XP VPN says it connects but SBS2003 does not show it connected

I recently have been asked to work on restoring a network for a small business here in Houston.  the issue that I have left that is puzzling me is VPN.  They have 4 computers that connect remotely to a SBS 2003.  They do this by using a verizon card in the field and then connecting though VPN. 2 computers connect fine, One i need to replace, and the 4th does not connect at all.  This is a dell inspiron running windows xp.  The vpn on the machine says it is connected, but the SBS server doesn't show it under remote clients.  the connection was working fine until about a month ago.  The VPN connection is vpn.companyname.com using windows authentication.  The office network first runs through a cisco pix 501 and then to the server.  The XP machine is getting a correct ip address on the VPN connection.  Locally the computer connects to the network just fine.  I do have wins set on the VPN connection pointing directly to the server.  However the server can't be found though the VPN connection.  Does anyone have any ideas?
iFrogAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SysExpertCommented:
1) I would reinstall the TCPIP stack

XP TCPIP fixes reset NIC and TCPIP reset  Fix TCPIP reset
From johnb6767

What I like to do on any network problem....Is to reset it ALL....

netsh int ip reset reset.log
netsh firewall reset
netsh winsock reset

Then remove ALL NIC's from the device manager..
In the Device Manager, select View>Show Hidden Devices

(If the Show Hidden devices is not presetn, do the following command from a command prompt..)

start>run>cmd
set devmgr_show_nonpresent_devices=1

More information on that command here....
Device Manager does not display devices that are not connected to the Windows XP-based computer
http://support.microsoft.com/kb/315539
http://support.microsoft.com/kb/317518/en-us


Go back to Network Adapters, and make sure your adapters are all gone, including any older ones. (there will be several ' miniport' devices that are not able to be uninstalled....)
Once they are all gone, reboot and let Windows reinstall them...

Thats a total rebuild of your network connections, to hopefully correct any problems with Basic connectivity.

also check ipconfig /all from a working and nonworking machine, both before and after a VPN connection.


I hope this helps !
0
iFrogAuthor Commented:
I rebuilt all the connections and still no success.  Even my home PC is doing the same thing on their network.  It connects fine and gives me an ipaddress that fits the network, but i can not ping the server or anything else on the network.  The odd thing to me is that it does authenticate.  I can put in a bogus log in and it denies it.  So it must be connecting to the server for a second or two.  Any suggestions.

Jason
0
iFrogAuthor Commented:
I am not sure if this help but here is my firewalls information:

fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list from-outside-coming-in permit tcp any interface outside eq https
access-list from-outside-coming-in permit tcp any interface outside eq www
access-list from-outside-coming-in permit tcp any interface outside eq pop3
access-list from-outside-coming-in permit tcp any interface outside eq imap4
access-list from-outside-coming-in permit tcp any interface outside eq smtp
access-list from-outside-coming-in permit icmp any interface outside
access-list inside_outbound_nat0_acl permit ip any 192.168.17.192 255.255.255.224
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 209.253.192.101 255.255.255.248
ip address inside 192.168.17.1 255.255.255.0
ip verify reverse-path interface outside
ip verify reverse-path interface inside
ip audit info action alarm
ip audit attack action alarm
ip local pool TerraAssociates_VPN_Pool 192.168.17.201-192.168.17.240
pdm location 192.168.17.0 255.255.255.0 inside
pdm location 192.168.17.10 255.255.255.255 inside
pdm location 192.168.17.192 255.255.255.224 outside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface smtp 192.168.17.10 smtp netmask 255.255.255.255 0 0
static (inside,outside) tcp interface imap4 192.168.17.10 imap4 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface pop3 192.168.17.10 pop3 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface https 192.168.17.10 https netmask 255.255.255.255 0 0
static (inside,outside) tcp interface www 192.168.17.10 www netmask 255.255.255.255 0 0
access-group from-outside-coming-in in interface outside
route outside 0.0.0.0 0.0.0.0 209.253.192.97 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server RADIUS (inside) host 192.168.17.10 #!TerraAssociates#! timeout 5
aaa-server LOCAL protocol local
ntp server 192.168.17.10 source inside prefer
http server enable
http 192.168.17.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
sysopt connection permit-pptp
sysopt connection permit-l2tp
telnet 192.168.17.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.17.0 255.255.255.0 inside
ssh timeout 5
management-access inside
console timeout 0
vpdn group TerraAssociates_VPN_Pool accept dialin pptp
vpdn group TerraAssociates_VPN_Pool ppp authentication pap
vpdn group TerraAssociates_VPN_Pool ppp authentication chap
vpdn group TerraAssociates_VPN_Pool ppp authentication mschap
vpdn group TerraAssociates_VPN_Pool ppp encryption mppe auto required
vpdn group TerraAssociates_VPN_Pool client configuration address local TerraAsso
ciates_VPN_Pool
vpdn group TerraAssociates_VPN_Pool client configuration dns 192.168.17.10
vpdn group TerraAssociates_VPN_Pool client configuration wins 192.168.17.10
vpdn group TerraAssociates_VPN_Pool client authentication aaa RADIUS
vpdn group TerraAssociates_VPN_Pool pptp echo 60
vpdn enable outside
vpdn enable inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
terminal width 80
Cryptochecksum:2620cff8958e526182bff33f8678aea4
: end
0
IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

iFrogAuthor Commented:
my IAS log is showing that the users log in and log out at the exact same time.  Therefore the duration is o seconds.  How can I be logging and logging out immedantly?
0
iFrogAuthor Commented:
Update:

I have tested all the laptops that vpn to the server.  None of them actually connect.  All have the same issue.  They log into the VPN fine, but can't ping the server.  The real reason I need this setup is so that the laptops and access the exchange server.  I can connect to remote workplace; however, the server connection download still doesn't work.  

I have done the wizard on the remote access setup, hoping that would help but to no avail.  IAS is running and is accepting clients but is saying that they immedantly disconnect.  Does this mean anything?  Anyone have any suggestions?
0
SysExpertCommented:
I would check the MTU settings. COmpare with other machines and the router settings.

0
iFrogAuthor Commented:
It actually had to do the NAT not being configured on the router.  Now that NAT is configured everything is operating correctly.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.