Solved

VPN Problem

Posted on 2004-09-27
15
237 Views
Last Modified: 2010-03-18
I am having trouble logging into VPN to my office from home.
I can log in to the VPN when in the network(at the office, for testing purposes), by
putting in the Win 2000 Servers IP, in the Host or IP part of the VPN client login.

Logically, it would seem I would need the routers IP to then connect to the Server's IP.

My setup.
 
HOME - Laptop in LAN, local IP 192.168.0.1 connected using CABLE Modem. (net gear router)

WORK - 2k server in LAN, LOCAL IP 192.168.1.167 connected by DSL (using linksys router)



TO PUT IT IN EASY TERMS, HOW DO I GET PAST MY ROUTER TO MY WORKS ROUTER TO 2k server at work?
0
Comment
Question by:jfilmore33
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
  • 2
  • +1
15 Comments
 
LVL 33

Expert Comment

by:humeniuk
ID: 12164696
Assuming the router & VPN server on the work end are configured properly, you have to make sure you are connecting to the public/internet IP for the work server, not the local/LAN IP.  The router will make sure the incoming connections are sent to the VPN server for validation.  On your end, you also have to configure your router to allow IPSec Pass-Through or PPTP Pass-Through (or both) depending on which your work server uses for VPN connections.
0
 
LVL 2

Expert Comment

by:apostle12
ID: 12165825
Try enabling PPTP & L2TP on the netgear (if those options are available) Also enable pass-thru authentication. If that's not it try updating or predating the firmware to the router, in other words don't be scared to use an older firmware.
0
 

Author Comment

by:jfilmore33
ID: 12165920
My main mis-unserstanding is, when i log into the VPN connection, and it asks for the server Host Name/IP, do I put
the routers DNS IP Address. On the the router it has LAN and WAN settings. It would be the IP from the WAN settings, is that right?

0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 33

Expert Comment

by:humeniuk
ID: 12166601
Yes, you put in the WAN (public/internet) IP address, not the LAN address.
0
 
LVL 9

Expert Comment

by:Pentrix2
ID: 12169251
Dang, you couldn't have been more general huh?

First, what kind of router you are using.  Hopefully Cisco, if so please post config and ver.  Let's take this step-by-step, or this will take forever man.  Has this ever worked before, or was working and not working anymore?

Did you configure the routers yourself, need infrastructure and routing diagram please.

Please understand a lot of people post their questions very generally and think everybody already knows their network layout, which we have never seem before.  As a network engineer before a tackle a project for a client, I first request a network diagram, access to their routers (if not, at least a config and ver).  To see at least their hardware/OS meets requirements for the topology they want to accomplish.  If we *network consultant* just go in and don't understand and see the whole picture, our configuration will probably NOT work in your enviroment.  As you know, all environment is unique, which means different.  What works in one environment, will probably not work best in yours.
0
 

Author Comment

by:jfilmore33
ID: 12173171
Ok,

STATUS : can connect to VPN in OFFICE (LAN)only for testing purposes, but outside the LAN, no success.

SMALL OFFICE - 7 PC'S running XP Pro, TCP/IP as network protocol
                        1 Windows 2000 Server, Domain Controller

Network connected to outer world by LINKSYS , (BEFR41 v2) router (not wireless)
Router is connected to our DSL Connection

The router's internet connection type is currently PPPoE, not sure if that effects anything.
Another choice is PPTP which sounds more like a VPN, but the PPPoE is whats being used currently. Should I be using PPTP, ???

On 2000 server, running active directory which contains users that have been given the
permission to Dial in and connect remotely.(well, i can login locally so the users must have correct permissions.

To attempt and log into my offices VPN, I use the IP address located under the WAN settings in my offices router settings (the LinkSys BEFSR41) not the LAN IP. This is being done through my home NETGEAR Router, which also has VPN Capabilities.

I called linksys, but i honestley cannot understand a word they are saying to me!!!



0
 

Author Comment

by:jfilmore33
ID: 12173180
PPTP and IPSEc are enabled, by the way
0
 
LVL 33

Accepted Solution

by:
humeniuk earned 500 total points
ID: 12173432
I'm not sure you're going to like this answer, but it wasn't long ago that I was in exactly the same situation that you are in.  I was setting up a VPN connection very much like the one you're talking about using two BEFR41 v2 routers.  The problem I encountered was this: PPTP and L2TP run on certain protocols, but the Linksys router has no mechanism to pass these protocols on to the VPN server.  The solution Linksys will give you is to forward specific port numbers (I forget the exact numbers, but they correspond with the VPN protocols).  The problem is ports and protocols are two entirely different things and Linksys tech support - as well as whoever writes their manuals - seems to have no clue that this is the case.  You said, << I called linksys, but i honestley cannot understand a word they are saying to me!!! >>  If you you want to experience real frustration, give them a call and try to explain the difference between a port and a protocol.

If you dig around the web long enough (like I did), you will find examples of people who got this to work and plenty of people who came to the same conclusion I did.  I was able to get it working temporarily by downgrading to an old version of the router's firmware (the PPTP & L2TP problems apparently had begun with a specific firmware update), but even then the connections kept getting dropped - it was never reliable enough to count on.  In the end, my solution was to purchase two VPN routers (Linksys makes those, too, and they work just fine, ie. the BEFVP41 - the VPN equivalent of what you have now).  This established a secure, persistent connection between my home office and my client's office, which I use every day.  Since then we have added VPN connections to two branch offices and haven't had a problem since.

Having said all of that, this is 'supposed to' work the way you are trying to set it up.  I don't like being a pessimist, but given the extreme frustration I experienced with the same problem you are facing and my research that demonstrated that there were many others in the same boat, I feel obliged to mention all of this.
0
 

Author Comment

by:jfilmore33
ID: 12174447
I like that answer, because now I am able to reach my VPN Server at least. But
now the user that i gave permissions is being denied I believe, because it remains
at verifying Username + Password, and doesnt get passed that point. What are the
permissions the user should have to access through VPN, are there any things on WIN 2K Server
config that may be holding something back from log on?

0
 
LVL 33

Expert Comment

by:humeniuk
ID: 12174497
In the user's properties, under the 'dial-in' tab you have to make sure the 'Allow access' radio button under 'Remote Access Permission (Dial-in or VPN)' is checked or, if you are using RRAS, make sure that 'Control access through Remote Access Policy' is checked.

NB - I'm looking at a Win2k server (don't have Win2k3 at home), so it may be a little different in Win2k3.
0
 
LVL 33

Expert Comment

by:humeniuk
ID: 12174574
0
 
LVL 9

Expert Comment

by:Pentrix2
ID: 12175231
Make sure your users have "Dial in" permissions on their AD profile.
0
 

Author Comment

by:jfilmore33
ID: 12175732
I understand the logic now, which I am very happy about, I'll check the permissions tomorrow to see
if i can figure it out.
0
 
LVL 33

Expert Comment

by:humeniuk
ID: 12175747
Good luck.  Be sure to check back here and tell us how it goes.
0
 

Author Comment

by:jfilmore33
ID: 12175849
will do!
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question