Solved

VPN client problem when trying to initiate client connection from behind a firewall

Posted on 2004-04-22
6
1,515 Views
Last Modified: 2013-11-21
I have set up a vpn server using W2003 RRAS.  

I have set up a pptp client on my laptop and I can connect with this if I use a modem connection.

However if I am at a client's office I still need to connect to my network through their system.  So if I plug my laptop into their ethernet network I can get a connection the internet but I cannot get to my network using the VPN.  It seems that the request gets to my server but the response is lost.  I would guess a firewall issue.

I need to have access to my network from anywhere inside or oustside any of my client's firewalls.  I do not really want to have to ask them to configure their firewalls to allow responses from my server.  Is there a way round this?

Is my understanding of the problem correct?  Is it possible to use pptp in this scenario?  If not, are any other VPN methods going to give me the functionality I require.

Much obliged

Wing
0
Comment
Question by:WingYip
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 11

Expert Comment

by:YohanShminge
ID: 10888483
Hi WingYip,

It sounds like your client's office is blocking inbound and outbound connections on certain ports, such as VPN's port.  They probably only allow basic services such as internet and email, which use ports 80, 110 and 25 respectively.  Without talking to their IT staff, the only way to get around this is to make your own connection to the internet, via dial-up or wireless.
0
 

Assisted Solution

by:Stevel123
Stevel123 earned 50 total points
ID: 10888982
WingWip

There are a number of potential problems here...
Are you 100% sure your request is actually getting to your server from within your clients network...unless you are allocated a public address while on their Lan, then your outbound request to your server will be either Nat'd, Pat'd or Proxied.
You will then see the IP address of either their firewall or Proxy server, depending upon how their environment is configured. If the packet is reaching your server, then it is likely the firewall will not need other mods as the outbound connection will be statefull which means replies will be allowed back through the internet facing firewall.
If you have multiple clients, then each will almost certainly have a different environment with its own issues about how you connect outbound.
The only sure way to connect without asking each client to modify their environments is to use an external connection such as ras via an ISP or one of the charge orientated services that allow you to connect to the 3rd party via http / https and establish a terminal services session to your server via their site...this would then appear to your customers firewalls as regular http / https traffic.

Cheers
Steve
0
 
LVL 6

Expert Comment

by:Technicon-SG
ID: 10889160
if you have a little money to spend...Cisco offers a WebVPN...this is an application layer VPN solution that works over standard web ports.  As far as I can tell I dont see another solution that would meet your needs via VPN.  Cisco 3005 VPN concentrators have sold on Ebay for about $1300 but new I think they are about $3000.

There may be other solutions outside of VPN that may work for you.  It would depend on what services you are accessing with your VPN.

If data access is the main concern ( ie...email, documents, software access, etc...) then you could run RDP over port 80, 21, or any other common port.  This would allow you remotly access a desktop on your network and do what ever you need to do.  This assumes that those ports are available on your network.

I think this would be the best solution for what you have described.

0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 1

Author Comment

by:WingYip
ID: 10890205
So I could use rdp to access my network from somewhere else?  How is that setup?

Wing
0
 
LVL 6

Accepted Solution

by:
Technicon-SG earned 75 total points
ID: 10890339
First lets start by saying if you are going to open RPD to the internet you will need to use a strong password for the user account and you will need to enable RDP access to the computer.

Second RDP normally uses port 3389...have your router forward inbound traffic from common port ( 80, 443, 21, 25, etc... whatever port you are not currently using for another service) to 3389 on the computer you want to access.

Third on your laptop lauch the RDP client and enter the ip address to connect to your computer followed by ":common port" ( ie... x.x.x.x:80 or x.x.x.x:21)  this will send the client request over the specified port.  When the request reaches your router it will be rerouted to 3389 on your computer.  You will be able to login to you computer and access network resources.
0
 
LVL 1

Author Comment

by:WingYip
ID: 10890857
Hmmmm

Doesn't sound bullet proof does it!

Thanks all

Wing
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco AnyConnect VPN 4 48
Cisco Meraki Alert - Client IP Detected 1 52
Linux Server mapping drive using SSH key 9 53
allow device through ASA 4 14
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question