Khaled Azzaz
asked on
vpn connection does not connect
i have 3 DC's and 3 member servers, all working properly. Recentely, the remote access serivce (VPN) stopped working. I reset up the Routing and remote access on one of the dc,and 2 additional member servers with the same results.
The story is like this:
i am trying internally,which means that i do not have to worry about firewalls and routers. I can not connect from a workstation to the remote access service for any user who is granted permissions to connect. But, i can connect with the same user account from any server or member server. no firewall is enabled at all. If i try to connect from a workstation on the same network, it just says connecting and that it it, then it quits. on the same worksation , i go to command prompt, and type netstat -a, and it shows me that it did established a connection to the remote access server. I tried everything, remote access policy dhcp relay agent with no luck. i am doing pptp. nothing special, and i am going with the default when i setup the routing and remote access server.
Any ideas
The story is like this:
i am trying internally,which means that i do not have to worry about firewalls and routers. I can not connect from a workstation to the remote access service for any user who is granted permissions to connect. But, i can connect with the same user account from any server or member server. no firewall is enabled at all. If i try to connect from a workstation on the same network, it just says connecting and that it it, then it quits. on the same worksation , i go to command prompt, and type netstat -a, and it shows me that it did established a connection to the remote access server. I tried everything, remote access policy dhcp relay agent with no luck. i am doing pptp. nothing special, and i am going with the default when i setup the routing and remote access server.
Any ideas
ASKER
Thanks for the reply
I am not asking the router to do U turn, i am just entering the ip address of the RAS server while i am on site , i am not going out at all. If i can connect internally, i can manage the forwarding ports on the router.
My RAS Ip address is 10.0.1.7, my workstation is 10.0.1.52, on the workstation my VPN connection is set to contact 10.0.1.7 to connect to the VPN.
I did try it from outside and on the router i have the 1723, 47 port forwarded to 10.0.1.7, it used to be working right until 2 weeks ago.
I am not asking the router to do U turn, i am just entering the ip address of the RAS server while i am on site , i am not going out at all. If i can connect internally, i can manage the forwarding ports on the router.
My RAS Ip address is 10.0.1.7, my workstation is 10.0.1.52, on the workstation my VPN connection is set to contact 10.0.1.7 to connect to the VPN.
I did try it from outside and on the router i have the 1723, 47 port forwarded to 10.0.1.7, it used to be working right until 2 weeks ago.
Interesting.
There is a security feature in the VPN client that blocks local connections, to protect the office/remote network. In a single server environment this should not affect your ability to connect to the RRAS server, but in the multi-server environment you have, I am not sure of the consequences when connecting locally. For example it could block access to your DC or DNS server. Perhaps try disabling as a test. I am "grasping at straws" but if you wish to do so, on the client/connecting PC, go to:
control panel | network connections | right click on the VPN/Virtual adapter and choose properties | Networking | TCP/IP -properties | Advanced | General | un-check "Use default gateway on remote network"
There is a security feature in the VPN client that blocks local connections, to protect the office/remote network. In a single server environment this should not affect your ability to connect to the RRAS server, but in the multi-server environment you have, I am not sure of the consequences when connecting locally. For example it could block access to your DC or DNS server. Perhaps try disabling as a test. I am "grasping at straws" but if you wish to do so, on the client/connecting PC, go to:
control panel | network connections | right click on the VPN/Virtual adapter and choose properties | Networking | TCP/IP -properties | Advanced | General | un-check "Use default gateway on remote network"
ASKER
I did that too with no success. I narrowed it down to policy issues, but i tried all kind policy setting for the users and still the same thing.
Thanks for the input Robwill
Thanks for the input Robwill
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Thanks Kazzaz,
Cheers !
--Rob
Cheers !
--Rob
You might also want to review the configuration at:
Server 2003 configuration:
http://www.onecomputerguy.com/networking/w3k_vpn_server.htm
Windows XP client configuration:
http://www.onecomputerguy.com/networking/xp_vpn.htm
Is the port forwarding on the router still the same, or has any of the IP addressing changed?