Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

vpn connection  does not connect

Posted on 2007-03-19
6
262 Views
Last Modified: 2010-04-18
i have 3 DC's and 3 member servers, all working properly. Recentely, the remote access serivce (VPN) stopped working. I reset up the Routing and remote access on one of the dc,and 2 additional member servers with the same results.

The story is like this:
i am trying internally,which means that i do not have to worry about firewalls and routers. I can not connect from a workstation to the remote access service for any user who is granted  permissions to connect. But, i can connect with the same user account from any server or member server. no firewall is enabled at all. If i try to connect from a workstation on the same network, it just says connecting and that it it, then it quits. on the same worksation , i go to command prompt, and type netstat -a, and it shows me that it did established a connection to the remote access server. I tried everything, remote access policy dhcp relay agent with no luck. i am doing pptp. nothing special, and i am going with the default when i setup the routing and remote access server.
Any ideas

0
Comment
Question by:Kazzaz
  • 4
  • 2
6 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18753445
As a rule you cannot test this using your External/WAN/Public IP from the same site. You are asking the router to do a 'U'-turn, which most cannot do. Have you tried connecting from off site? or are you using and internal address on the RRAS server as a test ?

You might also want to review the configuration at:
Server 2003 configuration:
http://www.onecomputerguy.com/networking/w3k_vpn_server.htm
Windows XP client configuration:
http://www.onecomputerguy.com/networking/xp_vpn.htm
Is the port forwarding on the router still the same, or has any of the IP addressing changed?
0
 

Author Comment

by:Kazzaz
ID: 18753889
Thanks for the reply

I am not asking the router to do U turn, i am just entering the ip address of the RAS server while i am on site , i am not going out at all. If i can connect internally, i can manage the forwarding ports on the router.
My RAS Ip address is 10.0.1.7, my workstation is 10.0.1.52, on the workstation my VPN connection is set to contact 10.0.1.7 to connect to the VPN.
I did try it from outside and on the router i have the 1723, 47 port forwarded to 10.0.1.7, it used to be working right until 2 weeks ago.

0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18757843
Interesting.
There is a security feature in the VPN client that blocks local connections, to protect the office/remote network. In a single server environment this should not affect your ability to connect to the RRAS server, but in the multi-server environment you have, I am not sure of the consequences when connecting locally. For example it could block access to your DC or DNS server. Perhaps try disabling as a test. I am "grasping at straws" but if you wish to do so, on the client/connecting PC, go to:
control panel | network connections | right click on the VPN/Virtual adapter and choose properties | Networking | TCP/IP -properties | Advanced | General | un-check  "Use default gateway on remote network"
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 

Author Comment

by:Kazzaz
ID: 18757893
I did that too with no success. I narrowed it down to policy issues, but i tried all kind policy setting for the users and still the same thing.
Thanks for the input Robwill
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 18758893
Any idea what "policy issues" ? Shouldn't have to enable/disable any polices within RRAS, IAS, or group policy to enable a connection. They are more for restricting access once configured. The only one that would need to be configured is to allow access. Usually this is set in the user's profile in active directory under dial-in. However, if it were set to disabled you would get a an authentication error when connecting.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18816562
Thanks Kazzaz,
Cheers !
--Rob
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Learn about cloud computing and its benefits for small business owners.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question