Solved

vpn connection  does not connect

Posted on 2007-03-19
6
261 Views
Last Modified: 2010-04-18
i have 3 DC's and 3 member servers, all working properly. Recentely, the remote access serivce (VPN) stopped working. I reset up the Routing and remote access on one of the dc,and 2 additional member servers with the same results.

The story is like this:
i am trying internally,which means that i do not have to worry about firewalls and routers. I can not connect from a workstation to the remote access service for any user who is granted  permissions to connect. But, i can connect with the same user account from any server or member server. no firewall is enabled at all. If i try to connect from a workstation on the same network, it just says connecting and that it it, then it quits. on the same worksation , i go to command prompt, and type netstat -a, and it shows me that it did established a connection to the remote access server. I tried everything, remote access policy dhcp relay agent with no luck. i am doing pptp. nothing special, and i am going with the default when i setup the routing and remote access server.
Any ideas

0
Comment
Question by:Kazzaz
  • 4
  • 2
6 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18753445
As a rule you cannot test this using your External/WAN/Public IP from the same site. You are asking the router to do a 'U'-turn, which most cannot do. Have you tried connecting from off site? or are you using and internal address on the RRAS server as a test ?

You might also want to review the configuration at:
Server 2003 configuration:
http://www.onecomputerguy.com/networking/w3k_vpn_server.htm
Windows XP client configuration:
http://www.onecomputerguy.com/networking/xp_vpn.htm
Is the port forwarding on the router still the same, or has any of the IP addressing changed?
0
 

Author Comment

by:Kazzaz
ID: 18753889
Thanks for the reply

I am not asking the router to do U turn, i am just entering the ip address of the RAS server while i am on site , i am not going out at all. If i can connect internally, i can manage the forwarding ports on the router.
My RAS Ip address is 10.0.1.7, my workstation is 10.0.1.52, on the workstation my VPN connection is set to contact 10.0.1.7 to connect to the VPN.
I did try it from outside and on the router i have the 1723, 47 port forwarded to 10.0.1.7, it used to be working right until 2 weeks ago.

0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18757843
Interesting.
There is a security feature in the VPN client that blocks local connections, to protect the office/remote network. In a single server environment this should not affect your ability to connect to the RRAS server, but in the multi-server environment you have, I am not sure of the consequences when connecting locally. For example it could block access to your DC or DNS server. Perhaps try disabling as a test. I am "grasping at straws" but if you wish to do so, on the client/connecting PC, go to:
control panel | network connections | right click on the VPN/Virtual adapter and choose properties | Networking | TCP/IP -properties | Advanced | General | un-check  "Use default gateway on remote network"
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:Kazzaz
ID: 18757893
I did that too with no success. I narrowed it down to policy issues, but i tried all kind policy setting for the users and still the same thing.
Thanks for the input Robwill
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 18758893
Any idea what "policy issues" ? Shouldn't have to enable/disable any polices within RRAS, IAS, or group policy to enable a connection. They are more for restricting access once configured. The only one that would need to be configured is to allow access. Usually this is set in the user's profile in active directory under dial-in. However, if it were set to disabled you would get a an authentication error when connecting.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18816562
Thanks Kazzaz,
Cheers !
--Rob
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question