Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


vpn connection  does not connect

Posted on 2007-03-19
Medium Priority
Last Modified: 2010-04-18
i have 3 DC's and 3 member servers, all working properly. Recentely, the remote access serivce (VPN) stopped working. I reset up the Routing and remote access on one of the dc,and 2 additional member servers with the same results.

The story is like this:
i am trying internally,which means that i do not have to worry about firewalls and routers. I can not connect from a workstation to the remote access service for any user who is granted  permissions to connect. But, i can connect with the same user account from any server or member server. no firewall is enabled at all. If i try to connect from a workstation on the same network, it just says connecting and that it it, then it quits. on the same worksation , i go to command prompt, and type netstat -a, and it shows me that it did established a connection to the remote access server. I tried everything, remote access policy dhcp relay agent with no luck. i am doing pptp. nothing special, and i am going with the default when i setup the routing and remote access server.
Any ideas

Question by:Kazzaz
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
LVL 77

Expert Comment

by:Rob Williams
ID: 18753445
As a rule you cannot test this using your External/WAN/Public IP from the same site. You are asking the router to do a 'U'-turn, which most cannot do. Have you tried connecting from off site? or are you using and internal address on the RRAS server as a test ?

You might also want to review the configuration at:
Server 2003 configuration:
Windows XP client configuration:
Is the port forwarding on the router still the same, or has any of the IP addressing changed?

Author Comment

ID: 18753889
Thanks for the reply

I am not asking the router to do U turn, i am just entering the ip address of the RAS server while i am on site , i am not going out at all. If i can connect internally, i can manage the forwarding ports on the router.
My RAS Ip address is, my workstation is, on the workstation my VPN connection is set to contact to connect to the VPN.
I did try it from outside and on the router i have the 1723, 47 port forwarded to, it used to be working right until 2 weeks ago.

LVL 77

Expert Comment

by:Rob Williams
ID: 18757843
There is a security feature in the VPN client that blocks local connections, to protect the office/remote network. In a single server environment this should not affect your ability to connect to the RRAS server, but in the multi-server environment you have, I am not sure of the consequences when connecting locally. For example it could block access to your DC or DNS server. Perhaps try disabling as a test. I am "grasping at straws" but if you wish to do so, on the client/connecting PC, go to:
control panel | network connections | right click on the VPN/Virtual adapter and choose properties | Networking | TCP/IP -properties | Advanced | General | un-check  "Use default gateway on remote network"
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  


Author Comment

ID: 18757893
I did that too with no success. I narrowed it down to policy issues, but i tried all kind policy setting for the users and still the same thing.
Thanks for the input Robwill
LVL 77

Accepted Solution

Rob Williams earned 1500 total points
ID: 18758893
Any idea what "policy issues" ? Shouldn't have to enable/disable any polices within RRAS, IAS, or group policy to enable a connection. They are more for restricting access once configured. The only one that would need to be configured is to allow access. Usually this is set in the user's profile in active directory under dial-in. However, if it were set to disabled you would get a an authentication error when connecting.
LVL 77

Expert Comment

by:Rob Williams
ID: 18816562
Thanks Kazzaz,
Cheers !

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question