Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Able to authenticate to Win 2K3 using PPTP but not able to see the network

Posted on 2006-03-22
Medium Priority
Last Modified: 2010-04-12
I just set up PPTP based VPN access to my recently re-designed 2K3 network.  I can authenticate to the domain and can ping domain computers but I can not access them.  I've tried both computer names and IP addresses in My Computer / IE to no avail.  When I use IE / IP addresses, I get a message that I do not have permission to use that network resource.
The problem is compounded by the fact that the VPN connection disconnects after 45 sec to 1 min, which doesn't give me much time to fiddle.
I have been able to run ipconfig while VPN is connected and verify that the client is served an address from the network, is given the proper DNS settings, and I don't see any IP addressing conflicts.
I'm using a DUN connection via Bluetooth to my cell phone for initial internet access for the Win XP client.  I think this might be part of the problem (it's very slow and there are a lot of protocols to deal with)...?  When my VPN connection drops, I am not also losing DUN.
In the past, the server was configured for L2TP and had IAS (with I/O filters enabled) / CA / IIS running.  I have turned off all those services, but is it possible they've left some residual effects that are in my way?
The network is essentially one Win 2K3 server with one NIC behind a DSL Router / firewall.  Firewall is configured for NAT and has PPTP (Port 1723) and GRE passed through to the server IP.
Thanks for any help.
Question by:ktrb
  • 2
LVL 78

Accepted Solution

Rob Williams earned 2000 total points
ID: 16264631
Based on the type of connection you have, via Bluetooth/cell phone there may be to long a propagation delay to support a VPN. First thing I would check is the response time from a basic ping to the VPN server. If it is 125ms or less you should be OK. If not I think you will have to look to another means of connecting. One option would be remote desktop without the VPN, but rather simply by forwarding port 3389. Not quite as secure but not bad. Or find a way of connecting with better performance.
LVL 15

Expert Comment

ID: 16275702
The problem lies in the fact that the network servers and pcs do not know where the VPN network is
say you have on the inside for the VPN client
The internal systems say " is not on my network so go to the gateway" which is the DSL router
The gateway for the vpn network is the server.
You either have to add a route in the dsl router for your vpn network that points to you vpn server or
on the internal pcs and servers (other than the vpn server) run this command
  route add {vpn network} mask {vpn network mask} {vpn server ip} metric 1

Author Comment

ID: 16275860
The problem was in my connection speed.  A couple of pings showed from 120 - 140ms.  We're not planning on continuing to use the cell phone as ISP, I was only using it so I could test VPN onsite.  I tested it this afternoon using a cable modem offsite and everything works fine.
wingatesl, I had already configured the router so it points to the server, but did not know the command you sent, thanks
Thanks both of you for your help
LVL 78

Expert Comment

by:Rob Williams
ID: 16276184
Thanks ktrb,

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month15 days, 5 hours left to enroll

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question