Solved

VPN Connection Made - Now What?

Posted on 2006-11-03
10
302 Views
Last Modified: 2010-04-12
Okay, so I have made a VPN connection to a Small Business server from a client computer that is outside the business. It is connected and shows it is in the network connections.

Now I want to be able to access files on the file sever as if I were in the office.

What more do I need to do?

I thought I would be able to map to shared volumes on the server, but apparently I'm missing something.

Here are the details.

Client computer is an XP SP2 desktop that is on a DSL connection. It is on a separate workgroup that is particular to my home.

The work server is a small business server on a domain that is behind a Sonicwall.
0
Comment
Question by:mrmyth
  • 6
  • 4
10 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
Comment Utility
I assume your connection is working and you can ping the devices to which you want to connect. If so you likely have a name resolution issue. This is common with VPN's. Below are some ways to deal with it. Se if any are of some help to you. If you cannot ping the devices make sure their software firewalls such as the Windows firewall is at least disabled for testing. If still no luck let us know and we can help to locate the problem.

1) Use the IP address (of the computer you are connecting to) when connecting to devices such as;   \\123.123.123.123\ShareName   or map a drive at a  command prompt using  
 Net  Use  U:  \\123.123.123.123\ShareName
2) An option is to use the LMHosts file which creates a table of IP's and computer names. LMHosts is located in the Windows directory under c:\Windows (or WINNT)\System32\Drivers\Etc\LMHosts.sam , instructions are included within the file. Any line starting with # is just a comment and is ignored. Open the file with Notepad and add entries for your computers as below;
192.168.0.101      CompName       #PRE
Hit enter when each line is complete (important), then save the file without a file extension. To be sure there is no extension ,when saving enclose in quotations like "LMHosts". Now when you try to connect to a computer name it should find it as it will search the LMHosts file for the record before connecting.
More details regarding LMHosts file:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/cnet/cnfd_lmh_qxqq.mspx?mfr=true
The drawback of the LMHosts file is you have to maintain a static list of computernames and IP addresses. Also if the remote end uses DHCP assigned IP's it is not a feasible option. Thus in order to be able to use computer names dynamically try to enable with some of the following options:
3) if you have a WINS server add that to the network cards configuration
4) also under the WINS configuration on the network adapter make sure NetBIOS over TCP/IP is selected
5) try adding the remote DNS server to your local DNS servers in your network card's TCP/IP configuration
6) verify your router does not have a "block NetBIOS broadcast" option enabled
7) test if you can connect with the full computer and domain name as  \\ComputerName.domain.local  If so, add the suffix DomainName.local to the DNS configuration of the virtual private adapter/connection [ right click virtual adapter | properties | TCP/IP properties | Advanced | DNS | "Append these DNS suffixes (in order)" | Add ]
0
 
LVL 1

Author Comment

by:mrmyth
Comment Utility
That is a great post. Thank you.

OK, so in number 7 I can connect with the full computer and domain name so that is great. I'm making progress! What I don't know where the "DNS configuration of the virtual private adapter/connection" is.  Where you say "right click on virtual adaptor," I don't know where that is. I'm assuming it's on the client computer. In the network connections I have the Connect to Small Business Server connection (as installed from the floppy created by my server) and the Local Area Connection. Both are connected.

I think I'm getting very close to what I want to do with this. I want to be able to take a laptop from the office, to outside the office and use it as if it were in the office. I also want to be able to connect from employee's home xp and 2000 computers so that they can access the shared folders that they have permission to.

So here are my questions
1) the above question about the virtual adapter and what that is.
2) It just so happens that the local network IPs of the network that I'm currently connecting from are all 192.168.2.* and the workplace is 192.168.1.*
Am I going to have conflict trouble if try to connect from a local area network that has the same internal ip range? I'm very wary of the idea of changing the IP addresses of all the computers at the company to something less common, just because of unforseen problems that may arise.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
1) In this case the virtual adapter is called the "Connect to Small Business Server connection "
2) As for having conflicts when users try to connect from sites with the 192.168.1.x subnet........in theory yes. The problem is routing devices direct packets based on subnets. If either end of the tunnel are the same the router doesn't know whether to keep the packets local or send to the remote site and they may be lost.  I say in theory. The only case where similar subnets will sometimes work is with the Windows VPN and the client configured in it's default state. There is an option in the Windows VPN client, to use the remote gateway, located:
control panel | network connections | right click on the VPN/Virtual adapter and choose properties | Networking | TCP/IP -properties | Advanced | General | "Use default gateway on remote network"
If this is enabled, you can often connect with similar subnets. It is enabled by default. This protects the corporate network from local traffic, but also blocks users from connecting to local resources at the client site such as shared printers and local Internet access. It should be enabled but a lot of people don't like the restrictions and un-check it.

The only sure fire way to make the VPN work properly is to change the server side as you suggested. As a rule if you plan to use VPN's, avoid setting up your network with common subnets such as 192.168.0.0, 192.168.1.0, 192.168.2.0, 192.168.100.0, and 10.0.0.0
Should you plan to change the server, make sure you plan carefully, all static IP's for servers, printers and such must be changed, and all DHCP addresses refreshed. VERY important on SBS you use the wizard to change the IP, or many services such as sharepoint and web access features will stop working, if you do it manually.

0
 
LVL 1

Author Comment

by:mrmyth
Comment Utility
That is very very helpful. I'm still not thrilled about the changing of the IP subnets, especially since I have the SOHO3 sonicwall in use and some static ips out there. Any idea of an uncommon subnet that I could use if I do decide to go this route?

the only thing is that when I go to the Network Connections on my client computer and right click on "Connect to Small Business Server" the advanced tap doesn't have the tcp/ip properties. It just has the firewall settings, Internet Connection Sharing and Network setup wizard.

Remote Web Workplace is looking better and better.


0
 
LVL 1

Author Comment

by:mrmyth
Comment Utility
I'm checking out remote web workplace because it just seems like a better solution.

I can log into the site but when I try to connect to the domain server desktop I get the error "Remote Desktop Diskconnected"

The client could not connect to the remote computer. Remote connections might not be enabled or the computer might be too busy to accept new connections...

I have port 4125 open on the firewall, as well as 443.

Any ideas?
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 1

Author Comment

by:mrmyth
Comment Utility
diskconnected... I coined a new word there. I meant disconnected of cours.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
>>"diskconnected"  :-)
I have always felt the inability to spell is a sign of true genius. I must be brilliant !  :-)

If you are able to connect to the RWW web site then the "Remote connections might not be enabled or the computer might be too busy to accept new connections..." usually indicates the Windows firewall on the workstation, is blocking the connection (see #3). However check the following:

On the workstations:
1) if you haven't done so you need to enable remote desktop (actually do this before adjusting the firewall) My computer | properties | Remote| check - Allow users to connect remotely to this computer
2) on the same tab/page click "select remote users" add the user you want to allow to connect. Administrators are allowed by default, but any other users must be a member of the local machine's Remote Desktop Users Group.
3) See if the  Windows firewall is enabled or not configured to allow connections. Either disable as a test or enable remote desktop connections ( control panel | windows firewall ). When you do the latter it usually only allows connections from the same site. You then have to highlight Remote Desktop in the firewall exceptions list | choose edit | highlight tcp 3389 chose change scope | check " allow any computer including those from the Internet"
4) Verify the the network adapter is not "asleep". Under device manager  | properties for the network adapter | power management | "allow the computer to turn off this device to save power" make sure , if it exists it is nod checked/enabled

On the server:
5) Make sure the user is a member of the "Remote Web Workplace Users" group in the "security Groups" OU.
0
 
LVL 1

Author Comment

by:mrmyth
Comment Utility
Great. Thanks for your help. I found that although the port was open in the firewall, I had not designated the IP of the "Public LAN Server"

Next step will be turning on a computer at the worksite and remoting into it.
0
 
LVL 1

Author Comment

by:mrmyth
Comment Utility
I really appreciate the the way you explain things. It is a huge help.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
You are very welcome mrmyth.
Thanks you. Cheers,
--Rob
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I've had to do a bit of research to setup my VPN connection so that Clients can access Windows Server 2008 network shares.  I have a Cisco ASA 5510 firewall.  I found an article which was extremely useful: It had a solution if you use ASDM to config…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now