VPN - Setting up a IBM Laptop running Windows XP to connect to a Windows 2000 Server

We have a Windows 2000 Server for our office network.  We have 10 computers connected, and we store most of our data on this server.  My boss needs to connect to this information while on the road using Cox Dial-Up or AOL Dial-Up.  The server is behind a LINKSYS BEFVP41 Router and a 3COM 3300 XM Switch.  We use a Cox Cable modem for our internet connection, and the XP Laptop can see the network fine as long as it is plugged into the LAN.  We use Softremote LT, and we have successfully set up a VPN for a Dell Windows 2000 Laptop.  But on the XP Laptop, the network is unavailable.  The laptop appears to be connecting to the VPN, but you just can't see anything.

I was hoping someone could give me some ways to get this thing working properly.  Also, please let me know if I left out any details because I am not the greatest with networking.
jamesesmithAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
JConchieConnect With a Mentor Commented:
Brandon,
Getting into how your DNS is set up could be opening a very large can of worms...so simplest wasy to do this is with an lmhosts file....just checking the box in tcp/ip properties, on the Wins tab, doen't do anything ...you have to write the file itself.

On the laptop, open a blank notepad document and type the following on on line.  Substitue the correct your DC server ip address and name in the first and second segments of the line.  Put about half a dozen spaces between each segment of the line.

192.168.1.1            myservername         #PRE #DOM:main      #our DC


Do "save as" and call the file "mycompanynamelmhost, save it as a .txt file to a location on the laptop where you can find it again.

go back into tcp/ip properties for the VPN connection, click the "advanced" button, go to the WINS tab, leave the "enable lmhosts lookup" box checked, and click on the "Import lmhosts" button........browse to where ever you saved your newly created "mycompanynamelmhosts.txt" and double click on it.  That will take you back to the WINS tab.....click "OK" and "OK" and "OK"  and get back out to your desktop.
Go to start/run, enter "cmd" to get to the command prompt......type "ping mydcservername"  and it should now resolve to the IP address and give you four solid replies.....then restart your laptop, login to the domain, with a domain user account...start the VPN...and you will [I hope, ;-) ]  be able to access your network shares.....
0
 
JConchieCommented:
Does this laptop have XP service pack two loaded.  If so, the firewall is on by default and you will have to configure it to allow access.
0
 
jamesesmithAuthor Commented:
Yes, it does have XP service pack two loaded.  I will check and see if this is the problem when my boss comes in...

Thanks,
Brandon
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
jamesesmithAuthor Commented:
That wasn't the problem, but I am currently trying some other stuff...  I redoing his account in the Active Directory to see if that is the problem.
0
 
jamesesmithAuthor Commented:
Oh, and the laptop does not have Service Pack 2... it still has SP1.
0
 
JConchieCommented:
besides his user account, make sure the XP laptop is joined to the domain and has an account under "computers" in Active Directory "Users and Computers"
0
 
jamesesmithAuthor Commented:
The laptop has an account under computers.  I am dialed into the VPN right now, and it appears to be connected, but I cannot see any of the shared resources.  The router is saying the VPN is connected, and I can even see our domain JES-Engineer under Entire Network.  But when I try to open it, I get "JES-Engineer is not accessible.  You might not have permission to use this network resource.  Contact the administrator of this server to find out if you have access permissions.       The list of servers for this workgroup is not currently available."

I cannot figure out why this error is coming up because I have another laptop (using Windows 2000) that can connect just fine, and I have set up both users the exact same in the active directory.
0
 
JConchieCommented:
When the user logs on to the laptop, is it with domain credentials?  In other words, in the third box under user name and password, are you logging into the domain or to the local machine....if it is the local machine, then you are not going to have permissions passed to the domain...and you will be blocked from domain resources.
0
 
jamesesmithAuthor Commented:
I am logging in to our domain, JES-Engineer
0
 
JConchieCommented:
Ok, next thing to look at is if this is a DNS issue.....if the machine can't contact a DC, it will not be able to get permissions to your shares.  Is your laptop pointing to your internal DNS server as it's primary DNS?  How is your DNS set up? The ideal is to have all your machines pointing to your local DNS server and have it set up to be a redirector to your ISP's DNS for internet resolution.

Are you running WINS?  Are you using lmhosts file to point to your DC(s)?

Simple way to test this:

from the laptop, ping the DC/server by IP address.....if you get four good replies, you know that the VPN is working and that you in fact are connected to your local network
then:
Ping the DC/server by name...ie:  "ping myserver"   If name resolution is working, you should immediately get a line that says: "Pinging myserver [192.168.x.x] with 32 bytes of data"   That tells you that name resolution is working and the laptop can find the DC.....at that point we start looking at permission issues.

If the server name does not resolve to an ip address and you get a "unknown host myserver" message, then we have a name resoultion problem....which means the laptop is unable to find the DC to get permissions to resources.

0
 
jamesesmithAuthor Commented:
After I changed a couple of settings, I am now able to ping the server ip... finally.

I did the following from DOS:

ping 192.168.1.1   and I get 4 good tries eventually

when I tried to do:

ping SERVER01    I get an unknown host message

So I guess this is a name resolution problem... Any suggestions from here?

Thanks,
Brandon
0
 
jamesesmithAuthor Commented:
Just for reference, in case anyone else has this problem...

In order for me to even ping my server (Windows 2000 Server), I had to open up my TCP/IP properties for the VPN connection
Under networking, then advanced, uncheck the default gateway... then under WINS, I had to disable NetBIOS.  I do have the LMHost box checked.
0
 
jamesesmithAuthor Commented:
Stratch that part about disabling NetBios, I left it enabled.
0
 
JConchieCommented:
"on on line":  should read "on one line"
0
 
JConchieCommented:
Hold it , Hold it......I just screwed up....I copied from one of my lmhosts files...and the part of the line that reads:

"#PRE #DOM:main"        main is one of my domains....you need to substitue the name of your domain in place of "main"
0
 
JConchieCommented:
and don't forget, you don't use the quotation marks I have put around things...... :-)
0
 
JConchieCommented:
and it is a good thing, in your situation, to have NetBios enabled.
0
 
jamesesmithAuthor Commented:
Heh, should I copy a lmhost file from the laptop that has the VPN working?
0
 
JConchieCommented:
If you have one and it contains the name and IP of your DC......sure....  :-)
0
 
jamesesmithAuthor Commented:
It is still not working... I can ping the server 192.168.1.1 and I can ping it by the name SERVER01... but I cannot see anything on the network.

0
 
jamesesmithAuthor Commented:
As far as the DNS Settings, I am not sure how they are set up.  How should they be configured?
0
 
jamesesmithAuthor Commented:
And now the internet explorer will not work when I hook the LAN back up....
0
 
jamesesmithAuthor Commented:
Tell me if you think this is the problem...

When I am connected to Dial-Up and 'supposedly' connect to the vpn.  I ran ipconfig and everything looked fine except the VPN Connection didn't have a default gateway.  It had an IP and a Subnet.  
0
 
JConchieCommented:
Brandon,
I'm about to leave for the weekend....will have to persue this next week....how are you setting up the VPN?  Do you have a DNS server running on you LAN?  Also what permissions do you have set on your shares?
0
 
jamesesmithAuthor Commented:
Yes, we have a DNS Server running on the LAN, and I have all the permissions set fine for the shares because I can access them all from my other laptop.
0
 
jamesesmithAuthor Commented:
Do you know why I might now be getting a Default Gateway on the XP Laptop?
0
 
JConchieCommented:
no, what is the ip address of it....and how are you accessing the internet? do you have a firewall.....what are you using to set up vpn?  need to understand setup of your network better to do anything more with this
0
 
jamesesmithAuthor Commented:
I am accessing the internet using Cox Dial-Up services.  Yes, we have a Norton Personal Firewall set up on every computer on the network.  I am using SoftRemote LT to set up the VPN.

I checked the 'use default gateway' box on the tcp/ip of the VPN, and I now have a default gateway, but it won't let me access the internet, and I still can't see the network.  I can ping the server though...

Here is what I am seeing from ipconfig... Cox is the dial-up  and our server is 192.168.1.200

Ethernet adapter Local Area Connection:
        Media State . . . . . . . . . . . : Media disconnected
PPP adapter Cox:
        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 66.76.6.194
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 66.76.6.194
PPP adapter JES VPN:
        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 192.168.1.4
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 192.168.1.4
0
 
JConchieCommented:
The default gateway on the machine is set to point to itself....that's why you can't get out to the internet.....use the ip address of your interior lan gateway and that should get you out to the internet.  Got to go, will check in with you on tuesday.
0
 
jamesesmithAuthor Commented:
Thanks for your help!  
0
 
jamesesmithAuthor Commented:
I checked the log for the router, and I can see the Laptop trying to connect, but then a red line shows up like the following:

IKE[71] ** Check your Encryption and Authentication method settings !

Thanks,
Brandon
0
 
jamesesmithAuthor Commented:
Thanks for your help, I am gong to open up another question with the specific details of the problem.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.