markg003
asked on
Windows2003 Server VPN not working after IP address change
I had a Windows2003 Server running VPN succesfully.
The Windows2003 server is running AD,DHCP,DNS,WINS and RRA.
It was moved to a new network, from 192.168.1.x to 192.168.3.x
I deleted DCHP,DNS,WINS and RRA, changed the IP addresses on the two NICs and set the services back with the new IP addresses. Everything else seems fine, can browse the internet, users' can log on internally, DCHP and DNS seem to be working fine.
VPN no longer works from outside. It doesnt' respond.
What should I look for?
Thanks!
The Windows2003 server is running AD,DHCP,DNS,WINS and RRA.
It was moved to a new network, from 192.168.1.x to 192.168.3.x
I deleted DCHP,DNS,WINS and RRA, changed the IP addresses on the two NICs and set the services back with the new IP addresses. Everything else seems fine, can browse the internet, users' can log on internally, DCHP and DNS seem to be working fine.
VPN no longer works from outside. It doesnt' respond.
What should I look for?
Thanks!
A couple of thoughts:
Has the router been reconfigured to redirect the appropriate ports (likely 1723, if using PPTP) to the new server IP?
Check with http://www.canyouseeme.org that the port is open/visible and that the WAN IP you are trying to connect to is correct.
Has the router been reconfigured to redirect the appropriate ports (likely 1723, if using PPTP) to the new server IP?
Check with http://www.canyouseeme.org that the port is open/visible and that the WAN IP you are trying to connect to is correct.
ASKER
Thanks. I just tried that. It says that it can NOT see me on port 1723.
Yes the router (Lynksys) was changed from 192.168.1.1 to 192.168.3.1 and the DMZ and Port Forwarding (for 1723) automatically change the first 3 octets (192.168.3) .
Yes the router (Lynksys) was changed from 192.168.1.1 to 192.168.3.1 and the DMZ and Port Forwarding (for 1723) automatically change the first 3 octets (192.168.3) .
Sounds like that part is configured correctly. I forgot to mention to test with www.canyouseeme.org you need to be connecting from the VPN server for the port to show as open, so that is likely all that is wrong there.
DHCP,DNS,WINS shouldn't affect the basic connection to the server with the VPN, so sounds like must be part of RRAS service, though you likely figured that out :-)
Was DHCP configured before you re-configured RRAS? If not it could have to do with the virtual IP assignment within RRAS.
Do you get a connection error # when trying to connect, or does it get that far?
If in doubt about the configuration have a look at the following to confirm the VPN configuration:
http://www.onecomputerguy.com/networking/w3k_vpn_server.htm
DHCP,DNS,WINS shouldn't affect the basic connection to the server with the VPN, so sounds like must be part of RRAS service, though you likely figured that out :-)
Was DHCP configured before you re-configured RRAS? If not it could have to do with the virtual IP assignment within RRAS.
Do you get a connection error # when trying to connect, or does it get that far?
If in doubt about the configuration have a look at the following to confirm the VPN configuration:
http://www.onecomputerguy.com/networking/w3k_vpn_server.htm
ASKER
THANKS FOR YOUR HELP!
Yes, I think the www.canyouseeme.org is valid. It showed me the NIC and IP address of the externallly conencted NIC properly.
Yes, I've uninstalled and re-installed RRAS a couple of times, so DNS,DHCP, etc were all done before RRAS.
Yes, I think the www.canyouseeme.org is valid. It showed me the NIC and IP address of the externallly conencted NIC properly.
Yes, I've uninstalled and re-installed RRAS a couple of times, so DNS,DHCP, etc were all done before RRAS.
ASKER
I've tried RRAS with no packet filtering (letting everything in) and assigning the router DMZ straight to the server, so it's (temporarily) fully open to the internet, and I can remote desktop, but STILL can't VPN in.
RRAS functions from INSIDE, but not outside, but evertyhting else from outside seems to work.
Not much hair left :(
RRAS functions from INSIDE, but not outside, but evertyhting else from outside seems to work.
Not much hair left :(
You say the VPN functions from inside but not outside? Is PPTP pass-through still enabled on the router?
Are there any error #'s when you try to connect from outside such as 678, 721, 800, etc. ?
Are there any error #'s when you try to connect from outside such as 678, 721, 800, etc. ?
ASKER
SOLVED!
I deleted the Port Forwarding definition for 1723 on the rotuer and re-added it.
Now it works.
I KNOW it was correct, because I screen dumped and printed EVERY single DCHP, DNS, RRAS screen and Router setting, and went over each of the dozens of papers to make sure I had everything exactly the same. Everything is on paper and everything is identical, except for the 192.168.3.x vs 192.168.1.x
I even rebooted the Linksys router to no avail. But deleting the prot forwarding and re-addining it worked.
Darn, cheap routers >:(
Okay so I think it's solved!
I'm very NEW to this Experts-Exchange... just singed up this afternoon, and am VERY impressed with your help. Since I'm new I have NO IDEA how this all works, who to thank, who to buy a beer, etc. I'll check back on this htread later tonight and thank you properly, but right now have to run.
I deleted the Port Forwarding definition for 1723 on the rotuer and re-added it.
Now it works.
I KNOW it was correct, because I screen dumped and printed EVERY single DCHP, DNS, RRAS screen and Router setting, and went over each of the dozens of papers to make sure I had everything exactly the same. Everything is on paper and everything is identical, except for the 192.168.3.x vs 192.168.1.x
I even rebooted the Linksys router to no avail. But deleting the prot forwarding and re-addining it worked.
Darn, cheap routers >:(
Okay so I think it's solved!
I'm very NEW to this Experts-Exchange... just singed up this afternoon, and am VERY impressed with your help. Since I'm new I have NO IDEA how this all works, who to thank, who to buy a beer, etc. I'll check back on this htread later tonight and thank you properly, but right now have to run.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Thanks markg003,
--Rob
--Rob
ASKER