for a new Web Host?

Lunarpages' assortment of hosting products and solutions ensure a perfect fit for anyone looking to get their vision or products to market. Our award winning customer support and 30-day money back guarantee show the pride we take in being the industry's premier MSP.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question