Solved

Cannot connect to one specific server through vpn

Posted on 2008-10-09
6
155 Views
Last Modified: 2012-05-05
Let me first say I am not very familiar with networking, the network was in place when I started at my company.  We are using a cisco router with pix programming.  When I log in from home, I can hit the company shared hard drive, the backup server, and our IBM server.  In March we added another Dell server on which resides the data files for a program loaded on each laptop.  When accessing through the VPN we cannot hit the Dell server and the program on the laptop cannot run as it can't access the data files.
I can remote access to the desktop of that server.
The Dell has been set up with to FTP information from our vendors to the server for the above mentioned program.
Is there something I can look at to see why that is the only server I can't access?
Secondly, my boss want to use his laptop and home and do everything that he can do in the office, is  there a better way than VPN?
0
Comment
Question by:rdaniels08
  • 3
  • 3
6 Comments
 
LVL 6

Expert Comment

by:evan021702
Comment Utility
What OS is running on the Dell server?  Is this different that the other servers?  Do you use DHCP to assign the addresses of the server or are they static?  If static be sure the gateway is the same as the other machines.  You will also need to check the access-lists on the cisco/pix to be sure that the ports you need are open to that server.  The access rules could be set for each individual server or IP address, so if the dell server is new it may just need to be added.
If all else fails, you could use LogMeIn or Remote Desktop and have your boss get into a PC that is still on the network instead of using the laptop remotely.
0
 

Author Comment

by:rdaniels08
Comment Utility
The gateway is set up the same, the last person to do programming on the pix intstituted port forwarding for FTP.  The server is running 2003 where the other machines are xp and one is propriatary software from Prophet 21 that one I am not sure on.  We use a shared hard driver and do not have a true domain server.  The ip address is static.
Right now we use remote desktop to access that server when we need it from home, but it is more cumbersome.
0
 
LVL 6

Expert Comment

by:evan021702
Comment Utility
Are you able to get to these shares when you are at the office using the internal network?  
0
NetScaler Deployment Guides and Resources

Citrix NetScaler is certified to support many of the most commonly deployed enterprise applications. Deployment guides provide in-depth recommendations on configuring NetScaler to meet specific application requirements.

 

Author Comment

by:rdaniels08
Comment Utility
Yes I can get to everything I need when connect to the network at the office.
0
 
LVL 6

Accepted Solution

by:
evan021702 earned 500 total points
Comment Utility
If you are using a different subnet for the VPN traffic then you need to be sure that either the default gateway of the server has a route to push this traffic back to the PIX or put a route on the server itself.
For example if your internal subnet is 192.168.10.0/24 with a default gateway of 192.168.10.1 , and the subnet assigned to VPN clients is 192.168.20.0/24, then you must check your routing.  If 192.168.10.1 is another device besides the PIX, then that device needs to have a route to forward the traffic back to the PIX:
ip route 192.168.20.0 255.255.255.0 192.168.10.1
If that is all correct, then there has to be something in the access-lists that is denying you access to the internal resources.  You must remember that on a PIX everything is denied by default if coming from the outside or VPN.  You must either specifically allow each protocol you want, or open it for all ports:
To open all ports your access-list would need to have something like:
access-list 100 permit ip any any
Then have that access-list tied to the VPN subnet.
0
 

Author Closing Comment

by:rdaniels08
Comment Utility
Thank you for the input, I am contacting someone who specializes in PIX's programming to review our setup.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now