[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 251
  • Last Modified:

VPN Access from the internet not working.

Hello,

I have a Sonicwall SOHO3 firewall, which on one side is connected to the Internet and on the other side to my LAN directly. On the LAn I have a Windows 2000 Server Domain COntroller running MS Exchange 2000, ISA 2000 and VPN Server.

I have configured the NAT on the firewall to access the Windows 2000 Server machine. The ports that are open to reach this server are 80,25, 1723, 500.

IP Address within my office is 172.31.8.xx . The Rules on the firewall are to allow the above metioned ports for the local IP of the server (172.31.8.xx)

I am able to connect a VPN connection successfully from within the LAN to this VPN Server. However, I am unable to do the same from the Internet.

Are there any other ports that need to be open for this to work successfully.

I tried the following on the Windows 2000 Server itself :
1. telnet localhost 25 --> Worked
2. telnet localhost 1723 --> Worked
3. telnet localhost 500 --> Did Not work.

Many Thanks,
Praveen.
0
rpraveen
Asked:
rpraveen
  • 12
  • 7
  • 5
2 Solutions
 
Jay_Jay70Commented:
Hi rpraveen,

extract from VPN site

If the VPN server is behind a router, Port Mapping will need to be done on the router.
Standard port usage is 1723 for PPTP. You might also need to configure your router for PPTP Passthrough. Port usage for IPSec is 500, 50-51. These ports will have to be forwarded to the VPN server's local IP address

could be the last ports you are missing

Cheers!
0
 
rpraveenAuthor Commented:
Hi Jay,

Thank you very much. It worked. But I am unable to access resources on the other machines on the LAN while connected using VPN via the internet. HOw can I achieve this, please.

Thanks
Praveen.
0
 
Jay_Jay70Commented:
hmm do you get given an IP address that matches the other machines when you connect via VPN?
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Jay_Jay70Commented:
are you able to ping other machines and if you run \\computername what happens?
0
 
rpraveenAuthor Commented:
Yes, I get an IP silimar to the ones on the LAN. I am able to ping other machines. But I am unable to get access using \\computername. It says "The network path was not found."
0
 
Jay_Jay70Commented:
how about \\IPADDRESS    i am thinking its a simple DNS settings....

im off to bed mate, ill continue with you tomorrow :) just post a question letting me know your back online

James
0
 
rpraveenAuthor Commented:
Hi James,

Hope you had a good night. Guess you are in Australia. \\ipaddress works. Looks like a simple DNS setting, but I am not sure what to change. However, I put in an entry in the hosts file of the OS and then i was able to get \\computername. Is there a better solution that you have on this. PLs let me know.

Thanks
Praveen.
0
 
Rob WilliamsCommented:
Praveen, please do not award any points in my direction, if this is of some help, as James (Jay_Jay70) located your problem. But where he is "off duty" right now I'll post a copy of my "name resolution solutions", which may be of some help to you:

NetBIOS names are not normally broadcast over a VPN, to work around this issue try the following solutions:
1) Use the IP address (of the computer you are connecting to) when connecting to devices such as;   \\123.123.123.123\ShareName   or map a drive at a  command prompt using  
 Net  Use  U:  \\123.123.123.123\ShareName
2) An option is to use the LMHosts file which creates a table of IP's and computer names. LMHosts is located in the Windows directory under c:\Windows (or WINNT)\System32\Drivers\Etc\LMHosts.sam , instructions are included within the file. Any line starting with # is just a comment and is ignored. Open the file with Notepad and add entries for your computers as below;
192.168.0.101      CompName       #PRE
Hit enter when each line is complete (important), then save the file without a file extension. To be sure there is no extension ,when saving enclose in quotations like "LMHosts". Now when you try to connect to a computer name it should find it as it will search the LMHosts file for the record before connecting.
More details regarding LMHosts file:
http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/windows/2000/server/reskit/en-us/cnet/cnfd_lmh_QXQQ.asp
The drawback of the LMHosts file is you have to maintain a static list of computernames and IP addresses. Also if the remote end uses DHCP assigned IP's it is not a feasible option. Thus in order to be able to use computer names dynamically try to enable with some of the following options:
3) if you have a WINS server add that to the network cards configuration
4) also under the WINS configuration on the network adapter make sure NetBIOS over TCP/IP is selected
5) try adding the remote DNS server to your local DNS servers in your network card's TCP/IP configuration
6) verify your router does not have a "block NetBIOS broadcast" option enabled
7) test if you can connect with the full computer and domain name as  \\ComputerName.domain.local  If so, add the suffix DomainName.local to the DNS configuration of the virtual private adapter/connection [ right click virtual adapter | properties | TCP/IP properties | Advanced | DNS | "Append these DNS suffixes (in order)" | Add ]
 
0
 
Jay_Jay70Commented:
rob,

wow thats an answer! you deserve points on this for sure as you just pointed out a few things i didnt know about. ill be pasting that answer in my little book of knowledge for future reference!

James


Praveen,

hows is goin mate, did you try Rob's suggestions??

0
 
Rob WilliamsCommented:
Aw shucks !   Actually just a list I made a while ago, that I cut and paste. Name resolution over a VPN can be a nuisance some times.
Thanks though.
--Rob
0
 
Jay_Jay70Commented:
ha well i just flogged your list for my own!
0
 
Rob WilliamsCommented:
I hope I got credit, even if no points.  :-)
Plagiarism is punishable by caging with Tasmanian Devils.
0
 
Jay_Jay70Commented:
its alright the little buggers are virtually extinct.... if you can find one you can cage me with hm!  (zoos dont count)

its more for my use anywayz :)
0
 
Rob WilliamsCommented:
Feel free, just 'razzing you'
--Rob
0
 
Jay_Jay70Commented:
:) ill send you a tazzy devil in repayment
0
 
Rob WilliamsCommented:
Let's see you get that through customs.
0
 
Jay_Jay70Commented:
hmm toushe    i submit....
0
 
rpraveenAuthor Commented:
Hi James and Rob,

Thanks a lot to you guys. I tried the \\ipaddress suggested by James and the hosts file entry suggested by Rob. The two together helped me resolve my problem. Thanks once again.

James, good luck with getting a tazzy devil across to Rob ;)

I am going to split the points on this question to both of you.

Thanks and Regards,
Praveen.
0
 
Jay_Jay70Commented:
thanks praveen,

out of curiosity, i dont really care about the points, but why did we get the B grade, did our answers not help you enough??

i think i will have to express post the little rodent!

cheers mate
0
 
rpraveenAuthor Commented:
Hi James,

Sorry about that. that was an oversight. I think I was using the keyboard rather than the mouse and I made a mistake in choosing the grade. Is there a way I can change it to A? because I truely feel that your answers helped me solve my problem.

Many Thanks again,
Praveen.
0
 
Jay_Jay70Commented:
thats ok mate i was just curious

you can place a question in communtiy support asking the grade to be changed to A and the mods will take care of it for you. just make sure you put a link to this Q

as i said, i was just hoping that we had given a correct answer and if not, just wanted to know where it went skewiff!

cheers Praveen

James
0
 
Rob WilliamsCommented:
Thanks Praveen.,
--Rob
0
 
Rob WilliamsCommented:
Even more thanks <G> rpraveen, and AnnieMod.
--Rob
0
 
Jay_Jay70Commented:
thankyou!
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

  • 12
  • 7
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now