We help IT Professionals succeed at work.

Able to authenticate to Win 2K3 using PPTP but not able to see the network

ktrb
ktrb asked
on
Medium Priority
290 Views
Last Modified: 2010-04-12
I just set up PPTP based VPN access to my recently re-designed 2K3 network.  I can authenticate to the domain and can ping domain computers but I can not access them.  I've tried both computer names and IP addresses in My Computer / IE to no avail.  When I use IE / IP addresses, I get a message that I do not have permission to use that network resource.
The problem is compounded by the fact that the VPN connection disconnects after 45 sec to 1 min, which doesn't give me much time to fiddle.
I have been able to run ipconfig while VPN is connected and verify that the client is served an address from the network, is given the proper DNS settings, and I don't see any IP addressing conflicts.
I'm using a DUN connection via Bluetooth to my cell phone for initial internet access for the Win XP client.  I think this might be part of the problem (it's very slow and there are a lot of protocols to deal with)...?  When my VPN connection drops, I am not also losing DUN.
In the past, the server was configured for L2TP and had IAS (with I/O filters enabled) / CA / IIS running.  I have turned off all those services, but is it possible they've left some residual effects that are in my way?
The network is essentially one Win 2K3 server with one NIC behind a DSL Router / firewall.  Firewall is configured for NAT and has PPTP (Port 1723) and GRE passed through to the server IP.
Thanks for any help.
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2013
Commented:
Based on the type of connection you have, via Bluetooth/cell phone there may be to long a propagation delay to support a VPN. First thing I would check is the response time from a basic ping to the VPN server. If it is 125ms or less you should be OK. If not I think you will have to look to another means of connecting. One option would be remote desktop without the VPN, but rather simply by forwarding port 3389. Not quite as secure but not bad. Or find a way of connecting with better performance.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
The problem lies in the fact that the network servers and pcs do not know where the VPN network is
say you have 192.168.1.0 on the inside
192.168.2.0 for the VPN client
The internal systems say "192.168.2.0 is not on my network so go to the gateway" which is the DSL router
The gateway for the vpn network is the server.
You either have to add a route in the dsl router for your vpn network that points to you vpn server or
on the internal pcs and servers (other than the vpn server) run this command
  route add {vpn network} mask {vpn network mask} {vpn server ip} metric 1

Author

Commented:
The problem was in my connection speed.  A couple of pings showed from 120 - 140ms.  We're not planning on continuing to use the cell phone as ISP, I was only using it so I could test VPN onsite.  I tested it this afternoon using a cable modem offsite and everything works fine.
wingatesl, I had already configured the router so it points to the server, but did not know the command you sent, thanks
Thanks both of you for your help
CERTIFIED EXPERT
Top Expert 2013

Commented:
Thanks ktrb,
--Rob
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.