Need to test VPN
One of my co-workers has created a new VPN connection between our Windows 2003 SBS Server and a Windows XP SP2 notebook which until recently was used as a local PC in the same domain.
When connecting from a remote location via VPN connectiong the PC does not see the shares that it requires and when an attempt to connect to an existing share is made and error states "you may not have permission to access this resource."
My coworker believes that he is connecting sucesfully with the VPN but is not being permitted access to shares that were accessible locally under the same user account.
Any insights will be greatly appreciated.
- G
When connecting from a remote location via VPN connectiong the PC does not see the shares that it requires and when an attempt to connect to an existing share is made and error states "you may not have permission to access this resource."
My coworker believes that he is connecting sucesfully with the VPN but is not being permitted access to shares that were accessible locally under the same user account.
Any insights will be greatly appreciated.
- G
Rob Williams
Sounds like he may be right. Try pinging the computer in question (the one that holds the shares) through the VPN tunnel. Make sure the Windows, or any other software firewall is disabled.
ASKER
Do you mean that I should change the firewall settings on the VPN client PC or the server in the office?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
In order to use VPN to talk to a remote network, I need to end up with an IP address that is consistent with those used inside the domain I want to work with correct? Shouldn't I be able to ping the local machines if I connect sucesfully?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Prashsax: We are using the VPN feature in our Pix 501 device, so yes, it is third party as we are not using the Windows 2K3 SBS to do this.
Robwill:
* We will temporarily shut down the Firewall on the server. Hopefully ping has not been disabled and the server will answer. How do you turn on/off ping?
* I thought that you should be able to ping the local machine if you connected... I did not know that the local and remote machines would be on different subnets. I thought that NAT, the VPN or someother feature would give us a local address once we connected. If remote machin is 10.10.10.3 and server is 192.168.0.3 could they ping each other? I am thinking no, but maybe the VPN behaves differently.
* I agree about the deny error. I,m perplexed about the ping/Ip address situation.
* Maarlika says VPN client should be DHCp, is that workable?
I'm very gratefull for all the posts, thanks for helping. - G
Robwill:
* We will temporarily shut down the Firewall on the server. Hopefully ping has not been disabled and the server will answer. How do you turn on/off ping?
* I thought that you should be able to ping the local machine if you connected... I did not know that the local and remote machines would be on different subnets. I thought that NAT, the VPN or someother feature would give us a local address once we connected. If remote machin is 10.10.10.3 and server is 192.168.0.3 could they ping each other? I am thinking no, but maybe the VPN behaves differently.
* I agree about the deny error. I,m perplexed about the ping/Ip address situation.
* Maarlika says VPN client should be DHCp, is that workable?
I'm very gratefull for all the posts, thanks for helping. - G
>>"How do you turn on/off ping?"
Control Panel | Windows Firewall | Advanced | ICMP - Settings | Allow incoming echo request
As for the different subnets the routing of the tunnel looks after that. However, if you are using the Cisco client, rather than 2 Cisco VPN routers, you will likely be assigned an IP in the same subnet and the virtual network adapter again looks after any necessary routing in this case.
The problem that can occur if the subnets are the same is packets received by a routing device to not know in which direction to send the packets if both ends of a tunnel have the same subnet.
The Cisco client is usually set to DHCP but can be configured with static IP's.
Control Panel | Windows Firewall | Advanced | ICMP - Settings | Allow incoming echo request
As for the different subnets the routing of the tunnel looks after that. However, if you are using the Cisco client, rather than 2 Cisco VPN routers, you will likely be assigned an IP in the same subnet and the virtual network adapter again looks after any necessary routing in this case.
The problem that can occur if the subnets are the same is packets received by a routing device to not know in which direction to send the packets if both ends of a tunnel have the same subnet.
The Cisco client is usually set to DHCP but can be configured with static IP's.
Thank you ggordon777,
--Rob
--Rob