jfilmore33
asked on
VPN Problem
I am having trouble logging into VPN to my office from home.
I can log in to the VPN when in the network(at the office, for testing purposes), by
putting in the Win 2000 Servers IP, in the Host or IP part of the VPN client login.
Logically, it would seem I would need the routers IP to then connect to the Server's IP.
My setup.
HOME - Laptop in LAN, local IP 192.168.0.1 connected using CABLE Modem. (net gear router)
WORK - 2k server in LAN, LOCAL IP 192.168.1.167 connected by DSL (using linksys router)
TO PUT IT IN EASY TERMS, HOW DO I GET PAST MY ROUTER TO MY WORKS ROUTER TO 2k server at work?
I can log in to the VPN when in the network(at the office, for testing purposes), by
putting in the Win 2000 Servers IP, in the Host or IP part of the VPN client login.
Logically, it would seem I would need the routers IP to then connect to the Server's IP.
My setup.
HOME - Laptop in LAN, local IP 192.168.0.1 connected using CABLE Modem. (net gear router)
WORK - 2k server in LAN, LOCAL IP 192.168.1.167 connected by DSL (using linksys router)
TO PUT IT IN EASY TERMS, HOW DO I GET PAST MY ROUTER TO MY WORKS ROUTER TO 2k server at work?
humeniuk
Assuming the router & VPN server on the work end are configured properly, you have to make sure you are connecting to the public/internet IP for the work server, not the local/LAN IP. The router will make sure the incoming connections are sent to the VPN server for validation. On your end, you also have to configure your router to allow IPSec Pass-Through or PPTP Pass-Through (or both) depending on which your work server uses for VPN connections.
Try enabling PPTP & L2TP on the netgear (if those options are available) Also enable pass-thru authentication. If that's not it try updating or predating the firmware to the router, in other words don't be scared to use an older firmware.
ASKER
My main mis-unserstanding is, when i log into the VPN connection, and it asks for the server Host Name/IP, do I put
the routers DNS IP Address. On the the router it has LAN and WAN settings. It would be the IP from the WAN settings, is that right?
the routers DNS IP Address. On the the router it has LAN and WAN settings. It would be the IP from the WAN settings, is that right?
Yes, you put in the WAN (public/internet) IP address, not the LAN address.
Dang, you couldn't have been more general huh?
First, what kind of router you are using. Hopefully Cisco, if so please post config and ver. Let's take this step-by-step, or this will take forever man. Has this ever worked before, or was working and not working anymore?
Did you configure the routers yourself, need infrastructure and routing diagram please.
Please understand a lot of people post their questions very generally and think everybody already knows their network layout, which we have never seem before. As a network engineer before a tackle a project for a client, I first request a network diagram, access to their routers (if not, at least a config and ver). To see at least their hardware/OS meets requirements for the topology they want to accomplish. If we *network consultant* just go in and don't understand and see the whole picture, our configuration will probably NOT work in your enviroment. As you know, all environment is unique, which means different. What works in one environment, will probably not work best in yours.
First, what kind of router you are using. Hopefully Cisco, if so please post config and ver. Let's take this step-by-step, or this will take forever man. Has this ever worked before, or was working and not working anymore?
Did you configure the routers yourself, need infrastructure and routing diagram please.
Please understand a lot of people post their questions very generally and think everybody already knows their network layout, which we have never seem before. As a network engineer before a tackle a project for a client, I first request a network diagram, access to their routers (if not, at least a config and ver). To see at least their hardware/OS meets requirements for the topology they want to accomplish. If we *network consultant* just go in and don't understand and see the whole picture, our configuration will probably NOT work in your enviroment. As you know, all environment is unique, which means different. What works in one environment, will probably not work best in yours.
ASKER
Ok,
STATUS : can connect to VPN in OFFICE (LAN)only for testing purposes, but outside the LAN, no success.
SMALL OFFICE - 7 PC'S running XP Pro, TCP/IP as network protocol
1 Windows 2000 Server, Domain Controller
Network connected to outer world by LINKSYS , (BEFR41 v2) router (not wireless)
Router is connected to our DSL Connection
The router's internet connection type is currently PPPoE, not sure if that effects anything.
Another choice is PPTP which sounds more like a VPN, but the PPPoE is whats being used currently. Should I be using PPTP, ???
On 2000 server, running active directory which contains users that have been given the
permission to Dial in and connect remotely.(well, i can login locally so the users must have correct permissions.
To attempt and log into my offices VPN, I use the IP address located under the WAN settings in my offices router settings (the LinkSys BEFSR41) not the LAN IP. This is being done through my home NETGEAR Router, which also has VPN Capabilities.
I called linksys, but i honestley cannot understand a word they are saying to me!!!
STATUS : can connect to VPN in OFFICE (LAN)only for testing purposes, but outside the LAN, no success.
SMALL OFFICE - 7 PC'S running XP Pro, TCP/IP as network protocol
1 Windows 2000 Server, Domain Controller
Network connected to outer world by LINKSYS , (BEFR41 v2) router (not wireless)
Router is connected to our DSL Connection
The router's internet connection type is currently PPPoE, not sure if that effects anything.
Another choice is PPTP which sounds more like a VPN, but the PPPoE is whats being used currently. Should I be using PPTP, ???
On 2000 server, running active directory which contains users that have been given the
permission to Dial in and connect remotely.(well, i can login locally so the users must have correct permissions.
To attempt and log into my offices VPN, I use the IP address located under the WAN settings in my offices router settings (the LinkSys BEFSR41) not the LAN IP. This is being done through my home NETGEAR Router, which also has VPN Capabilities.
I called linksys, but i honestley cannot understand a word they are saying to me!!!
ASKER
PPTP and IPSEc are enabled, by the way
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I like that answer, because now I am able to reach my VPN Server at least. But
now the user that i gave permissions is being denied I believe, because it remains
at verifying Username + Password, and doesnt get passed that point. What are the
permissions the user should have to access through VPN, are there any things on WIN 2K Server
config that may be holding something back from log on?
now the user that i gave permissions is being denied I believe, because it remains
at verifying Username + Password, and doesnt get passed that point. What are the
permissions the user should have to access through VPN, are there any things on WIN 2K Server
config that may be holding something back from log on?
In the user's properties, under the 'dial-in' tab you have to make sure the 'Allow access' radio button under 'Remote Access Permission (Dial-in or VPN)' is checked or, if you are using RRAS, make sure that 'Control access through Remote Access Policy' is checked.
NB - I'm looking at a Win2k server (don't have Win2k3 at home), so it may be a little different in Win2k3.
NB - I'm looking at a Win2k server (don't have Win2k3 at home), so it may be a little different in Win2k3.
You'll find good info on remote access policies here: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/vpnexamp.mspx.
Make sure your users have "Dial in" permissions on their AD profile.
ASKER
I understand the logic now, which I am very happy about, I'll check the permissions tomorrow to see
if i can figure it out.
if i can figure it out.
Good luck. Be sure to check back here and tell us how it goes.
ASKER
will do!