Mac remote desktop and VPN to access Windows XP computer

I have a windows server 2003 network running a domain controller.  All computers in the LAN are xp.  I have a few outside employees that have macs that need to access their desktop pc's.  On an outside xp computer, I can connect to our VPN and then remote desktop to whatever computer I want within the lan.  On the mac, I created a VPN and connect but it won't connect to any windows computers from the mac RDC.  I have even tried to connect to one of our servers but with the same results.  I can ping the IP's and get a reply back.  If I disconnect the VPN and try the RDC to the IP that has been set up to accept outside connections and route them to our terminal server, it works fine.

Seems like it must be something simple I'm missing.
mwhitAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

StinkyPeteCommented:
You might like to consider third party remote control software such as
LogMeIn
TeamViewer
GotoMyPC
Which I believe all are cross platform.
0
mwhitAuthor Commented:
I use logmein in other instances, but this is an end user and I don't want to give them access to my account.  They need to have unassisted connection and I was hoping to not have to install additional software.
0
strungCommented:
The problem may be that the Mac clients are trying to VPN from a LAN which uses the same subnet as your server's LAN. If that is the case, this seems to confuse Mac VPN clients and they can't seem to figure out if, say, 192.168.1.5 is a local or a remote IP.

The solution is to get the Mac users to go into their router software and change their default LAN subnet, from say, 192.168.1.x to 192.168.5.x.
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

mwhitAuthor Commented:
You may be on to something Strung with the confusion over local/LAN subnets.  I was hoping that there would be a better solution than walking end users through changing the subnets on their routers.
0
strungCommented:
There is a check box on the Mac VPN client to send all traffic through the VPN, but that has never solved the problem for me.
0
strungCommented:
We seriously considered changing our server LAN subnet to get around this problem (we were using 192.168.1.x which unfortunately is the default for most LInksys routers), but decided that was too much work because we had a bunch of printers with fixed IP addresses that were referenced in a bunch of Macros.

But if changing the server LAN subnet to something unlikely to be used on a home LAN is an option, that would solve the problem.
0
mwhitAuthor Commented:
I tried that as well, and although it didn't connect, it gave me a different message when failing to connect.
0
mwhitAuthor Commented:
I have another work around that I can use.  I'm using 2x application server.  I am going to set up a remote desktop "application" and allow the users to run this app and connect to the desired PC.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
StinkyPeteCommented:
I would also suggest you look at something like a dedicated VPN unit, like a NetGear SSL-VPN unit

http://www.netgear.com/Products/VPNandSSL/SSLVPNConcentrators/SSL312.aspx
OR the replacement
http://www.netgear.com/Products/VPNandSSL/WiredVPNFirewallRouters/FVS336G.aspx


Why?
Because with a direct VPN into your corp LAN, you are joining to LANs, the home users, and your corp. This becomes a potential security risk, particularly for worms that spread on LANs like Conficker, and you get better inherent security as there is a firewall on the device, as opposed to the packets going to the PC software firewall on the end PC, which is open to OS holes.

If you use a WEB fronted SSL/VPN device there is separation between the LANs (and thus no problem with network addresses either) as the RDP client runs on the SSL/VPN device.

They have Wizard based setups, and you can customize the web interface presented to the users, and manage the user accounts either from the device, or integrate it with Active Directory.

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apple Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.