Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Need help with router over MS PPTP VPN

Posted on 2006-06-17
10
Medium Priority
?
286 Views
Last Modified: 2010-03-18
I have a site to site hardware vpn using Netscreen 5GT firewalls between Site A and Site B.  Some users want to work from home and will VPN into Site A through the firewall to a MS PPTP VPN Server.  The remote users can access the resources at Site A just fine.  The remote users need to access Site B.

How can I accomplish this?
0
Comment
Question by:avsc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 16926998
What seems to be the problem?
-are they not able to connect? If so please provide error # and message, and VPN server version.
-are they trying to connect to site B through the site-to-site tunnel while connected to A? Not possible.
-are they trying to connect to both sites at the same time with a VPN client? Many home routers will only support a single PPTP connection, also as I recall XP will only support a single PPTP session. You can have multiple connections but not simultaneously.
0
 
LVL 7

Expert Comment

by:dansoto
ID: 16927135
Microsoft PPTP VPN's require:

1) GRE Protocol (usually allowed through most firewalls/routers by enabline the PPTP protocol)
2) Port 1723 MUST be open

I would start by making sure port 1723 is allowed into the network.  Also, the router must forward all requests from port 1723 to the internal IP address of the Microsoft PPTP server.  These are the most important and often overlooked items.

I hope this helps

- dan -
0
 

Author Comment

by:avsc
ID: 16927404
I guess I did not explain it well enough.  The remote users can vpn into site A.  They are able to access resources at site A.  There are other resources at site B which they can not access when VPN into site A.  There is a hardware (Juniper/Netscreen 5GT) site to site VPN tunnel between Site A and Site B. It is complicated as the users are vpn'ed into the MS Network and needing to route over the Juniper/netscreen link.
0
Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

 
LVL 77

Expert Comment

by:Rob Williams
ID: 16927753
Unfortunately you cannot VPN to one site and then redirect over a VPN to a 3rd site, the routing just doesn't work.
0
 

Author Comment

by:avsc
ID: 16931900
I resolved my own problem. Normaly I set up the PPTP and deselect the option to use the vpn as the default gateway.

I now selected the option to use the vpn tunnel as the default and I can accesss the site to site networks with ease.

0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 16933705
Never fails if I say something definitive I am proven wrong  :-)  So you are saying that remote users can connect to A with PPTP client and then to site B through the tunnel, or is it a mapped drive on A that connects to B. Appreciate knowing how it works.

For the record, if I still have any credibility <G>, if ever necessary since apparently it is possible, you could probably also resolve with a route add command. The only packets that would normally be destined for Site A would be those of site A's subnet. With the default gateway unchecked all other packets, such as those destined for site B would be sent to the local gateway and lost. Enabling the default gateway option (which is usually done by default as a security feature to block local and Internet access) would force all packets to the office network. Adding the following should allow it to work with or without the default gateway option:
Assuming
local  = 192.168.1.0 with PPTP/adapter gateway of 192.168.2.100 (would have to be static)
site A = 192.168.2.0
site B = 192.168.3.0

route  add  -p  192.168.3.0  mask  255.255.255.0  192.168.2.100
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17254814
Oops! my bad!

PAQ with points refunded
0
 

Accepted Solution

by:
ee_ai_construct earned 0 total points
ID: 17280976
PAQ / Refund
ee ai construct, community support moderator
0

Featured Post

Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question