Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1165
  • Last Modified:

VPN tunnel connected, but no access to network

hi experts.
here is the setup in our office:

10 client-pcs (ip-scope 192.168.100.10 - 50) connected to the
fileserver (ip 192.168.100.1) which is also the dhcp-server
mailserver (ip 192.168.100.2)
proxy (ip 192.168.100.3) which is the default-gateway for the client-pcs
the proxy is connected to the internet via a
DLink- DFL-700 Firewall (ip 192.168.100.200)

i established a vpn-connection with the dlink clientsoftware but i am not able to map any drives or at least ping a computer in the network through the tunnel.
does anybody have an idea what could be the problem?

thanks. jan
0
janorama
Asked:
janorama
  • 6
  • 5
  • 2
  • +1
1 Solution
 
lrmooreCommented:
Try setting a PC's default gateway to the firewall .200
Now connect to the VPN and ping that PC. Success?
Still can't map a drive? Try a LMHOSTS file on the VPN client PC with just that PC's ip address/name

0
 
harbor235Commented:
How is the VPN configured on the Dlink? What access is allowed, does the
VPN config on the Dlink use a different IP address pool, is that address range
permitted to talk to the devices in the 192.168.100 net? It is hard to tell not knowing
how th eDlink is configured.

harbor235
0
 
DiabloMillinCommented:
Make sure the network you are trying to connect to is not using the same IP range 192.168.100.x. As the network you are connecting from. If your networks have the same IP range the information will not be routed properly.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
janoramaAuthor Commented:
thanks for your answers.

the VPN is configured as follows:
the tunnel points to 192.168.100.0/24 (so a remote client should be able to connect to any of our cleints and servers in the office, right?!)
we are using a pre-shared key for authentication.
tunnel-type is set to roaming-user.
the rest of the settings concerns ike-modes, i set them as i did in the client-software.

further i got some firewall-rules:
for the moment all outbound traffic is allowed (inbound also, as far as the request came from within the office).
everything else is blocked.

the external network im am connecting from has a different ip (192.168.254.xxx)

here is my current status ;)  :

i got a little further with the advice lrmoore: i setted the default-gateway for one pc to .200 and then was able to map a drive.
but still there is a strange problem: the vpn-tunnel could only be used with a laptop that is normally used in the office (and registered in NT), with my "private" one it was impossible to map a drive, establishing the vpn-tunnel was no problem though. what could be the problem?

and then: is there an easier way to connect to our fileserver (i really wouldn't like to change to much in our internal setup):
i think the problem is that i am using the proxy as default-gateway for the office-clients. is there any possiblity to tell the vpn-tunnel to go through the dlink and connect directly to our main fileserver (ip 192.168.100.1) without having to change the fileserver's default-gateway to the dlink (ip 192.168.100.200)?

thanks in advance. jan
0
 
lrmooreCommented:
>with my "private" one it was impossible to map a drive, establishing the vpn-tunnel was no problem though. what could be the problem?
You have to map a drive using "connect using a different user name" and put in your domain user account:
 username[ DOMAIN\username     ]
 Password [ yourdomainpassword ]

You might also need a LMHOSTS file on the "private" laptop that has at a minimum, the two entries required for the domain controller:
How to Write an LMHOSTS File for Domain Validation and Other Name Resolution Issues
http://support.microsoft.com/support/kb/articles/Q180/0/94.ASP 


0
 
DiabloMillinCommented:
To fix the problem of getting your private PC to register on the domain, make sure your account has domain admin rights, then vpn in that should allow you to have your PC registered.
0
 
janoramaAuthor Commented:
thanks for your help.  i already got al little further.
i am wondering if my problem could be dependend on win NT 4?
on our servers we are still running NT4, and i cannot map drives on these computers, but i am able to ping them.
i can map drives on the clients where we are having win2000 installed.
i did not try to write a lmhosts-file: would this solve my problem, or do i have to try something else?

thanks. jan
0
 
lrmooreCommented:
>i did not try to write a lmhosts-file: would this solve my problem
Yes, I believe that a LMHOSTS file will solve your problem.
0
 
janoramaAuthor Commented:
hi.
i am sorry, i took me a while to take further steps:
i tried using a lmhosts-file, and it did not help any.
but perhaps i addressed the wrong computer, here is what i did:

on the remote computer i created the lmhosts file with the information on the pdc of our office network, right?
i put in the office domain and the ip-adresse 192.168.100.1 (which is the domain-controller and the dhcp-server).

what else could I try? I am sure it must be a problem with WinNT, since i can map drives on the Win2000 computers.

thanks in advance. jan
0
 
janoramaAuthor Commented:
anyone?
i still got the problem.

back to lmhosts: here is what i wrote into the file:

192.168.100.1   F1 #PRE #DOM:OFFICEDOMAIN
192.168.100.1   "OFFICEDOMAIN    \0x1b"   #PRE

(F1 / ip 192.168.100.1 is our domain-, wins-, and dhcp-server)

what would i have to include in a correct lmhosts-file? do i have to create a lmhosts-file on the server also?

thanks, jan
0
 
lrmooreCommented:
Sorry for the delay in response.
That should be all you need in the lmhosts file, and it only has to be on the client.
Have you checked the lmhosts file to make sure it does not have a .txt file extension?
0
 
janoramaAuthor Commented:
yes i did.
i used the ntbstat -R command, checked with ntbstat -c and everything seemed ok.

there is one strange thing though: the remote notebook does not get any information on the network from the wins-server ( i think ).
i can only map drives if i now the ip of the server and the correct folder (e.g. //192.168.100.3/Test ), i cannot browse through the network as it is possible with the workstations inside the Domain. could this be a problem?
thanks, jan
0
 
lrmooreCommented:
Is this remote notebook XP? Has it ever joined the domain? It is a pure netbios name resolution issue if you can map my IP address but can't browse or map by name. It's not finding a master browser which should be the domain controller. WIns is definately not working. You might want to try reinstalling the Client for Microsoft Networks..
0
 
janoramaAuthor Commented:
the remote notebook is using W2K (but we also will have XP-computers that should be able to use the tunnel). and the notebook has not joined the domain so far, but it is registered in the server.
I will try reinstalling the Network-Client.

thanks.
0

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

  • 6
  • 5
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now