Access problems through the VPN Tunnel

Posted on 2005-04-21
Last Modified: 2010-03-18
Access problems through the VPN Tunnel

I have done 4 hardware (VPN router to VPN router) VPN tunnels with perfect success until now

VPN Router models: Dlink 804HV

I get subcontracted by a Communications company to create Hardware VPN tunnels so that they can use their VOIP hardware to connect companys in remote locations to communicate on one phone system for internal-like communications.

I have done this twice for them in the past with success using the Dlink 804HV VPN Routers. I have also used the Linksys WRV54G to create a VPN tunnel so that Client computers in a remote location could access shared Server resources at the main plant. I have also used the Dlink 804HV VPN routers to create a tunnel from Indiana to California for a company that wanted to have their remote computers in Indiana be able to access the server in Cali for Terminal Service access via the internal IP through the VPN tunnel and also to be able to print back to the computer, through the VPN tunnel, that was accessing the Terminal Service session through

In this current job I was subcontracted again to create a VPN tunnel for the VOIP hardware for communications, and have done so with perfect success. The problem is that I cannot properly access computer on the network through the tunnel. I have never run into this problem before with my previous tunnels and am quite frankly at my wits end about what the problem could be as I have never seen this type of behavior in a network before.

**Hardware Setup**

Win 2003 Terminal Server (For Remote Users loggin into Terminal Services to access application and files on the 2003 Domain Controller) Manual IP
Win 2003 Domain Control (Hosting applications and DHCP server. Manual IP

AdTran unit from Choice One Communications (supplies the internet to the router in passthrough mode - acts just like a DSL modem or Cable Modem)
Dlink 804HV VPN Router (Serves the Internet to network and an endpoint to one side of the VPN tunnel) IP

Panasonice VOIP Hardware. IP

**Hardware Setup**

No Server just client computers

3Com Switch 48port
AdTran unit from Choice One Communications (supplies the internet to the router in passthrough mode - acts just like a DSL modem or Cable Modem)
Dlink 804HV VPN Router (Serves the Internet to network and an endpoint to one side of the VPN tunnel) IP

Panasonice VOIP Hardware. IP

-----What Works Through the VPN Tunnel----
1. The VPN tunnel successfully connects and allows the VOIP network cards to communicate with each other, which allows the 2 locations to dial phone extensions to each other and communicate through the internet using the VPN tunnel just as if they were in the same building
2. I can ping any address back and forth, including the servers.
3. I can manually browse via the "\\" method in Windows Explorer to see other computers accross the VPN tunnel. *NOTE- I do understand that you can not browse for names through a VPN tunnel normally like you can inside of a local network, but are supposed to be able to via the IP address and connect via the IP address - as I have done with success in previous VPN tunnels..

-----What DOES NOT Work through the VPN Tunnel----
1. Cannot connect to the Terminal Services computer via an the internal IP, but I can connect through the internal IP when I am on the local side, so I know the TS works. I also can connect to the TS through the WAN IP address at the remote locatoin through the Router with PORT 3389 forwarded to the TS @ So the TS is all good, but not when trying to access through the VPN tunnel. It just times out and never connects.
2. Cannot access the shared driver on the Server through the VPN tunnel, even though I can see it and the folders that are shared via the IP, I just get timed out. I do have proper permissions on the computer that I am using and if I use my laptop it asks for a username and password, but times out after I put in the administrator username and password. It just times out no matter which way I try.
3. Cannot use the server or any computer at Location 1 to access the shared resources on any computer at Location 2. I can see the shared printer or folder via the IP on the computers at Location 2, but I cannot just right-click and connect to the printer (It says "Cannot connect to printer") or double click on the shared folders. It just times out.

****What I have done to try and resolve this****
1.Started the WINS Server on the Domain Controller ( and then added the address into the the clients Network Card under the WINS Tab at the LOCATION 2 side.
RESULT: Nothing changed. Still could not access or connect. I did look at the WINS display record on the Domain Controller and saw that it was properly tranlates IP address and names from the Location 2 side. (Was actually amazed that it was doing that)
2. Created and LMHOST file, by editing the existing ones under C:\Windows\System32\drivers\etc\lmsost.sam. Then just going to the bottom of the file where no# symbols were and added the following lines on a computer at location 2 and imported the file under the IMPORT LMSHOST in config of the network card. pilgrim01 #PRE #This is the Domain controller at Location 1 and proper name of the server. pilgrimterm #This is the Terminal Services computer and proper name

Then I I edited the Domain Controllers LMHOST.sam file with the following and imported into the WINS and the netcard bbloxson #PRE #This is Betty's computer at location 2

I did the same for the Terminal Services computerwith the following and imported LMHOST into netcard bbloxson #PRE #This is Betty's computer at location 2
RESULT: Nothing Change. Still pisssed off for 2 days now.

3. Looked at the Domain Controller's Remote Access setup and changed the Local Area Connection to NOT be Private, but to PUBLIC with NO NAT filters, so it would be wide open. This did not change a thing either.

4. Prayed to God.
RESULT. Nothing...yet...

Thanks for the help in advance.

Question by:ZionTech1

    Author Comment

    Did I do something wrong in posting this question? I posted it on Thursday 4-21-05, and haven't gotten a single response to it. At 500 points, I guess I don't understand the delay.

    Author Comment

    Well. Number 4 worked. I was able to figure it out, no thanks to anyone here, so I think I should the get the 500 points with the hell I went through to figure this out since Thursday.

    As I had stated before, I did have access, but only to some of the root folders and nothing below that. Since I could see the shared resources of the folders, I DID have access to a certain degree, or else a Logon screen would pop up. The problem was the MTU settings on each router. It was set at 1492. I set the MTU to 1500 on both routers and BOOM, everything works to the full degree. It was just the size of the packets through the VPN tunnel with this particular ISP (Choice One Communications).

    I hope this helps anybody in the future, because I wouldn't want them to go through this to figure it out. So again I should get the 500 points!!!

    Accepted Solution

    PAQed with points refunded (500)

    Community Support Moderator

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now