Solved

VPN Problem

Posted on 2004-09-27
15
233 Views
Last Modified: 2010-03-18
I am having trouble logging into VPN to my office from home.
I can log in to the VPN when in the network(at the office, for testing purposes), by
putting in the Win 2000 Servers IP, in the Host or IP part of the VPN client login.

Logically, it would seem I would need the routers IP to then connect to the Server's IP.

My setup.
 
HOME - Laptop in LAN, local IP 192.168.0.1 connected using CABLE Modem. (net gear router)

WORK - 2k server in LAN, LOCAL IP 192.168.1.167 connected by DSL (using linksys router)



TO PUT IT IN EASY TERMS, HOW DO I GET PAST MY ROUTER TO MY WORKS ROUTER TO 2k server at work?
0
Comment
Question by:jfilmore33
  • 6
  • 6
  • 2
  • +1
15 Comments
 
LVL 33

Expert Comment

by:humeniuk
Comment Utility
Assuming the router & VPN server on the work end are configured properly, you have to make sure you are connecting to the public/internet IP for the work server, not the local/LAN IP.  The router will make sure the incoming connections are sent to the VPN server for validation.  On your end, you also have to configure your router to allow IPSec Pass-Through or PPTP Pass-Through (or both) depending on which your work server uses for VPN connections.
0
 
LVL 2

Expert Comment

by:apostle12
Comment Utility
Try enabling PPTP & L2TP on the netgear (if those options are available) Also enable pass-thru authentication. If that's not it try updating or predating the firmware to the router, in other words don't be scared to use an older firmware.
0
 

Author Comment

by:jfilmore33
Comment Utility
My main mis-unserstanding is, when i log into the VPN connection, and it asks for the server Host Name/IP, do I put
the routers DNS IP Address. On the the router it has LAN and WAN settings. It would be the IP from the WAN settings, is that right?

0
 
LVL 33

Expert Comment

by:humeniuk
Comment Utility
Yes, you put in the WAN (public/internet) IP address, not the LAN address.
0
 
LVL 9

Expert Comment

by:Pentrix2
Comment Utility
Dang, you couldn't have been more general huh?

First, what kind of router you are using.  Hopefully Cisco, if so please post config and ver.  Let's take this step-by-step, or this will take forever man.  Has this ever worked before, or was working and not working anymore?

Did you configure the routers yourself, need infrastructure and routing diagram please.

Please understand a lot of people post their questions very generally and think everybody already knows their network layout, which we have never seem before.  As a network engineer before a tackle a project for a client, I first request a network diagram, access to their routers (if not, at least a config and ver).  To see at least their hardware/OS meets requirements for the topology they want to accomplish.  If we *network consultant* just go in and don't understand and see the whole picture, our configuration will probably NOT work in your enviroment.  As you know, all environment is unique, which means different.  What works in one environment, will probably not work best in yours.
0
 

Author Comment

by:jfilmore33
Comment Utility
Ok,

STATUS : can connect to VPN in OFFICE (LAN)only for testing purposes, but outside the LAN, no success.

SMALL OFFICE - 7 PC'S running XP Pro, TCP/IP as network protocol
                        1 Windows 2000 Server, Domain Controller

Network connected to outer world by LINKSYS , (BEFR41 v2) router (not wireless)
Router is connected to our DSL Connection

The router's internet connection type is currently PPPoE, not sure if that effects anything.
Another choice is PPTP which sounds more like a VPN, but the PPPoE is whats being used currently. Should I be using PPTP, ???

On 2000 server, running active directory which contains users that have been given the
permission to Dial in and connect remotely.(well, i can login locally so the users must have correct permissions.

To attempt and log into my offices VPN, I use the IP address located under the WAN settings in my offices router settings (the LinkSys BEFSR41) not the LAN IP. This is being done through my home NETGEAR Router, which also has VPN Capabilities.

I called linksys, but i honestley cannot understand a word they are saying to me!!!



0
 

Author Comment

by:jfilmore33
Comment Utility
PPTP and IPSEc are enabled, by the way
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 33

Accepted Solution

by:
humeniuk earned 500 total points
Comment Utility
I'm not sure you're going to like this answer, but it wasn't long ago that I was in exactly the same situation that you are in.  I was setting up a VPN connection very much like the one you're talking about using two BEFR41 v2 routers.  The problem I encountered was this: PPTP and L2TP run on certain protocols, but the Linksys router has no mechanism to pass these protocols on to the VPN server.  The solution Linksys will give you is to forward specific port numbers (I forget the exact numbers, but they correspond with the VPN protocols).  The problem is ports and protocols are two entirely different things and Linksys tech support - as well as whoever writes their manuals - seems to have no clue that this is the case.  You said, << I called linksys, but i honestley cannot understand a word they are saying to me!!! >>  If you you want to experience real frustration, give them a call and try to explain the difference between a port and a protocol.

If you dig around the web long enough (like I did), you will find examples of people who got this to work and plenty of people who came to the same conclusion I did.  I was able to get it working temporarily by downgrading to an old version of the router's firmware (the PPTP & L2TP problems apparently had begun with a specific firmware update), but even then the connections kept getting dropped - it was never reliable enough to count on.  In the end, my solution was to purchase two VPN routers (Linksys makes those, too, and they work just fine, ie. the BEFVP41 - the VPN equivalent of what you have now).  This established a secure, persistent connection between my home office and my client's office, which I use every day.  Since then we have added VPN connections to two branch offices and haven't had a problem since.

Having said all of that, this is 'supposed to' work the way you are trying to set it up.  I don't like being a pessimist, but given the extreme frustration I experienced with the same problem you are facing and my research that demonstrated that there were many others in the same boat, I feel obliged to mention all of this.
0
 

Author Comment

by:jfilmore33
Comment Utility
I like that answer, because now I am able to reach my VPN Server at least. But
now the user that i gave permissions is being denied I believe, because it remains
at verifying Username + Password, and doesnt get passed that point. What are the
permissions the user should have to access through VPN, are there any things on WIN 2K Server
config that may be holding something back from log on?

0
 
LVL 33

Expert Comment

by:humeniuk
Comment Utility
In the user's properties, under the 'dial-in' tab you have to make sure the 'Allow access' radio button under 'Remote Access Permission (Dial-in or VPN)' is checked or, if you are using RRAS, make sure that 'Control access through Remote Access Policy' is checked.

NB - I'm looking at a Win2k server (don't have Win2k3 at home), so it may be a little different in Win2k3.
0
 
LVL 33

Expert Comment

by:humeniuk
Comment Utility
0
 
LVL 9

Expert Comment

by:Pentrix2
Comment Utility
Make sure your users have "Dial in" permissions on their AD profile.
0
 

Author Comment

by:jfilmore33
Comment Utility
I understand the logic now, which I am very happy about, I'll check the permissions tomorrow to see
if i can figure it out.
0
 
LVL 33

Expert Comment

by:humeniuk
Comment Utility
Good luck.  Be sure to check back here and tell us how it goes.
0
 

Author Comment

by:jfilmore33
Comment Utility
will do!
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now