Solved

How to set up VPN in Server 2008 and Router

Posted on 2008-10-20
52
1,630 Views
Last Modified: 2012-05-05
Hey

alright i set up the passthrough in the router. I can connect to my vpn on pptp...but it doesnt give internet access or show other computers in my network i'm connecting to.  It shows the server as being 1.0.0.1

Any Ideas? Thanks in advance.....if you need more info let me know i'll be glad to give it

i apologize i put this under sbs its really Server 2008
0
Comment
Question by:hstern03
  • 28
  • 23
52 Comments
 
LVL 10

Expert Comment

by:kyleb84
ID: 22763501
- What is the subnet of your local network?
- What is the IP of your Server and the 2621?
- Can you ping your server from a VPN client?
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 22763624
In Routing and Remote access on the Server, make sure you have a DHCP Relay Agent configured for your local adapter.
0
 

Author Comment

by:hstern03
ID: 22763640
192.168.1.0 255.255.255.0
server is 192.168.1.64
router 192.168.1.20

how do i configure the DHCP relay client?
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 22763645
Open Routing and Remote Access, Under IPv4 you will see DHCP Relay Agent
0
 

Author Comment

by:hstern03
ID: 22763665
i don't see it, under IPv4 there is General which has the interfaces, Static Routes, and NAT
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 22763683
How many NICs do you have?
Have attached a screenshot of the Relay Agent
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 22763688
Didn't attach correctly. Re-attaching.
Relay.JPG
0
 

Author Comment

by:hstern03
ID: 22763706
ok i had set it up wrong. i got to the relay agent. my dhcp server is my router. i put that address in there.

i tried to connect again and it said error 735 the address requested was rejected by server
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 22763716
Yes, DHCP Relay is used when the DHCP server is not the VPN server itself.
You should just be able to add Internal to the DHCP relay and that should give you a 192.168.x.x address.
0
 

Author Comment

by:hstern03
ID: 22763758
internal is there. do i put th other nic address in there or the dhcp server?
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 22763787
You should just be able to have Internal in there.
Thats what I have configured on my server which works a treat.
0
 

Author Comment

by:hstern03
ID: 22763802
you don't dont push properties and put in an ip address?
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 22763856
No, there is no need to do this.

Basically, you add the Internal interface, to the DHCP Relay Agents list, and ensure in 'General' Section, you have Internal listed and is UP and has IP Address etc.

Once this is confirmed you should get a 192.168.x.x address over the VPN.
0
 

Author Comment

by:hstern03
ID: 22763923
done all that. internal in general doesnt have an ip address. it says "not listed"
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 22763975
The IP address for Internal should appear once a client is connectted.
What happens now when you attempt to connect a client?
0
 

Author Comment

by:hstern03
ID: 22764011
error 735 request was rejected by server. i have to be doing something wrong haha
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 22764023
Could you please check in the properties of your VPN connection and ensure you don't have a static IP assigned to the VPN interface.
0
 

Author Comment

by:hstern03
ID: 22764068
yeah i did have them on static. i turned on dhcp on the client and it still gives it 1.0.0.1 as the serve
0
 

Author Comment

by:hstern03
ID: 22764093
my external is 192.168.1.64
internal is 192.168.2.20
router 192.168.1.20

0
 
LVL 8

Expert Comment

by:MrJemson
ID: 22764100
So you have 2 NICs?
Try adding the internal adapter to the DHCP Relay Agents.
0
 

Author Comment

by:hstern03
ID: 22764126
nope still giving out 1.0..0.0 addresses

server is still 1.0.0.1
0
 

Author Comment

by:hstern03
ID: 22764141
i'm sure this is as frustrating for you as it is for me
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 22764157
Are there any 'requests received' listed under relay agents?
Can you attach a screenshot of your General section under ipv4?
0
 

Author Comment

by:hstern03
ID: 22764198
it did have request received once and it said it discarded it. it hasnt since then

i can tell you what it says i don't have anything to take a screen shot with

loopback 127.0.0.1     0 incoming bytes    0 outgoing    static filters disabled admin status UP

internal physical 192.168.2.20  incoming bytes 1.3 megs  out going 88k  static filters disabled  admin status up

Internal   ip not available    -       -     static filters disabled    admin status unknown <----is this the problem?

external 192.168.1.64   11 megs incoming  11 out going   admin status up

0
 
LVL 8

Expert Comment

by:MrJemson
ID: 22764221
The 'Internal Interface' should get an IP when a client connects for the first time.
Everything you have mentioned thus far seems correct. I will have to think about this.
0
 

Author Comment

by:hstern03
ID: 22764230
i always have these kinds of problems lol i set things up correctly or so i think and it just doesnt like working for me.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:hstern03
ID: 22771116
i figured out why it was giving out 1.0.0.1

another server of mine had rras enabled also. so now that i got that off
it says error 87. not sure what that means. if anyone has a clue let me know. thanks
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 22772627
Are you port forwarding to your 2008 box, or to the other server?
Make sure the 1723 port forward is configured to point to the 2008 box.
0
 

Author Comment

by:hstern03
ID: 22772848
yep. i do, do you want to config

0
 
LVL 8

Expert Comment

by:MrJemson
ID: 22772866
Can't hurt to post it.
0
 

Author Comment

by:hstern03
ID: 22772874
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname cisco2621
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$fzOF$Bj2drISO466xsGRteQKvr/
enable password xxxx!
no aaa new-model
ip subnet-zero
no ip source-route
ip cef
!
!
no ip dhcp conflict logging
!
ip dhcp pool client
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.20
   dns-server 192.168.1.41 4.2.2.2 4.2.2.3
!
!
username xxxx privilege 15 password 0 xxxx!
!
!
!
interface FastEthernet0/0
 description WAN
 ip address dhcp
 no ip unreachables
 ip nat outside
 no ip mroute-cache
 duplex auto
 speed auto
 no cdp enable
!
interface Serial0/0
 no ip address
 no ip mroute-cache
 shutdown
!
interface FastEthernet0/1
 description LAN
 ip address 192.168.1.20 255.255.255.0
 ip nat inside
 no ip mroute-cache
 speed auto
 full-duplex
 no cdp enable
!
ip nat service list 10 ftp tcp port 21
ip nat inside source list 10 interface FastEthernet0/0 overload
ip nat inside source static 192.168.15.200 interface FastEthernet0/0
ip nat inside source static tcp 192.168.1.41 21 interface FastEthernet0/0 21
ip nat inside source static tcp 192.168.1.41 2021 interface FastEthernet0/0 2021
ip nat inside source static tcp 192.168.1.41 80 interface FastEthernet0/0 80
ip nat inside source static tcp 192.168.1.64 47 interface FastEthernet0/0 47
ip nat inside source static tcp 192.168.15.200 3389 interface FastEthernet0/0 3399
ip http server
ip classless
!
!
access-list 10 permit 0.0.0.0
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 10 permit 192.168.15.0 0.0.0.255
access-list 10 permit 192.168.2.0 0.0.0.255
access-list 120 permit tcp any host 192.168.1.41 eq www
access-list 120 permit tcp any host 192.168.1.41 eq ftp
access-list 120 permit tcp any host 192.168.1.64 eq 1723
access-list 120 permit gre any host 192.168.1.64
access-list 120 permit tcp any host 192.168.15.200 eq 3389
!
line con 0
line aux 0
line vty 0 4
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 22772886
ACL 120 is not applied to anything?

Add this line:

ip nat inside source static tcp 192.168.1.64 1723 interface FastEthernet0/0 1723
0
 

Author Comment

by:hstern03
ID: 22772899
yeah i saw that when i was reviewing it i added it it wasn't like that yesterday i was messing with it today

it still says "registering with network error 87"
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 22772954
Try connecting to the VPN server locally if you can.
0
 

Author Comment

by:hstern03
ID: 22772967
nope same error message. i tried my domain admin   and the local admin   both got registing with network error 87-incorrect parameters"
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 22773023
Check the Event Log?
0
 

Author Comment

by:hstern03
ID: 22773066
Unable to add the interface administrator with the Router Manager for the IP protocol. The following error occurred: The parameter is incorrect
0
 

Author Comment

by:hstern03
ID: 22773082
but then above the error it says i was granted full access but i'm disconnected haha.
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 22773096
"interface administrator" has me concerned...
If you logon as someone other than administrator, do you get this same error, or is administrator substituted with the username in question...
Either way, I do not see why it would be trying to add an interface 'administrator' to the Router Manager...
0
 

Author Comment

by:hstern03
ID: 22773146
it still says it with a different user

Unable to add the interface hstern with the Router Manager for the IP protocol. The following error occurred: The parameter is incorrect.
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 22773213
Something is very very wrong with that... Is it at all possible to rebuild this server?
0
 

Author Comment

by:hstern03
ID: 22773239
yeah i can rebuild it. it probably has something to do with 2008. cuz it was connecting fine when i messed up and had 2003 rras too. it connected fine just gave out the wrong dhcp stuff
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 22773270
Yeah I think there is definitely something wrong with the install.
I am using 2008 and RRAS works fine for me.
0
 

Author Comment

by:hstern03
ID: 22773294
it was server 2008 i set it up on sbs 2003 in 2 seconds.....its that damn NPS crap they added on there
0
 

Author Comment

by:hstern03
ID: 22773305
i'll try rebuilding the server and see what happens. i dunno what is wrong with it. sbs 2003 gave out dhcp but its from my access point on 192.168.2.0 and it doesnt connect to the internet. i apologize i had no clue it was going ot be like this
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 22773391
No problem, hopefully the rebuild solves the issue.
0
 

Author Comment

by:hstern03
ID: 22776034
hey i got the vpn working. get internet connection through it too. is there a way to get it to dhcp off my router xxx.xxx.1.xxxx and not my access point xxx.xxx.2.xxx?

thanks for all your help mr jemson you've been really patient
0
 

Author Comment

by:hstern03
ID: 22779810
cool so it refreshed and now gives the correct IP addresses......i can't access domain computers and servers....is there a trick to that?
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 22781680
So I take it you have changed it to the .1.x subnet now?

When you say you cannot access domain computers and servers, do you mean you cannot ping them via IP, or they are not showing up on network neighbourhood or ... ?
0
 

Author Comment

by:hstern03
ID: 22785451
you really helped me out i appreciate it! i got it all working perfect
0
 
LVL 8

Accepted Solution

by:
MrJemson earned 250 total points
ID: 22791138
:) Glad to hear.
0
 

Author Closing Comment

by:hstern03
ID: 31508073
Thanks!
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now