Solved

Windows Server 2003 VPN Config - After Office Move

Posted on 2009-04-01
9
225 Views
Last Modified: 2012-05-06
Hi,

We have recently moved offices and all our systems are back up and running now with the exception of the VPN. I use it daily to check on the systems form home and my directors use it to access Outlook and our CRM system on their laptops.

Previously, we had a static IP to connect to on the VPN connection and the usual properties in AD (enable dial-in user), etc.

We have since moved offices and have 2 broadband links up and running.Both with static IPs assigned to them.

Our e-mail and websites are running well, and I just need to change the static IP in the VPN setup from the old IP to the new IP.

I've looked in the NIC settings / Routing & Remote Access and on our Symantec Security Gateway 360 and cannot find where the old static IP was stored.

Any comments are greatly appreciated.

Thanks in advance!
0
Comment
Question by:robsamuel2k8
  • 4
  • 3
  • 2
9 Comments
 
LVL 76

Expert Comment

by:arnold
ID: 24042336
Are you looking on the remote systems?
What type of VPN do you have/use PPTP, L2TP+ipsec?
0
 

Author Comment

by:robsamuel2k8
ID: 24042592
I've looked on the domain controller which the RemoteAccess service is running on. We're using PPTP.
0
 
LVL 76

Expert Comment

by:arnold
ID: 24042697
The networking PPTP connection is where you need to change the IP to which you are connecting.  I do not believe you need to make any changes on the PPTP server since it likely has a private IP and you have your external firewall configured to allow port 1723 to pass through to the PPTP server.
0
 

Author Comment

by:robsamuel2k8
ID: 24047382
Hi,

The IP address is private internally and I can see where you're coming from - basically, there has to be an external IP address which I'd enter into my laptop and dial into the VPN from an external network.

The problem is that on the 2wire router that BT provides, I assign the static IP to it, and it's pingable internally and works on the internet fine but I cannot ping the static IP externally.

As I understand, should the following happen:

Assign a static IP to the BT router                                             DONE
Configure the Symantec Gateway with the IP details               DONE
Test Internet works on network PC's                                        DONE
Ping static IP internally                                                               DONE

Problem areas
-----------------

Ping static IP externally                                                                          CANNOT DO
Once static IP is pingable, configure VPN connection with static IP     CANNOT DO UNTIL PINGABLE
Test VPN connection from home or 3G dongle                                     CANNOT DO UNTIL PINGABLE

What's the best way to make that static IP pingable externally? I'll ring BT's techie guys and see what they say.

Thanks in advance!









0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 76

Accepted Solution

by:
arnold earned 300 total points
ID: 24048824
Check whether your BT router is configured to respond to external ping requests.
The ability to ping is not important for the VPN.
Try telnet static_ip 1723
Skip the ping test and try to establish the VPN by updating the VPN client to use the new external static IP.

Just to be sure the external static IP is provided to you by BT.  You either have a single External IP or you are provided with multiple IP and you have a choice which to use.

0
 
LVL 8

Assisted Solution

by:MrMintanet
MrMintanet earned 200 total points
ID: 24055200
Are you certain that your router supports VPN?
Is the router configured for stealth mode?
0
 

Author Comment

by:robsamuel2k8
ID: 24057388
Hi, the router has 'stealth mode' disabled. However, after speaking to BT who supply the router - they have had several complaints of VPN/GRE Protocol not working and say i's down to firmware. They are sending a new router with the old firmware on it for Monday, so I will set it up then.

To be honest, I am looking to purchase 2x ADSL routers which are a bit better than the one's we've been sent.

Any suggestions as to a decent router (baring in mind it will be connected to the Symantec Security Gateway 360)? I've looked into Drayteks so far.

0
 
LVL 8

Assisted Solution

by:MrMintanet
MrMintanet earned 200 total points
ID: 24058934
Sonicwall TZ170 sounds right for your application.
0
 

Author Comment

by:robsamuel2k8
ID: 24066711
Thanks for all the comments, I'll wait for the replacement router from BT, run with that for a few months then purchase a couple of decent routers for the network.

0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Remote Desktop Shadowing often has a lot of benefits. When helping end users determine problems, it is much easier to see what is going on, what is being slecected and what is being clicked on. While the industry has many products to help with this,…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now