roschera
asked on
Getting VPN setup to connect via dial up when VPN shuts down internet connection other than its own.
I have a Toshiba Satellite laptop running Windows Vista Ultimate. The company I work for has a client that has their VPN set up to shut down any access, other than its own, to the internet. The client is not willing to make any changes to their current set up. If I hook up my laptop to the comany's LAN, via a direct ethernet connection, I can sucessfully obtain a VPN connection, and remote desktop to the PC at the clients' location. However, I'd like to be able to dial in securely to my compay's network and make the connection appear to be the same as if I were using a direct ethernet connection. Is this possble? If it is, please tell me how.
Thank you!
Roschera
Thank you!
Roschera
ASKER
Hi,
You are correct, I want to VPN into my company and then out to the client site. I just have a few more questions for clarification. When you stated that it depends on what type of VPN client is being used to access our client site, what type should it be (is this the MS PPTP you refer to later in your response?) Also, in the workaround, you specifically stated that I have to log on to 2 different severs - so am I right in assuming that it won't work by logging in to two work station PCs that just happen to be loggged in to the network? Also, how do I set up a PPTP client?
Sorry, as a programmer, networking is not my forte. :-)
Thanks for all your help!
Roschera
You are correct, I want to VPN into my company and then out to the client site. I just have a few more questions for clarification. When you stated that it depends on what type of VPN client is being used to access our client site, what type should it be (is this the MS PPTP you refer to later in your response?) Also, in the workaround, you specifically stated that I have to log on to 2 different severs - so am I right in assuming that it won't work by logging in to two work station PCs that just happen to be loggged in to the network? Also, how do I set up a PPTP client?
Sorry, as a programmer, networking is not my forte. :-)
Thanks for all your help!
Roschera
hi
<<When you stated that it depends on what type of VPN client is being used to access our client site, what type should it be (is this the MS PPTP you refer to later in your response?)
The reason i mentioned this is that it will only work if the VPN client to the client allows you to connect to your local network while on the VPN. THe PPTP one will allow you to change the setting (if its not already allowed) but a Cisco VPN client for example is configured by the remote end - so if the client has given you VPN access but doesn't allow the VPN access to its own local lan once connected, there is nothing you can do about it.
<<Also, in the workaround, you specifically stated that I have to log on to 2 different severs - so am I right in assuming that it won't work by logging in to two work station PCs that just happen to be loggged in to the network?
PCs will work just as well. Sorry if i confused you on this - the point is that you need to RDP to a server/PC when you VPN in. Then RDP to another machine (server/PC) on the local network on the same ip range. From there you can issue a VPN connection to outside without being disconnected.
I know this is very roundabout but it does work!
hth
<<When you stated that it depends on what type of VPN client is being used to access our client site, what type should it be (is this the MS PPTP you refer to later in your response?)
The reason i mentioned this is that it will only work if the VPN client to the client allows you to connect to your local network while on the VPN. THe PPTP one will allow you to change the setting (if its not already allowed) but a Cisco VPN client for example is configured by the remote end - so if the client has given you VPN access but doesn't allow the VPN access to its own local lan once connected, there is nothing you can do about it.
<<Also, in the workaround, you specifically stated that I have to log on to 2 different severs - so am I right in assuming that it won't work by logging in to two work station PCs that just happen to be loggged in to the network?
PCs will work just as well. Sorry if i confused you on this - the point is that you need to RDP to a server/PC when you VPN in. Then RDP to another machine (server/PC) on the local network on the same ip range. From there you can issue a VPN connection to outside without being disconnected.
I know this is very roundabout but it does work!
hth
ASKER
Hi,
Sorry so late in getting back to you - production problems. Unfortunately, my situation is the first scenario you referred to. However, the client has conceded to allow us to change the Cisco settings on their end, but ONLY if we give them step by step instructions - as they have recently contracted an outside company to handle their networking - and a work order has to be issued with fairly specific instructions on what they want done without the specifics of the exact IP address and other pertinent information.
Thanks!
Roschera
Sorry so late in getting back to you - production problems. Unfortunately, my situation is the first scenario you referred to. However, the client has conceded to allow us to change the Cisco settings on their end, but ONLY if we give them step by step instructions - as they have recently contracted an outside company to handle their networking - and a work order has to be issued with fairly specific instructions on what they want done without the specifics of the exact IP address and other pertinent information.
Thanks!
Roschera
hi
i understand your situation but to be honest - I don't think its advisable to go into instructions on this. The reason is that they may have several policies or different VPN settings and without the full details and knowledge of the setup - me giving you commands could result in something else I am unaware of having issues. The best thing you can do is supply the company details of what you are trying to achieve and why you are trying to achieve it. With this detail, the third party company should be able to amend the settings accordingly.
Have you tried the trick I mentioned above - it may already work depending on the setup of the Cisco client?
I'm sorry I cannot give you a proper fix for this issue but when third parties are involved on a contractual basis, you need to be very careful of giving steps as the responsiblility would ultimately lie with you.
hth
i understand your situation but to be honest - I don't think its advisable to go into instructions on this. The reason is that they may have several policies or different VPN settings and without the full details and knowledge of the setup - me giving you commands could result in something else I am unaware of having issues. The best thing you can do is supply the company details of what you are trying to achieve and why you are trying to achieve it. With this detail, the third party company should be able to amend the settings accordingly.
Have you tried the trick I mentioned above - it may already work depending on the setup of the Cisco client?
I'm sorry I cannot give you a proper fix for this issue but when third parties are involved on a contractual basis, you need to be very careful of giving steps as the responsiblility would ultimately lie with you.
hth
ASKER
Hi,
I did try the solution you gave but it still closes the port. I understand your reluctance to give out specific instructions, but could you point me in the right direction as to what they can look at to make the changes? I'm pretty sure it'd be in the administrative set up of Cisco, but I'm not sure where to tell them to go and look in order to change the behaviour of Cisco closing the port so you can only access the DMZ.
Thanks,
Roschera
I did try the solution you gave but it still closes the port. I understand your reluctance to give out specific instructions, but could you point me in the right direction as to what they can look at to make the changes? I'm pretty sure it'd be in the administrative set up of Cisco, but I'm not sure where to tell them to go and look in order to change the behaviour of Cisco closing the port so you can only access the DMZ.
Thanks,
Roschera
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This is determined by the policy on the VPN itself - ie how the other company has secured it and how it tunnels certain traffic. Your query isn't quite clear but what i am reading from it is that you can vpn into the client when on your companies lan - but not if you are outside the lan. So if you are remote to your companies office, the client is unreachable - you want to vpn in to your company and then out to the client?
The reasoning would be that the client is filtering vpn connections by your companys source ip address - so the way to connect is from your lan. Depending on what type of vpn client you use to access the client, this is possible - but not very simple.
I recall someone doing this before using a very clever workaround. They would vpn to their office from home.
Then rdp to a server in the office. From this server - they would rdp to another server in the office. From here, they opened an MS PPTP vpn connection to a client and could work.
For a quick explanation how this worked - they had to bunny-hop to a second server as the PPTP client was setup to allow local access and tunnel everything else. The VPN they used to get in to their company office has a different ip range to the first server they RDP'd to. So if they tried to pptp to the client from there - they would be disconnected as the allow local access policy would not contain the ip range of the company VPN.
If you jump to a second server, the machine you have come from *does* reside on the same ip range so you can establish pptp and not get disconnected. Sound complicated? :-)
hth