We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

VPN Access from the internet not working.

rpraveen
rpraveen asked
on
Medium Priority
287 Views
Last Modified: 2010-04-13
Hello,

I have a Sonicwall SOHO3 firewall, which on one side is connected to the Internet and on the other side to my LAN directly. On the LAn I have a Windows 2000 Server Domain COntroller running MS Exchange 2000, ISA 2000 and VPN Server.

I have configured the NAT on the firewall to access the Windows 2000 Server machine. The ports that are open to reach this server are 80,25, 1723, 500.

IP Address within my office is 172.31.8.xx . The Rules on the firewall are to allow the above metioned ports for the local IP of the server (172.31.8.xx)

I am able to connect a VPN connection successfully from within the LAN to this VPN Server. However, I am unable to do the same from the Internet.

Are there any other ports that need to be open for this to work successfully.

I tried the following on the Windows 2000 Server itself :
1. telnet localhost 25 --> Worked
2. telnet localhost 1723 --> Worked
3. telnet localhost 500 --> Did Not work.

Many Thanks,
Praveen.
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2006

Commented:
Hi rpraveen,

extract from VPN site

If the VPN server is behind a router, Port Mapping will need to be done on the router.
Standard port usage is 1723 for PPTP. You might also need to configure your router for PPTP Passthrough. Port usage for IPSec is 500, 50-51. These ports will have to be forwarded to the VPN server's local IP address

could be the last ports you are missing

Cheers!

Author

Commented:
Hi Jay,

Thank you very much. It worked. But I am unable to access resources on the other machines on the LAN while connected using VPN via the internet. HOw can I achieve this, please.

Thanks
Praveen.
CERTIFIED EXPERT
Top Expert 2006

Commented:
hmm do you get given an IP address that matches the other machines when you connect via VPN?
CERTIFIED EXPERT
Top Expert 2006

Commented:
are you able to ping other machines and if you run \\computername what happens?

Author

Commented:
Yes, I get an IP silimar to the ones on the LAN. I am able to ping other machines. But I am unable to get access using \\computername. It says "The network path was not found."
CERTIFIED EXPERT
Top Expert 2006
Commented:
how about \\IPADDRESS    i am thinking its a simple DNS settings....

im off to bed mate, ill continue with you tomorrow :) just post a question letting me know your back online

James

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Hi James,

Hope you had a good night. Guess you are in Australia. \\ipaddress works. Looks like a simple DNS setting, but I am not sure what to change. However, I put in an entry in the hosts file of the OS and then i was able to get \\computername. Is there a better solution that you have on this. PLs let me know.

Thanks
Praveen.
CERTIFIED EXPERT
Top Expert 2013
Commented:
Praveen, please do not award any points in my direction, if this is of some help, as James (Jay_Jay70) located your problem. But where he is "off duty" right now I'll post a copy of my "name resolution solutions", which may be of some help to you:

NetBIOS names are not normally broadcast over a VPN, to work around this issue try the following solutions:
1) Use the IP address (of the computer you are connecting to) when connecting to devices such as;   \\123.123.123.123\ShareName   or map a drive at a  command prompt using  
 Net  Use  U:  \\123.123.123.123\ShareName
2) An option is to use the LMHosts file which creates a table of IP's and computer names. LMHosts is located in the Windows directory under c:\Windows (or WINNT)\System32\Drivers\Etc\LMHosts.sam , instructions are included within the file. Any line starting with # is just a comment and is ignored. Open the file with Notepad and add entries for your computers as below;
192.168.0.101      CompName       #PRE
Hit enter when each line is complete (important), then save the file without a file extension. To be sure there is no extension ,when saving enclose in quotations like "LMHosts". Now when you try to connect to a computer name it should find it as it will search the LMHosts file for the record before connecting.
More details regarding LMHosts file:
http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/windows/2000/server/reskit/en-us/cnet/cnfd_lmh_QXQQ.asp
The drawback of the LMHosts file is you have to maintain a static list of computernames and IP addresses. Also if the remote end uses DHCP assigned IP's it is not a feasible option. Thus in order to be able to use computer names dynamically try to enable with some of the following options:
3) if you have a WINS server add that to the network cards configuration
4) also under the WINS configuration on the network adapter make sure NetBIOS over TCP/IP is selected
5) try adding the remote DNS server to your local DNS servers in your network card's TCP/IP configuration
6) verify your router does not have a "block NetBIOS broadcast" option enabled
7) test if you can connect with the full computer and domain name as  \\ComputerName.domain.local  If so, add the suffix DomainName.local to the DNS configuration of the virtual private adapter/connection [ right click virtual adapter | properties | TCP/IP properties | Advanced | DNS | "Append these DNS suffixes (in order)" | Add ]
 
CERTIFIED EXPERT
Top Expert 2006

Commented:
rob,

wow thats an answer! you deserve points on this for sure as you just pointed out a few things i didnt know about. ill be pasting that answer in my little book of knowledge for future reference!

James


Praveen,

hows is goin mate, did you try Rob's suggestions??

CERTIFIED EXPERT
Top Expert 2013

Commented:
Aw shucks !   Actually just a list I made a while ago, that I cut and paste. Name resolution over a VPN can be a nuisance some times.
Thanks though.
--Rob
CERTIFIED EXPERT
Top Expert 2006

Commented:
ha well i just flogged your list for my own!
CERTIFIED EXPERT
Top Expert 2013

Commented:
I hope I got credit, even if no points.  :-)
Plagiarism is punishable by caging with Tasmanian Devils.
CERTIFIED EXPERT
Top Expert 2006

Commented:
its alright the little buggers are virtually extinct.... if you can find one you can cage me with hm!  (zoos dont count)

its more for my use anywayz :)
CERTIFIED EXPERT
Top Expert 2013

Commented:
Feel free, just 'razzing you'
--Rob
CERTIFIED EXPERT
Top Expert 2006

Commented:
:) ill send you a tazzy devil in repayment
CERTIFIED EXPERT
Top Expert 2013

Commented:
Let's see you get that through customs.
CERTIFIED EXPERT
Top Expert 2006

Commented:
hmm toushe    i submit....

Author

Commented:
Hi James and Rob,

Thanks a lot to you guys. I tried the \\ipaddress suggested by James and the hosts file entry suggested by Rob. The two together helped me resolve my problem. Thanks once again.

James, good luck with getting a tazzy devil across to Rob ;)

I am going to split the points on this question to both of you.

Thanks and Regards,
Praveen.
CERTIFIED EXPERT
Top Expert 2006

Commented:
thanks praveen,

out of curiosity, i dont really care about the points, but why did we get the B grade, did our answers not help you enough??

i think i will have to express post the little rodent!

cheers mate

Author

Commented:
Hi James,

Sorry about that. that was an oversight. I think I was using the keyboard rather than the mouse and I made a mistake in choosing the grade. Is there a way I can change it to A? because I truely feel that your answers helped me solve my problem.

Many Thanks again,
Praveen.
CERTIFIED EXPERT
Top Expert 2006

Commented:
thats ok mate i was just curious

you can place a question in communtiy support asking the grade to be changed to A and the mods will take care of it for you. just make sure you put a link to this Q

as i said, i was just hoping that we had given a correct answer and if not, just wanted to know where it went skewiff!

cheers Praveen

James
CERTIFIED EXPERT
Top Expert 2013

Commented:
Thanks Praveen.,
--Rob
CERTIFIED EXPERT
Top Expert 2013

Commented:
Even more thanks <G> rpraveen, and AnnieMod.
--Rob
CERTIFIED EXPERT
Top Expert 2006

Commented:
thankyou!
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.