Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

VPN client problem when trying to initiate client connection from behind a firewall

Posted on 2004-04-22
6
Medium Priority
?
1,537 Views
Last Modified: 2013-11-21
I have set up a vpn server using W2003 RRAS.  

I have set up a pptp client on my laptop and I can connect with this if I use a modem connection.

However if I am at a client's office I still need to connect to my network through their system.  So if I plug my laptop into their ethernet network I can get a connection the internet but I cannot get to my network using the VPN.  It seems that the request gets to my server but the response is lost.  I would guess a firewall issue.

I need to have access to my network from anywhere inside or oustside any of my client's firewalls.  I do not really want to have to ask them to configure their firewalls to allow responses from my server.  Is there a way round this?

Is my understanding of the problem correct?  Is it possible to use pptp in this scenario?  If not, are any other VPN methods going to give me the functionality I require.

Much obliged

Wing
0
Comment
Question by:WingYip
6 Comments
 
LVL 11

Expert Comment

by:YohanShminge
ID: 10888483
Hi WingYip,

It sounds like your client's office is blocking inbound and outbound connections on certain ports, such as VPN's port.  They probably only allow basic services such as internet and email, which use ports 80, 110 and 25 respectively.  Without talking to their IT staff, the only way to get around this is to make your own connection to the internet, via dial-up or wireless.
0
 

Assisted Solution

by:Stevel123
Stevel123 earned 200 total points
ID: 10888982
WingWip

There are a number of potential problems here...
Are you 100% sure your request is actually getting to your server from within your clients network...unless you are allocated a public address while on their Lan, then your outbound request to your server will be either Nat'd, Pat'd or Proxied.
You will then see the IP address of either their firewall or Proxy server, depending upon how their environment is configured. If the packet is reaching your server, then it is likely the firewall will not need other mods as the outbound connection will be statefull which means replies will be allowed back through the internet facing firewall.
If you have multiple clients, then each will almost certainly have a different environment with its own issues about how you connect outbound.
The only sure way to connect without asking each client to modify their environments is to use an external connection such as ras via an ISP or one of the charge orientated services that allow you to connect to the 3rd party via http / https and establish a terminal services session to your server via their site...this would then appear to your customers firewalls as regular http / https traffic.

Cheers
Steve
0
 
LVL 6

Expert Comment

by:Technicon-SG
ID: 10889160
if you have a little money to spend...Cisco offers a WebVPN...this is an application layer VPN solution that works over standard web ports.  As far as I can tell I dont see another solution that would meet your needs via VPN.  Cisco 3005 VPN concentrators have sold on Ebay for about $1300 but new I think they are about $3000.

There may be other solutions outside of VPN that may work for you.  It would depend on what services you are accessing with your VPN.

If data access is the main concern ( ie...email, documents, software access, etc...) then you could run RDP over port 80, 21, or any other common port.  This would allow you remotly access a desktop on your network and do what ever you need to do.  This assumes that those ports are available on your network.

I think this would be the best solution for what you have described.

0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
LVL 1

Author Comment

by:WingYip
ID: 10890205
So I could use rdp to access my network from somewhere else?  How is that setup?

Wing
0
 
LVL 6

Accepted Solution

by:
Technicon-SG earned 300 total points
ID: 10890339
First lets start by saying if you are going to open RPD to the internet you will need to use a strong password for the user account and you will need to enable RDP access to the computer.

Second RDP normally uses port 3389...have your router forward inbound traffic from common port ( 80, 443, 21, 25, etc... whatever port you are not currently using for another service) to 3389 on the computer you want to access.

Third on your laptop lauch the RDP client and enter the ip address to connect to your computer followed by ":common port" ( ie... x.x.x.x:80 or x.x.x.x:21)  this will send the client request over the specified port.  When the request reaches your router it will be rerouted to 3389 on your computer.  You will be able to login to you computer and access network resources.
0
 
LVL 1

Author Comment

by:WingYip
ID: 10890857
Hmmmm

Doesn't sound bullet proof does it!

Thanks all

Wing
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question