VPN Problem
Hello
I have 2 ADSL connections at the office (one test and one Primary).
Both have the same router
The test network uses IP addresses in the range 192.168.0.* and consists of a router and one client
The primary network uses IP addresses in the range 192.0.1.* and consists of Win 2003 Server
Using the test network I can establish a VPN connection to our parent company...but using the Primary network I cannot. The parent network uses the range 192.168.1.1
Is the problem related to the IP Addressing scheme used by the Primary network? Or does the problem lie eslewhere.
I can VPN in to other sites but not our parent company!
Please advise.
I have 2 ADSL connections at the office (one test and one Primary).
Both have the same router
The test network uses IP addresses in the range 192.168.0.* and consists of a router and one client
The primary network uses IP addresses in the range 192.0.1.* and consists of Win 2003 Server
Using the test network I can establish a VPN connection to our parent company...but using the Primary network I cannot. The parent network uses the range 192.168.1.1
Is the problem related to the IP Addressing scheme used by the Primary network? Or does the problem lie eslewhere.
I can VPN in to other sites but not our parent company!
Please advise.
ASKER
It comes up with a box saying "Verifying Username and Password" and then it says:
"Error 721 The remote computer did not respond"
"Error 721 The remote computer did not respond"
usually err 721 on authentication can indicate about a wrong security parameters in the VPN dialer....
chk the security & encryption & also chk the vpn type (pptp/l2tp ipsec)
good lyuck and let us know the resoults :)
chk the security & encryption & also chk the vpn type (pptp/l2tp ipsec)
good lyuck and let us know the resoults :)
ASKER
Are you sure that's where I need to look (after all I can connect from the test network using the same vpn connection)? I can't test your suggestion at the moment as the parent site is down at the moment!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The fact that I can connect to other VPN's from my Primary network suggests an issue at the parent site?
are there any changes to the dialer required to connect to the other VPN's ?
ASKER
Not sure - about dialer settings for otehr sites (user who has these not in at the moment).
The fact that I can vpn into the parent company using same dialer settings when using my Test connection suggests a problem at my site or the parent company has blocked access from our site? This brings me back to my original thought.....do you think that my IP address range is causing the problem?
The fact that I can vpn into the parent company using same dialer settings when using my Test connection suggests a problem at my site or the parent company has blocked access from our site? This brings me back to my original thought.....do you think that my IP address range is causing the problem?
-I assume port forwarding is set up on the router for port 1723.
-is the router on the 192.168.1.0 network, the default gateway for the server? If not you will need to add a static routing command with route add
-A 721 error usually specifically means the GRE packets are being blocked. 4 suggested possible causes of this would be:
1) the router does not support or have GRE enabled. On mosts smaller home/office routers this is set up using "enable PPTP pass-through" or "enable VPN pass-through" on the router
2) the Windows firewall or another software firewall could be blocking it
3) are there multiple NAT devices such as a modem that has combined modem and router capabilities, in addition to a route
4) not as common but some routers, modems, and ISP's ( last one obviously not the option here) do not support PPTP traffic
-Although the remote and local networks should never be the same with a VPN connection, it is usually OK with a Windows VPN connection using the PPTP client. This is due to the fact that it uses a virtual adapter. However, if the network at the remote site is using 192.168.1.0 as well I would change it. I also don't recommend using a default IP scheme at the main office, it creates the opportunity for IP conflicts with different users connecting from different sites.
-is the router on the 192.168.1.0 network, the default gateway for the server? If not you will need to add a static routing command with route add
-A 721 error usually specifically means the GRE packets are being blocked. 4 suggested possible causes of this would be:
1) the router does not support or have GRE enabled. On mosts smaller home/office routers this is set up using "enable PPTP pass-through" or "enable VPN pass-through" on the router
2) the Windows firewall or another software firewall could be blocking it
3) are there multiple NAT devices such as a modem that has combined modem and router capabilities, in addition to a route
4) not as common but some routers, modems, and ISP's ( last one obviously not the option here) do not support PPTP traffic
-Although the remote and local networks should never be the same with a VPN connection, it is usually OK with a Windows VPN connection using the PPTP client. This is due to the fact that it uses a virtual adapter. However, if the network at the remote site is using 192.168.1.0 as well I would change it. I also don't recommend using a default IP scheme at the main office, it creates the opportunity for IP conflicts with different users connecting from different sites.
ASKER
All outbound ports are open
Primary network uses 192.0.1.0...and yes, the default gateway for the server on this network is the router
1.) I don't think this is an issue. I have 2 identical routers with same settings. Except the one on the test network is used as a DHCP server. On the primary network the server does the DHCP
2.) I connected my PC directly to the router (it's a switch too) and the problem still exists so no firewall issues.
3.) No
4.) I think this is most likely issue is the ISP esp. as I have tried connecting directly via the router. I plan to migrate to a different ISP anyway....so hopefully this will resolve the issue
What do you mean by "don't use a default IP scheme at the main office".
Please advise, Simon
Primary network uses 192.0.1.0...and yes, the default gateway for the server on this network is the router
1.) I don't think this is an issue. I have 2 identical routers with same settings. Except the one on the test network is used as a DHCP server. On the primary network the server does the DHCP
2.) I connected my PC directly to the router (it's a switch too) and the problem still exists so no firewall issues.
3.) No
4.) I think this is most likely issue is the ISP esp. as I have tried connecting directly via the router. I plan to migrate to a different ISP anyway....so hopefully this will resolve the issue
What do you mean by "don't use a default IP scheme at the main office".
Please advise, Simon
>>"2.) I connected my PC directly to the router (it's a switch too) and the problem still exists so no firewall issues."
I don't follow how you connected your PC. The firewall I am referring to would be on the VPN server, the Windows server, and blocking inbound connections. Try testing by disabling it [ Control Panel | Windows Firewall | Off ]
>>"What do you mean by "don't use a default IP scheme at the main office".
VPN's should always have different subnets at either ends of a tunnel. If you use something like 192.168.1.0 at the main office, which is a very common default subnet, used by many home routers, remote VPN users run a greater risk of having routing issues due to the same subnet at the remote end. Better at the office to use something less common like 192.168.123.0 For the record the most common ones are 192.168.0.0, 192.168.1.0, 192.168.2.0, 192.168.100.0.0 and 10.0.0.0
Twice now you have shown 192.0.1.0 as the office subnet. Is this correct or a typo? 192.0.1.0 is a public IP range and should not be used on a private LAN. If a Typo and it should read 192.168.1.0 that is fine, though I prefer something different as mentioned above.
I don't follow how you connected your PC. The firewall I am referring to would be on the VPN server, the Windows server, and blocking inbound connections. Try testing by disabling it [ Control Panel | Windows Firewall | Off ]
>>"What do you mean by "don't use a default IP scheme at the main office".
VPN's should always have different subnets at either ends of a tunnel. If you use something like 192.168.1.0 at the main office, which is a very common default subnet, used by many home routers, remote VPN users run a greater risk of having routing issues due to the same subnet at the remote end. Better at the office to use something less common like 192.168.123.0 For the record the most common ones are 192.168.0.0, 192.168.1.0, 192.168.2.0, 192.168.100.0.0 and 10.0.0.0
Twice now you have shown 192.0.1.0 as the office subnet. Is this correct or a typo? 192.0.1.0 is a public IP range and should not be used on a private LAN. If a Typo and it should read 192.168.1.0 that is fine, though I prefer something different as mentioned above.
ASKER
>>We have a Netgear wireless Router/modem with built in firewall and it has LAN ports on it. I connected my laptop directly to one of these ports. All outbound ports on the firewall are open. Do i need to open some inbound ones as well.
>>OK - got you.
No - it's not a typo! Our office subnet is 192.0.1.0. Could this be the problem?
>>OK - got you.
No - it's not a typo! Our office subnet is 192.0.1.0. Could this be the problem?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
what basically RobWill means is that the vpn server's firewall might be blocking your office subnet -=> the one with the ip range 192.0.1.x
i think it will be a good start to try and disabling it first....
i think it will be a good start to try and disabling it first....
Actually, AbIg0r6, in the second section of my previous post, I was referring to the possibility that the Windows server may have the Windows firewall or some other software firewall enabled which is bocking all incoming traffic, specifically VPN GRE and PPTP traffic.
to RobWill -> from my exp. with vpn usually the err you get if being blocked by a firewall is 678 or 769
any way it's easy to chk by trying to telnet to that spacific server on the vpn port/s
any way it's easy to chk by trying to telnet to that spacific server on the vpn port/s
doddwell , were you able to resolve? Did you change your subnet to a standard private range?
--Rob
--Rob
ASKER
Sorry for delay - been off. The parent company have upgraded their router and firewall. Not sure what they have done...but it works!
ASKER
By the way..have done nothing at this end (so left subnet as is)
Thanks doddwell. Glad to hear you are up and running.
As for the 192.0.1.0 subnet it will work fine, but if ever a user should happen to try to connect to a web site, for example, with a public IP in that subnet they will not be able to connect.
Cheers.
--Rob
As for the 192.0.1.0 subnet it will work fine, but if ever a user should happen to try to connect to a web site, for example, with a public IP in that subnet they will not be able to connect.
Cheers.
--Rob
what are the errors you are getting when you try and contact the primary