Solved

VPN client problem when trying to initiate client connection from behind a firewall

Posted on 2004-04-22
6
1,503 Views
Last Modified: 2013-11-21
I have set up a vpn server using W2003 RRAS.  

I have set up a pptp client on my laptop and I can connect with this if I use a modem connection.

However if I am at a client's office I still need to connect to my network through their system.  So if I plug my laptop into their ethernet network I can get a connection the internet but I cannot get to my network using the VPN.  It seems that the request gets to my server but the response is lost.  I would guess a firewall issue.

I need to have access to my network from anywhere inside or oustside any of my client's firewalls.  I do not really want to have to ask them to configure their firewalls to allow responses from my server.  Is there a way round this?

Is my understanding of the problem correct?  Is it possible to use pptp in this scenario?  If not, are any other VPN methods going to give me the functionality I require.

Much obliged

Wing
0
Comment
Question by:WingYip
6 Comments
 
LVL 11

Expert Comment

by:YohanShminge
ID: 10888483
Hi WingYip,

It sounds like your client's office is blocking inbound and outbound connections on certain ports, such as VPN's port.  They probably only allow basic services such as internet and email, which use ports 80, 110 and 25 respectively.  Without talking to their IT staff, the only way to get around this is to make your own connection to the internet, via dial-up or wireless.
0
 

Assisted Solution

by:Stevel123
Stevel123 earned 50 total points
ID: 10888982
WingWip

There are a number of potential problems here...
Are you 100% sure your request is actually getting to your server from within your clients network...unless you are allocated a public address while on their Lan, then your outbound request to your server will be either Nat'd, Pat'd or Proxied.
You will then see the IP address of either their firewall or Proxy server, depending upon how their environment is configured. If the packet is reaching your server, then it is likely the firewall will not need other mods as the outbound connection will be statefull which means replies will be allowed back through the internet facing firewall.
If you have multiple clients, then each will almost certainly have a different environment with its own issues about how you connect outbound.
The only sure way to connect without asking each client to modify their environments is to use an external connection such as ras via an ISP or one of the charge orientated services that allow you to connect to the 3rd party via http / https and establish a terminal services session to your server via their site...this would then appear to your customers firewalls as regular http / https traffic.

Cheers
Steve
0
 
LVL 6

Expert Comment

by:Technicon-SG
ID: 10889160
if you have a little money to spend...Cisco offers a WebVPN...this is an application layer VPN solution that works over standard web ports.  As far as I can tell I dont see another solution that would meet your needs via VPN.  Cisco 3005 VPN concentrators have sold on Ebay for about $1300 but new I think they are about $3000.

There may be other solutions outside of VPN that may work for you.  It would depend on what services you are accessing with your VPN.

If data access is the main concern ( ie...email, documents, software access, etc...) then you could run RDP over port 80, 21, or any other common port.  This would allow you remotly access a desktop on your network and do what ever you need to do.  This assumes that those ports are available on your network.

I think this would be the best solution for what you have described.

0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 1

Author Comment

by:WingYip
ID: 10890205
So I could use rdp to access my network from somewhere else?  How is that setup?

Wing
0
 
LVL 6

Accepted Solution

by:
Technicon-SG earned 75 total points
ID: 10890339
First lets start by saying if you are going to open RPD to the internet you will need to use a strong password for the user account and you will need to enable RDP access to the computer.

Second RDP normally uses port 3389...have your router forward inbound traffic from common port ( 80, 443, 21, 25, etc... whatever port you are not currently using for another service) to 3389 on the computer you want to access.

Third on your laptop lauch the RDP client and enter the ip address to connect to your computer followed by ":common port" ( ie... x.x.x.x:80 or x.x.x.x:21)  this will send the client request over the specified port.  When the request reaches your router it will be rerouted to 3389 on your computer.  You will be able to login to you computer and access network resources.
0
 
LVL 1

Author Comment

by:WingYip
ID: 10890857
Hmmmm

Doesn't sound bullet proof does it!

Thanks all

Wing
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to get maximum transfer speed over LAN 4 83
Wired Network vs Wireless 12 58
Cisco ASA 3 27
Current date-time from Available WiFi connections 10 31
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question