Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Need to test VPN

Posted on 2006-05-30
11
Medium Priority
?
496 Views
Last Modified: 2010-03-19
One of my co-workers has created a new VPN connection between our Windows 2003 SBS Server and a Windows XP SP2 notebook which until recently was used as a local PC in the same domain.

When connecting from a remote location via VPN connectiong the PC does not see the shares that it requires and when an attempt to connect to an existing share is made and error states "you may not have permission to access this resource."  

My coworker believes that he is connecting sucesfully with the VPN but is not being permitted access to shares that were accessible locally under the same user account.

Any insights will be greatly appreciated.

- G
0
Comment
Question by:Gary Gordon
11 Comments
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16793588
Sounds like he may be right. Try pinging the computer in question (the one that holds the shares) through the VPN tunnel. Make sure the Windows, or any other software firewall is disabled.
0
 
LVL 4

Author Comment

by:Gary Gordon
ID: 16793601
Do you mean that I should change the firewall settings on the VPN client PC or the server in the office?
0
 
LVL 7

Assisted Solution

by:TheTull
TheTull earned 200 total points
ID: 16793617
It's highly unlikely he will be able to see the shares once connected as the NetBIOS protocol probably is not being sent over the VPN.

Also, its possible he may be trying to connece to the share with a default username not accepted, to get around this, click the connect using a different name link when mapping a network drive.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 4

Author Comment

by:Gary Gordon
ID: 16793785
In order to use VPN to talk to a remote network, I need to end up with an IP address that is consistent with those used inside the domain I want to work with correct?  Shouldn't I be able to ping the local machines if I connect sucesfully?
0
 
LVL 13

Assisted Solution

by:prashsax
prashsax earned 200 total points
ID: 16793867
Are you using any third party software for VPN connection.

Or you are using Windows IPSec security policy for creating the VPN.

Try pinging the server from client. If you see Trying to negociate VPN..... then you are not able to connect the VPN.

You may need to change the Local IP address in the configuration.

Since, if you are in your LAN laptop will have a private IP address. But when it outside the lan, it will most probably have a public IP address.



0
 
LVL 1

Assisted Solution

by:webquarters
webquarters earned 200 total points
ID: 16793920
You should setup shares using IP address instead of Netbios names.  map shares like \\serverIP\share
0
 
LVL 3

Assisted Solution

by:maharlika
maharlika earned 200 total points
ID: 16794254
Be sure the notebook is set to DHCP and not a fixed IP address.  Typically, the fixed IP's are only used while "inside" the firewall.  Once you go outside the firewall, you have to have DHCP so that it can properly assign the IP.
0
 
LVL 78

Accepted Solution

by:
Rob Williams earned 1200 total points
ID: 16794330
>>"Do you mean that I should change the firewall settings on the VPN client PC or the server in the office?"
Server in the office. It can be configured both tot allow pings and file shares but as a test best to disable temporarily.

>>"Shouldn't I be able to ping the local machines if I connect sucesfully?"
Yes. You are aware the local and remote machines should be on a different subnet?

The fact that there is a deny error, would tend to indicate a permissions problem, not an IP problem, or NetBIOS issue. Does the user have a legitimate user account, and is the user's computer a member of the domain? If the computer is not a member of the domain the user can connect to the shares with the domain name included such as :
UserName@DomainName.abc
or   domainname.abc\UserName
0
 
LVL 4

Author Comment

by:Gary Gordon
ID: 16794630
Prashsax:  We are using the VPN feature in our Pix 501 device, so yes, it is third party as we are not using the Windows 2K3 SBS to do this.

Robwill:  

*  We will temporarily shut down the Firewall on the server.  Hopefully ping has not been disabled and the server will answer.  How do you turn on/off ping?

*  I thought that you should be able to ping the local machine if you connected... I did not know that the local and remote machines would be on different subnets.  I thought that NAT, the VPN or someother feature would give us a local address once we connected. If remote machin is 10.10.10.3 and server is 192.168.0.3 could they ping each other?  I am thinking no, but maybe the VPN behaves differently.

*  I agree about the deny error.  I,m perplexed about the ping/Ip address situation.

*  Maarlika says VPN client should be DHCp, is that workable?

I'm very gratefull for all the posts, thanks for helping.  - G



0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16794666
>>"How do you turn on/off ping?"
Control Panel | Windows Firewall | Advanced | ICMP - Settings | Allow incoming echo request

As for the different subnets the routing of the tunnel looks after that. However, if you are using the Cisco client, rather than 2 Cisco VPN routers,  you will likely be assigned an IP in the same subnet and the virtual network adapter again looks after any necessary routing in this case.
The problem that can occur if the subnets are the same is packets received by a routing device to not know in which direction to send the packets if both ends of a tunnel have the same subnet.

The Cisco client is usually set to DHCP but can be configured with static IP's.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16795027
Thank you ggordon777,
--Rob
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question