Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cannot connect to one specific server through vpn

Posted on 2008-10-09
6
Medium Priority
?
165 Views
Last Modified: 2012-05-05
Let me first say I am not very familiar with networking, the network was in place when I started at my company.  We are using a cisco router with pix programming.  When I log in from home, I can hit the company shared hard drive, the backup server, and our IBM server.  In March we added another Dell server on which resides the data files for a program loaded on each laptop.  When accessing through the VPN we cannot hit the Dell server and the program on the laptop cannot run as it can't access the data files.
I can remote access to the desktop of that server.
The Dell has been set up with to FTP information from our vendors to the server for the above mentioned program.
Is there something I can look at to see why that is the only server I can't access?
Secondly, my boss want to use his laptop and home and do everything that he can do in the office, is  there a better way than VPN?
0
Comment
Question by:rdaniels08
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 6

Expert Comment

by:evan021702
ID: 22678345
What OS is running on the Dell server?  Is this different that the other servers?  Do you use DHCP to assign the addresses of the server or are they static?  If static be sure the gateway is the same as the other machines.  You will also need to check the access-lists on the cisco/pix to be sure that the ports you need are open to that server.  The access rules could be set for each individual server or IP address, so if the dell server is new it may just need to be added.
If all else fails, you could use LogMeIn or Remote Desktop and have your boss get into a PC that is still on the network instead of using the laptop remotely.
0
 

Author Comment

by:rdaniels08
ID: 22678929
The gateway is set up the same, the last person to do programming on the pix intstituted port forwarding for FTP.  The server is running 2003 where the other machines are xp and one is propriatary software from Prophet 21 that one I am not sure on.  We use a shared hard driver and do not have a true domain server.  The ip address is static.
Right now we use remote desktop to access that server when we need it from home, but it is more cumbersome.
0
 
LVL 6

Expert Comment

by:evan021702
ID: 22679049
Are you able to get to these shares when you are at the office using the internal network?  
0
Take our survey for a chance to win!

As a valued customer of Targus, we’d like to ask you a few questions about us. As thanks, you will be automatically entered for a chance to win a $500 VISA gift card. To enter, just complete the survey by September 15, 2017.

 

Author Comment

by:rdaniels08
ID: 22703094
Yes I can get to everything I need when connect to the network at the office.
0
 
LVL 6

Accepted Solution

by:
evan021702 earned 2000 total points
ID: 22711246
If you are using a different subnet for the VPN traffic then you need to be sure that either the default gateway of the server has a route to push this traffic back to the PIX or put a route on the server itself.
For example if your internal subnet is 192.168.10.0/24 with a default gateway of 192.168.10.1 , and the subnet assigned to VPN clients is 192.168.20.0/24, then you must check your routing.  If 192.168.10.1 is another device besides the PIX, then that device needs to have a route to forward the traffic back to the PIX:
ip route 192.168.20.0 255.255.255.0 192.168.10.1
If that is all correct, then there has to be something in the access-lists that is denying you access to the internal resources.  You must remember that on a PIX everything is denied by default if coming from the outside or VPN.  You must either specifically allow each protocol you want, or open it for all ports:
To open all ports your access-list would need to have something like:
access-list 100 permit ip any any
Then have that access-list tied to the VPN subnet.
0
 

Author Closing Comment

by:rdaniels08
ID: 31504617
Thank you for the input, I am contacting someone who specializes in PIX's programming to review our setup.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question