Solved

Need help with router over MS PPTP VPN

Posted on 2006-06-17
10
283 Views
Last Modified: 2010-03-18
I have a site to site hardware vpn using Netscreen 5GT firewalls between Site A and Site B.  Some users want to work from home and will VPN into Site A through the firewall to a MS PPTP VPN Server.  The remote users can access the resources at Site A just fine.  The remote users need to access Site B.

How can I accomplish this?
0
Comment
Question by:avsc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 16926998
What seems to be the problem?
-are they not able to connect? If so please provide error # and message, and VPN server version.
-are they trying to connect to site B through the site-to-site tunnel while connected to A? Not possible.
-are they trying to connect to both sites at the same time with a VPN client? Many home routers will only support a single PPTP connection, also as I recall XP will only support a single PPTP session. You can have multiple connections but not simultaneously.
0
 
LVL 7

Expert Comment

by:dansoto
ID: 16927135
Microsoft PPTP VPN's require:

1) GRE Protocol (usually allowed through most firewalls/routers by enabline the PPTP protocol)
2) Port 1723 MUST be open

I would start by making sure port 1723 is allowed into the network.  Also, the router must forward all requests from port 1723 to the internal IP address of the Microsoft PPTP server.  These are the most important and often overlooked items.

I hope this helps

- dan -
0
 

Author Comment

by:avsc
ID: 16927404
I guess I did not explain it well enough.  The remote users can vpn into site A.  They are able to access resources at site A.  There are other resources at site B which they can not access when VPN into site A.  There is a hardware (Juniper/Netscreen 5GT) site to site VPN tunnel between Site A and Site B. It is complicated as the users are vpn'ed into the MS Network and needing to route over the Juniper/netscreen link.
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 77

Expert Comment

by:Rob Williams
ID: 16927753
Unfortunately you cannot VPN to one site and then redirect over a VPN to a 3rd site, the routing just doesn't work.
0
 

Author Comment

by:avsc
ID: 16931900
I resolved my own problem. Normaly I set up the PPTP and deselect the option to use the vpn as the default gateway.

I now selected the option to use the vpn tunnel as the default and I can accesss the site to site networks with ease.

0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 16933705
Never fails if I say something definitive I am proven wrong  :-)  So you are saying that remote users can connect to A with PPTP client and then to site B through the tunnel, or is it a mapped drive on A that connects to B. Appreciate knowing how it works.

For the record, if I still have any credibility <G>, if ever necessary since apparently it is possible, you could probably also resolve with a route add command. The only packets that would normally be destined for Site A would be those of site A's subnet. With the default gateway unchecked all other packets, such as those destined for site B would be sent to the local gateway and lost. Enabling the default gateway option (which is usually done by default as a security feature to block local and Internet access) would force all packets to the office network. Adding the following should allow it to work with or without the default gateway option:
Assuming
local  = 192.168.1.0 with PPTP/adapter gateway of 192.168.2.100 (would have to be static)
site A = 192.168.2.0
site B = 192.168.3.0

route  add  -p  192.168.3.0  mask  255.255.255.0  192.168.2.100
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17254814
Oops! my bad!

PAQ with points refunded
0
 

Accepted Solution

by:
ee_ai_construct earned 0 total points
ID: 17280976
PAQ / Refund
ee ai construct, community support moderator
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

689 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question