?
Solved

VPN tunnel connected, but no access to network

Posted on 2005-03-03
14
Medium Priority
?
1,150 Views
Last Modified: 2008-01-09
hi experts.
here is the setup in our office:

10 client-pcs (ip-scope 192.168.100.10 - 50) connected to the
fileserver (ip 192.168.100.1) which is also the dhcp-server
mailserver (ip 192.168.100.2)
proxy (ip 192.168.100.3) which is the default-gateway for the client-pcs
the proxy is connected to the internet via a
DLink- DFL-700 Firewall (ip 192.168.100.200)

i established a vpn-connection with the dlink clientsoftware but i am not able to map any drives or at least ping a computer in the network through the tunnel.
does anybody have an idea what could be the problem?

thanks. jan
0
Comment
Question by:janorama
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 2
  • +1
14 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 13455074
Try setting a PC's default gateway to the firewall .200
Now connect to the VPN and ping that PC. Success?
Still can't map a drive? Try a LMHOSTS file on the VPN client PC with just that PC's ip address/name

0
 
LVL 32

Expert Comment

by:harbor235
ID: 13458766
How is the VPN configured on the Dlink? What access is allowed, does the
VPN config on the Dlink use a different IP address pool, is that address range
permitted to talk to the devices in the 192.168.100 net? It is hard to tell not knowing
how th eDlink is configured.

harbor235
0
 
LVL 2

Expert Comment

by:DiabloMillin
ID: 13459655
Make sure the network you are trying to connect to is not using the same IP range 192.168.100.x. As the network you are connecting from. If your networks have the same IP range the information will not be routed properly.
0
Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

 

Author Comment

by:janorama
ID: 13460394
thanks for your answers.

the VPN is configured as follows:
the tunnel points to 192.168.100.0/24 (so a remote client should be able to connect to any of our cleints and servers in the office, right?!)
we are using a pre-shared key for authentication.
tunnel-type is set to roaming-user.
the rest of the settings concerns ike-modes, i set them as i did in the client-software.

further i got some firewall-rules:
for the moment all outbound traffic is allowed (inbound also, as far as the request came from within the office).
everything else is blocked.

the external network im am connecting from has a different ip (192.168.254.xxx)

here is my current status ;)  :

i got a little further with the advice lrmoore: i setted the default-gateway for one pc to .200 and then was able to map a drive.
but still there is a strange problem: the vpn-tunnel could only be used with a laptop that is normally used in the office (and registered in NT), with my "private" one it was impossible to map a drive, establishing the vpn-tunnel was no problem though. what could be the problem?

and then: is there an easier way to connect to our fileserver (i really wouldn't like to change to much in our internal setup):
i think the problem is that i am using the proxy as default-gateway for the office-clients. is there any possiblity to tell the vpn-tunnel to go through the dlink and connect directly to our main fileserver (ip 192.168.100.1) without having to change the fileserver's default-gateway to the dlink (ip 192.168.100.200)?

thanks in advance. jan
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13460601
>with my "private" one it was impossible to map a drive, establishing the vpn-tunnel was no problem though. what could be the problem?
You have to map a drive using "connect using a different user name" and put in your domain user account:
 username[ DOMAIN\username     ]
 Password [ yourdomainpassword ]

You might also need a LMHOSTS file on the "private" laptop that has at a minimum, the two entries required for the domain controller:
How to Write an LMHOSTS File for Domain Validation and Other Name Resolution Issues
http://support.microsoft.com/support/kb/articles/Q180/0/94.ASP 


0
 
LVL 2

Expert Comment

by:DiabloMillin
ID: 13462063
To fix the problem of getting your private PC to register on the domain, make sure your account has domain admin rights, then vpn in that should allow you to have your PC registered.
0
 

Author Comment

by:janorama
ID: 13467350
thanks for your help.  i already got al little further.
i am wondering if my problem could be dependend on win NT 4?
on our servers we are still running NT4, and i cannot map drives on these computers, but i am able to ping them.
i can map drives on the clients where we are having win2000 installed.
i did not try to write a lmhosts-file: would this solve my problem, or do i have to try something else?

thanks. jan
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13475805
>i did not try to write a lmhosts-file: would this solve my problem
Yes, I believe that a LMHOSTS file will solve your problem.
0
 

Author Comment

by:janorama
ID: 13488882
hi.
i am sorry, i took me a while to take further steps:
i tried using a lmhosts-file, and it did not help any.
but perhaps i addressed the wrong computer, here is what i did:

on the remote computer i created the lmhosts file with the information on the pdc of our office network, right?
i put in the office domain and the ip-adresse 192.168.100.1 (which is the domain-controller and the dhcp-server).

what else could I try? I am sure it must be a problem with WinNT, since i can map drives on the Win2000 computers.

thanks in advance. jan
0
 

Author Comment

by:janorama
ID: 13506701
anyone?
i still got the problem.

back to lmhosts: here is what i wrote into the file:

192.168.100.1   F1 #PRE #DOM:OFFICEDOMAIN
192.168.100.1   "OFFICEDOMAIN    \0x1b"   #PRE

(F1 / ip 192.168.100.1 is our domain-, wins-, and dhcp-server)

what would i have to include in a correct lmhosts-file? do i have to create a lmhosts-file on the server also?

thanks, jan
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13511773
Sorry for the delay in response.
That should be all you need in the lmhosts file, and it only has to be on the client.
Have you checked the lmhosts file to make sure it does not have a .txt file extension?
0
 

Author Comment

by:janorama
ID: 13514642
yes i did.
i used the ntbstat -R command, checked with ntbstat -c and everything seemed ok.

there is one strange thing though: the remote notebook does not get any information on the network from the wins-server ( i think ).
i can only map drives if i now the ip of the server and the correct folder (e.g. //192.168.100.3/Test ), i cannot browse through the network as it is possible with the workstations inside the Domain. could this be a problem?
thanks, jan
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 750 total points
ID: 13516068
Is this remote notebook XP? Has it ever joined the domain? It is a pure netbios name resolution issue if you can map my IP address but can't browse or map by name. It's not finding a master browser which should be the domain controller. WIns is definately not working. You might want to try reinstalling the Client for Microsoft Networks..
0
 

Author Comment

by:janorama
ID: 13516864
the remote notebook is using W2K (but we also will have XP-computers that should be able to use the tunnel). and the notebook has not joined the domain so far, but it is registered in the server.
I will try reinstalling the Network-Client.

thanks.
0

Featured Post

Supports up to 4K resolution!

The VS192 2-Port 4K DisplayPort Splitter is perfect for anyone who needs to send one source of DisplayPort high definition video to two or four DisplayPort displays. The VS192 can split and also expand DisplayPort audio/video signal on two or four DisplayPort monitors.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Make the most of your online learning experience.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses
Course of the Month13 days, left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question