Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 287
  • Last Modified:

Need help with router over MS PPTP VPN

I have a site to site hardware vpn using Netscreen 5GT firewalls between Site A and Site B.  Some users want to work from home and will VPN into Site A through the firewall to a MS PPTP VPN Server.  The remote users can access the resources at Site A just fine.  The remote users need to access Site B.

How can I accomplish this?
0
avsc
Asked:
avsc
1 Solution
 
Rob WilliamsCommented:
What seems to be the problem?
-are they not able to connect? If so please provide error # and message, and VPN server version.
-are they trying to connect to site B through the site-to-site tunnel while connected to A? Not possible.
-are they trying to connect to both sites at the same time with a VPN client? Many home routers will only support a single PPTP connection, also as I recall XP will only support a single PPTP session. You can have multiple connections but not simultaneously.
0
 
dansotoCommented:
Microsoft PPTP VPN's require:

1) GRE Protocol (usually allowed through most firewalls/routers by enabline the PPTP protocol)
2) Port 1723 MUST be open

I would start by making sure port 1723 is allowed into the network.  Also, the router must forward all requests from port 1723 to the internal IP address of the Microsoft PPTP server.  These are the most important and often overlooked items.

I hope this helps

- dan -
0
 
avscAuthor Commented:
I guess I did not explain it well enough.  The remote users can vpn into site A.  They are able to access resources at site A.  There are other resources at site B which they can not access when VPN into site A.  There is a hardware (Juniper/Netscreen 5GT) site to site VPN tunnel between Site A and Site B. It is complicated as the users are vpn'ed into the MS Network and needing to route over the Juniper/netscreen link.
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
Rob WilliamsCommented:
Unfortunately you cannot VPN to one site and then redirect over a VPN to a 3rd site, the routing just doesn't work.
0
 
avscAuthor Commented:
I resolved my own problem. Normaly I set up the PPTP and deselect the option to use the vpn as the default gateway.

I now selected the option to use the vpn tunnel as the default and I can accesss the site to site networks with ease.

0
 
Rob WilliamsCommented:
Never fails if I say something definitive I am proven wrong  :-)  So you are saying that remote users can connect to A with PPTP client and then to site B through the tunnel, or is it a mapped drive on A that connects to B. Appreciate knowing how it works.

For the record, if I still have any credibility <G>, if ever necessary since apparently it is possible, you could probably also resolve with a route add command. The only packets that would normally be destined for Site A would be those of site A's subnet. With the default gateway unchecked all other packets, such as those destined for site B would be sent to the local gateway and lost. Enabling the default gateway option (which is usually done by default as a security feature to block local and Internet access) would force all packets to the office network. Adding the following should allow it to work with or without the default gateway option:
Assuming
local  = 192.168.1.0 with PPTP/adapter gateway of 192.168.2.100 (would have to be static)
site A = 192.168.2.0
site B = 192.168.3.0

route  add  -p  192.168.3.0  mask  255.255.255.0  192.168.2.100
0
 
Jay_Jay70Commented:
Oops! my bad!

PAQ with points refunded
0
 
ee_ai_constructCommented:
PAQ / Refund
ee ai construct, community support moderator
0

Featured Post

Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now