VPN rejecting my fixed ip on client

Posted on 2006-05-20
Last Modified: 2010-04-12
hi there.

i have set up a ftp on a remote location on a dyanamic IP.  (home)
i use windows VPN to connect to the wan ip of the server to the office using the windows login.

The sites connect and i can ping from one to anoter and use remote desktop.
with the client machine i need to set up the ftp...

the vpn conects with automatic ip configuration but i need to change this to a fixed ip for the FTP. but when i change the IP to a fixed ip and log in to the remote office running windows 2003 the server rejects my fixed ip and only allows automatic ip range..

what do i do to make the vpn use a fixed ip and wil not get rejected by the server so i can run my ftp on that ip everytime.


Question by:Avision27
    LVL 77

    Expert Comment

    by:Rob Williams
    Avision27, reading this I better understand your configuration than the previous question. There are ways to assign a static IP but that shouldn't be necessary. First, it is important that the remote and local networks be on different subnets. If the office is 192.168.0.x then the home network needs to be or similar. If not, you will not be able to do this, because of routing issues. Then to connect to the FTP server, do not use the dynamic IP assigned by the VPN service but rather the actual IP assigned to the FTP servers network adapter, which should be assigned a static IP (within it's own subnet). The VPN and virtual adapter should look after the routing. As a test try pinging the FTP server from the office using that IP. If the FTP server is not on the same physical computer as the VPN client, you will have to make sure the "use  remote gateway" box is unchecekd.
    See if that helps.
    LVL 77

    Accepted Solution

    Should you still wish to assign a static IP to the VPN client, there are a couple of ways you can do so. Use only one method:
      {remember office and home need to be different subnets}
    1) This option, according to Microsoft, requires the domain functional level be Windows 2000 native or better, On the demo server I tried, the option wasn't available until I raised the functional level to Windows 2003 (option is definitely not available with 2000 mixed mode). Do not raise the functional level just for this. If you wish to do so read Microsoft's documentation as to what raising the functional level will affect, it can block access of older computer systems. If the option is available; you can open the user's profile in Active Directory Users and Computers and on the Dial-in tab there is an option (2nd from the bottom) to "Assign a Static IP address". Enable, and insert an IP address within the DHCP server's subnet
    2) Open the Routing and Remote Access Service console, expand the server name options in the left window, click on "Remote Access Policies", in the right hand window right click on "Connections to Microsoft Routing and Remote Access Server" and choose properties, click "Edit Profile", on the "IP" tab check "Client may request an IP address",  "OK" and exist. On the VPN client under TCP/IP properties assign an appropriate IP in the same subnet as the VPN server's subnet

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Suggested Solutions

    One of the Top 10  common Cisco VPN problems are not-matching shared keys. This is an easy one to fix, but not always easy to notice, see the case below. A simple IPsec tunnel between fast Ethernet interfaces of routers SW1 (f1/1) and R1(f0/0). …
    I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now