XP VPN says it connects but SBS2003 does not show it connected
I recently have been asked to work on restoring a network for a small business here in Houston. the issue that I have left that is puzzling me is VPN. They have 4 computers that connect remotely to a SBS 2003. They do this by using a verizon card in the field and then connecting though VPN. 2 computers connect fine, One i need to replace, and the 4th does not connect at all. This is a dell inspiron running windows xp. The vpn on the machine says it is connected, but the SBS server doesn't show it under remote clients. the connection was working fine until about a month ago. The VPN connection is vpn.companyname.com using windows authentication. The office network first runs through a cisco pix 501 and then to the server. The XP machine is getting a correct ip address on the VPN connection. Locally the computer connects to the network just fine. I do have wins set on the VPN connection pointing directly to the server. However the server can't be found though the VPN connection. Does anyone have any ideas?
ASKER
I rebuilt all the connections and still no success. Even my home PC is doing the same thing on their network. It connects fine and gives me an ipaddress that fits the network, but i can not ping the server or anything else on the network. The odd thing to me is that it does authenticate. I can put in a bogus log in and it denies it. So it must be connecting to the server for a second or two. Any suggestions.
Jason
Jason
ASKER
I am not sure if this help but here is my firewalls information:
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list from-outside-coming-in permit tcp any interface outside eq https
access-list from-outside-coming-in permit tcp any interface outside eq www
access-list from-outside-coming-in permit tcp any interface outside eq pop3
access-list from-outside-coming-in permit tcp any interface outside eq imap4
access-list from-outside-coming-in permit tcp any interface outside eq smtp
access-list from-outside-coming-in permit icmp any interface outside
access-list inside_outbound_nat0_acl permit ip any 192.168.17.192 255.255.255.224
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 209.253.192.101 255.255.255.248
ip address inside 192.168.17.1 255.255.255.0
ip verify reverse-path interface outside
ip verify reverse-path interface inside
ip audit info action alarm
ip audit attack action alarm
ip local pool TerraAssociates_VPN_Pool 192.168.17.201-192.168.17.
pdm location 192.168.17.0 255.255.255.0 inside
pdm location 192.168.17.10 255.255.255.255 inside
pdm location 192.168.17.192 255.255.255.224 outside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface smtp 192.168.17.10 smtp netmask 255.255.255.255 0 0
static (inside,outside) tcp interface imap4 192.168.17.10 imap4 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface pop3 192.168.17.10 pop3 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface https 192.168.17.10 https netmask 255.255.255.255 0 0
static (inside,outside) tcp interface www 192.168.17.10 www netmask 255.255.255.255 0 0
access-group from-outside-coming-in in interface outside
route outside 0.0.0.0 0.0.0.0 209.253.192.97 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server RADIUS (inside) host 192.168.17.10 #!TerraAssociates#! timeout 5
aaa-server LOCAL protocol local
ntp server 192.168.17.10 source inside prefer
http server enable
http 192.168.17.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
sysopt connection permit-pptp
sysopt connection permit-l2tp
telnet 192.168.17.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.17.0 255.255.255.0 inside
ssh timeout 5
management-access inside
console timeout 0
vpdn group TerraAssociates_VPN_Pool accept dialin pptp
vpdn group TerraAssociates_VPN_Pool ppp authentication pap
vpdn group TerraAssociates_VPN_Pool ppp authentication chap
vpdn group TerraAssociates_VPN_Pool ppp authentication mschap
vpdn group TerraAssociates_VPN_Pool ppp encryption mppe auto required
vpdn group TerraAssociates_VPN_Pool client configuration address local TerraAsso
ciates_VPN_Pool
vpdn group TerraAssociates_VPN_Pool client configuration dns 192.168.17.10
vpdn group TerraAssociates_VPN_Pool client configuration wins 192.168.17.10
vpdn group TerraAssociates_VPN_Pool client authentication aaa RADIUS
vpdn group TerraAssociates_VPN_Pool pptp echo 60
vpdn enable outside
vpdn enable inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
terminal width 80
Cryptochecksum:2620cff8958
: end
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list from-outside-coming-in permit tcp any interface outside eq https
access-list from-outside-coming-in permit tcp any interface outside eq www
access-list from-outside-coming-in permit tcp any interface outside eq pop3
access-list from-outside-coming-in permit tcp any interface outside eq imap4
access-list from-outside-coming-in permit tcp any interface outside eq smtp
access-list from-outside-coming-in permit icmp any interface outside
access-list inside_outbound_nat0_acl permit ip any 192.168.17.192 255.255.255.224
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 209.253.192.101 255.255.255.248
ip address inside 192.168.17.1 255.255.255.0
ip verify reverse-path interface outside
ip verify reverse-path interface inside
ip audit info action alarm
ip audit attack action alarm
ip local pool TerraAssociates_VPN_Pool 192.168.17.201-192.168.17.
pdm location 192.168.17.0 255.255.255.0 inside
pdm location 192.168.17.10 255.255.255.255 inside
pdm location 192.168.17.192 255.255.255.224 outside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface smtp 192.168.17.10 smtp netmask 255.255.255.255 0 0
static (inside,outside) tcp interface imap4 192.168.17.10 imap4 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface pop3 192.168.17.10 pop3 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface https 192.168.17.10 https netmask 255.255.255.255 0 0
static (inside,outside) tcp interface www 192.168.17.10 www netmask 255.255.255.255 0 0
access-group from-outside-coming-in in interface outside
route outside 0.0.0.0 0.0.0.0 209.253.192.97 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server RADIUS (inside) host 192.168.17.10 #!TerraAssociates#! timeout 5
aaa-server LOCAL protocol local
ntp server 192.168.17.10 source inside prefer
http server enable
http 192.168.17.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
sysopt connection permit-pptp
sysopt connection permit-l2tp
telnet 192.168.17.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.17.0 255.255.255.0 inside
ssh timeout 5
management-access inside
console timeout 0
vpdn group TerraAssociates_VPN_Pool accept dialin pptp
vpdn group TerraAssociates_VPN_Pool ppp authentication pap
vpdn group TerraAssociates_VPN_Pool ppp authentication chap
vpdn group TerraAssociates_VPN_Pool ppp authentication mschap
vpdn group TerraAssociates_VPN_Pool ppp encryption mppe auto required
vpdn group TerraAssociates_VPN_Pool client configuration address local TerraAsso
ciates_VPN_Pool
vpdn group TerraAssociates_VPN_Pool client configuration dns 192.168.17.10
vpdn group TerraAssociates_VPN_Pool client configuration wins 192.168.17.10
vpdn group TerraAssociates_VPN_Pool client authentication aaa RADIUS
vpdn group TerraAssociates_VPN_Pool pptp echo 60
vpdn enable outside
vpdn enable inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
terminal width 80
Cryptochecksum:2620cff8958
: end
ASKER
my IAS log is showing that the users log in and log out at the exact same time. Therefore the duration is o seconds. How can I be logging and logging out immedantly?
ASKER
Update:
I have tested all the laptops that vpn to the server. None of them actually connect. All have the same issue. They log into the VPN fine, but can't ping the server. The real reason I need this setup is so that the laptops and access the exchange server. I can connect to remote workplace; however, the server connection download still doesn't work.
I have done the wizard on the remote access setup, hoping that would help but to no avail. IAS is running and is accepting clients but is saying that they immedantly disconnect. Does this mean anything? Anyone have any suggestions?
I have tested all the laptops that vpn to the server. None of them actually connect. All have the same issue. They log into the VPN fine, but can't ping the server. The real reason I need this setup is so that the laptops and access the exchange server. I can connect to remote workplace; however, the server connection download still doesn't work.
I have done the wizard on the remote access setup, hoping that would help but to no avail. IAS is running and is accepting clients but is saying that they immedantly disconnect. Does this mean anything? Anyone have any suggestions?
I would check the MTU settings. COmpare with other machines and the router settings.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
XP TCPIP fixes reset NIC and TCPIP reset Fix TCPIP reset
From johnb6767
What I like to do on any network problem....Is to reset it ALL....
netsh int ip reset reset.log
netsh firewall reset
netsh winsock reset
Then remove ALL NIC's from the device manager..
In the Device Manager, select View>Show Hidden Devices
(If the Show Hidden devices is not presetn, do the following command from a command prompt..)
start>run>cmd
set devmgr_show_nonpresent_dev
More information on that command here....
Device Manager does not display devices that are not connected to the Windows XP-based computer
http://support.microsoft.com/kb/315539
http://support.microsoft.com/kb/317518/en-us
Go back to Network Adapters, and make sure your adapters are all gone, including any older ones. (there will be several ' miniport' devices that are not able to be uninstalled....)
Once they are all gone, reboot and let Windows reinstall them...
Thats a total rebuild of your network connections, to hopefully correct any problems with Basic connectivity.
also check ipconfig /all from a working and nonworking machine, both before and after a VPN connection.
I hope this helps !