VPN connects but no communication

Make sure that Windows network is selected to Private (Not Public) if the Server is NOT in Domain. Enable File and Printer Sharing within Windows Firewall.
Is this Server single NIC based or multihomed?
Are the clients getting Off Subnet IP or On Subnet (Same as Internal LAN)?
Can you take a trace on Windows 2008 Server to see if the packets are reaching in..and if they are..why are they getting lost?

Most users are connecting from XP, so they are not selecting Public or Private, but when I connect from Vista, I have been selecting Work.

The server is in a domain and it's firewall is disabled.

There is a single NIC.

Server's IP address - 192.168.100.1

Assigned to me via VPN - 192.168.100.100 (this is from a DHCP Relay to the router)

And a tracert to 192.168.100.1 comes back Request timed out

Ok...the setup looks pretty straight forward. It should work...Any third party Software on the Windows VPN Server that could cause this. Are you comfortable taking Network traces? If you can take a trace on the VPN Server, it will be very helpful cause it will tell us if the packets are even reaching the Server or not.

I have not done much tracing, and I do not have any tracing software installed.  What would you suggest?

Just for more info.... the server lies behind a Linksys router.  But as I said, the ports were opened and working on the previous server.

(I increased the points.  I don't have many, but this seems to be a bigger problem than I had anticipated.)

You can use Network Monitor 3.2

http://www.microsoft.com/downloads/details.aspx?familyid=f4db40af-1e08-4a21-a26b-ec2f4dc4190d&displaylang=en

Install the Software on the VPN Server. Start the trace by clicking on New Capture tab and then Play Button. Once it has started, try and reproduce the issue. Connect with VPN then try multiple things...Like RDP, Ping and Access share using a \\. Once the error has appeared, stop the trace. Save it. Compress it using Winzip etc and attach it here. You might have to rename the file to doc. or bmp etc.

Here is the .cap file (yes, I had to rename it to .txt).  I tried to ping the ip address and browse to the name.  Both failed.
VPNPingAndBrowseTestsToServer.zip

Ok...Now, some of the information that I require.
What all IPs did you try and Ping?
What share did you try and access?
Did you try \\Share Access or some other method?

This is required so that I can filter the trace accordingly. Do you remember the IP that was assigned to the Client?

What all IPs did you try and Ping?
   I just tried 192.168.100.1
What share did you try and access?
   \\main  and  \\192.168.100.1  (same server)
Did you try \\Share Access or some other method?
   just trying to pull up the share list on \\main
Do you remember the IP that was assigned to the Client?
   I believe it was 192.168.100.114, but I can't swear to it :s

Are you aware you need to put in 2 port forward rules on the linksys port 47 and 1723 to your VPN authentication point.

OH from a tracing perspecive, wire shark (ethereal) is very easy to use.

markzz - Yes, I am aware.  This was running fine on an old server, and I merely went in and changed the IP address for the forward.  You made me second guess myself though :)  I just went back and double checked, and yes, 1723 and 47 are forwarded to 192.168.100.1

Interesting.  That worked.  I added 4 rules - all tcp inbound, all tcp outbound, all udp inbound, all udp outbound - and enabled them for all profiles.  Then I turned on the Domain profile (it looked like the default), and it appears to be working now.

Why would turning off the firewall, not actually turn off the firewall?? :s  I originally turned it off due to a problem with Peachtree.  I planned on figuring out the ports and reenabling it anyway.  I guess I just need to get that worked out.

Great  !!

On Windows 2008 Server when you disable the Firewall, it enters a blockmode. this is another security feature in which if a hacker is able to disable the Firewall somehow then the System is not exposed...rather it becomes more secure...till the time some Admin fixes the Firewall issue. This feature has been taken out of ISA2004. ISA2000 was a complete mess cause of lack of this feature. Now, since it is working..You can disable these rules if you want. Make sure File and Print Sharing is enabled...cause it also contains ICMP within the rule. Also, create rules for the traffic which you require like RDP etc.

Amit Bhatnagar.

Thank you very much for all of your help.  I may not have to work tomorrow now! :D

Ur welcome !! :D