vpn connection does not connect

i have 3 DC's and 3 member servers, all working properly. Recentely, the remote access serivce (VPN) stopped working. I reset up the Routing and remote access on one of the dc,and 2 additional member servers with the same results.

The story is like this:
i am trying internally,which means that i do not have to worry about firewalls and routers. I can not connect from a workstation to the remote access service for any user who is granted  permissions to connect. But, i can connect with the same user account from any server or member server. no firewall is enabled at all. If i try to connect from a workstation on the same network, it just says connecting and that it it, then it quits. on the same worksation , i go to command prompt, and type netstat -a, and it shows me that it did established a connection to the remote access server. I tried everything, remote access policy dhcp relay agent with no luck. i am doing pptp. nothing special, and i am going with the default when i setup the routing and remote access server.
Any ideas

KazzazAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rob WilliamsCommented:
As a rule you cannot test this using your External/WAN/Public IP from the same site. You are asking the router to do a 'U'-turn, which most cannot do. Have you tried connecting from off site? or are you using and internal address on the RRAS server as a test ?

You might also want to review the configuration at:
Server 2003 configuration:
http://www.onecomputerguy.com/networking/w3k_vpn_server.htm
Windows XP client configuration:
http://www.onecomputerguy.com/networking/xp_vpn.htm
Is the port forwarding on the router still the same, or has any of the IP addressing changed?
0
KazzazAuthor Commented:
Thanks for the reply

I am not asking the router to do U turn, i am just entering the ip address of the RAS server while i am on site , i am not going out at all. If i can connect internally, i can manage the forwarding ports on the router.
My RAS Ip address is 10.0.1.7, my workstation is 10.0.1.52, on the workstation my VPN connection is set to contact 10.0.1.7 to connect to the VPN.
I did try it from outside and on the router i have the 1723, 47 port forwarded to 10.0.1.7, it used to be working right until 2 weeks ago.

0
Rob WilliamsCommented:
Interesting.
There is a security feature in the VPN client that blocks local connections, to protect the office/remote network. In a single server environment this should not affect your ability to connect to the RRAS server, but in the multi-server environment you have, I am not sure of the consequences when connecting locally. For example it could block access to your DC or DNS server. Perhaps try disabling as a test. I am "grasping at straws" but if you wish to do so, on the client/connecting PC, go to:
control panel | network connections | right click on the VPN/Virtual adapter and choose properties | Networking | TCP/IP -properties | Advanced | General | un-check  "Use default gateway on remote network"
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

KazzazAuthor Commented:
I did that too with no success. I narrowed it down to policy issues, but i tried all kind policy setting for the users and still the same thing.
Thanks for the input Robwill
0
Rob WilliamsCommented:
Any idea what "policy issues" ? Shouldn't have to enable/disable any polices within RRAS, IAS, or group policy to enable a connection. They are more for restricting access once configured. The only one that would need to be configured is to allow access. Usually this is set in the user's profile in active directory under dial-in. However, if it were set to disabled you would get a an authentication error when connecting.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Rob WilliamsCommented:
Thanks Kazzaz,
Cheers !
--Rob
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.