Solved

VPN works for one wifi adapter but not another one

Posted on 2010-08-31
32
1,207 Views
Last Modified: 2012-05-10
I am in an area where I subscribe to a local community wifi service. I have a Dell laptop computer with an internal Dell Wireless 1390 WLAN Mini-Card.  I am on the fringe of the service area and the signal strength and quality are not very good. I can successfully establish a VPN connection to my remote work office network using Cisco VPN client.  Once the connection is established, I can ping any of the computers at the remote office network.

I purchased a Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter because I am on the fringe area of my community wifi service and I get a much stronger and better quality signal using this adapter.  I can successfully establish a VPN connection to my remote work office network using Cisco VPN client.  However, once the connection is established, I CANNOT ping any of the computers at the remote office network.

So the VPN connection works correctly when using my laptop computer's internal wifi adapter, but not with the RealTek USB wifi adapter. By the way, I have tried establishing VPN connections sponging off another unsecured wifi access point and the same thing happens.  The VPN connection works for my Dell internal wifi adapter, but not the Realtek USB wifi adapter.

I am running Windows XP and McAfee Personal Firewall.

Your task is to provide a solution that will cause the VPN connection via the RealTek USB wifi adapter to work correctly (so I can ping the computers at my remote office network).
0
Comment
Question by:glentek
  • 17
  • 9
  • 6
32 Comments
 
LVL 9

Expert Comment

by:vanbarsoun
Comment Utility
If your PINGing by IP address and having mixed results, then I'd check both firewall programs (XP and McAfee) to make sure they're allowing PING in both directions for your VPN LAN. If your PINGing to computer NAMES, I'd also look at both your internal and external properties regarding DNS configuration; also try pinging from the Realtek to the FQDN of the computer name, not just the name itself.
0
 
LVL 4

Expert Comment

by:JimmyITCS
Comment Utility
When you add another network device you are effectivly creating another network connection.  I agree with vanbarsoun, you need to check your firewall settings for that specific device/connection.  Firewall programs are generally pretty stupid and tend to lock things down when a user response was missed or the configuration wasn't rerun after the new hardware install.

Try this, disable all your firewalls and try to connect.  If it works, then there is your answer.  If it doesn't, well, there are a few more things that could be going on.

Do any other services work over the VPN other than an ICMP ping?  Such as RDP. Telnet, FTP, etc.?
0
 

Author Comment

by:glentek
Comment Utility
vanbarsoun and JimmyITCS,

II think I  need to provide more clarity about what is going on.  Here is the sequence that demonstrates the problem.:

1. Enable internal wifi adapter.
2. Connect to community wifi network.
3. Use Cisco VPN Client to establish VPN connection to work office network.
4. All IP addresses and computer names on work office network are reachable (by any network application).
5. Disable internal wifi adapter.
6. Enable external USB wifi adapter.
7. Connect to community wifi network.
8. Use Cisco VPN Client to establish VPN connection to work office network.
9. NO IP addresses and computer names (fully qualified or otherwise) on work office network are reachable (by any network application)

It is #9 above that I want fixed.  The only thing that has changed is that I am using the internal wifi adapter verses a new one.  Not at the same time.  One at a time.  In both cases the VPN connection is created via the same connection (Cisco Systems VPN adapter).

I disabled the McAfee firewall  and the problem still exists.
0
 
LVL 9

Expert Comment

by:vanbarsoun
Comment Utility
Have you tried disabling the XP built-in firewall, if it's turned on?
0
 

Author Comment

by:glentek
Comment Utility
vanbarsoun.

XP firewall is not enabled.
0
 
LVL 9

Expert Comment

by:vanbarsoun
Comment Utility
Does the Realtek get assigned the same internal IP by the VPN as your internal wireless card? If not, I wonder if there's some sort of IP address filtering going on at the remote end.
0
 

Author Comment

by:glentek
Comment Utility
vanbarsoun.

That is a difficult thing to determine.  Even with 2 successive connections using the same internal card, the VPN IP address can change.  I am not the only one connecting via VPN, and IP addresses can be assigned to others when I disconnect.
0
 
LVL 9

Expert Comment

by:vanbarsoun
Comment Utility
After you connect to the VPN just do an ipconfig /all on the command line to see if you're getting the same or different IP address. Normally, if you're getting the IP address via DHCP, it won't change that quickly. I suppose the next step would be to contact your system/network admin for live troubleshooting.
0
 

Author Comment

by:glentek
Comment Utility
vanbarsoun.

I have already done what you suggest. Again. Even with 2 successive connections using the same internal card, the VPN IP address can (and does) change.  I am not the only one connecting via VPN, and IP addresses can be assigned to others when I disconnect.
0
 
LVL 9

Expert Comment

by:vanbarsoun
Comment Utility
So you are 100% sure that your internal wireless card's MAC address is not being given a reserved IP address, and thus allowed special rules to access the VPN resources? Can you please post the results of your ipconfig /all from both adapters? We can't help if you won't give us answers we're specifically asking for.
0
 

Author Comment

by:glentek
Comment Utility
vanbarsoun.

I am providing answers to what you are "specifically" asking.  This is  your first request  to post the results of ipconfig/all.  

As I have told you, my internal wireless card's MAC address is being given different IP addresses, depending on when I establish the VPN  connection.

I will provide an example shortly, per your  most recent "specific" request.
0
 

Author Comment

by:glentek
Comment Utility
Here is an example.  My client has thousands of employees, so during the day, the IP address that is assigned typically changes depending on when the VPN connection is established.  In this example the assigned  IP address did not change, probably because there are  not many people connecting and disconnecting.

Note that the IP address assigned by my local community wifi service is different between the Dell internal card and the Realtek card.  Apparently that IP address is assigned based on MAC address.

Note that I have globally changed the first 2 octets of IP addresses that are associated with my client's network.  It does not change the information that you are interested in.  Thanks.



vpn-example.txt
0
 
LVL 9

Expert Comment

by:vanbarsoun
Comment Utility
In your first paragraph above, which "assigned IP address" are you referring to exactly?

It seems that paragraph conflicts with your second paragraph where you mention your internal NIC is assigned an IP address based on MAC, which would mean it would ALWAYS get the same IP address, which I'm assuming would be 10.12.0.23, because that is the only DHCP I'm seeing. Your Cisco VPN adapter is statically configured, so that would obviously never change. Your setup is little odd to me.

If you can detail the actual IP addresses in your "IP address" instances above I think that will clear up the obscurity.

0
 

Author Comment

by:glentek
Comment Utility
Ethernet adapter Dell 1390 Wireless Connection:
        Physical Address. . . . . . . . . : 00-19-7E-F4-8A-4D
         IP Address. . . . . . . . . . . . : 10.12.0.23

Ethernet adapter Realtek RTL8187 Wireless Connection:
        Physical Address. . . . . . . . . : 00-C0-CA-96-89-3F
        IP Address. . . . . . . . . . . . : 10.12.0.18
0
 
LVL 4

Expert Comment

by:JimmyITCS
Comment Utility
glentek,
Let's take a different approach.  Do you have access to a server or PC within the network in which you can install a port scanner?  Here is what I am thinking, connect to the VPN with the card that is working and do a port scan on yourself, but from the inside.  You may need help from another person that has inside access.  Do a quick scan.  I use angry ip scanner or Zenmap.  See what is open and then disconnect so you can log in with the problem device.  Do the same thing with the failing card and compare results.

Another thing to chat about is MAC Address cloning.  See if you can clone the MAC of your working device, you should be able to when you dig into the driver properties.  See if that works.

And it is also time to start chatting about just a plain bad device, but to determine that, we need to know how well this failing device operates.  Can you surf the internet normally with it?  Can you do everything you normally would with your other device, but with the bad one?

You can also look at the biz side VPN logs, firewall logs and server logs to see if the ping requests are reaching the respective boxes.

Disable IPv6 on the failing adapter. This could cause an issue.

Check to see if your Dell card is bridged with any other connections, or check the realtek.  One may be and the other isn't.  Also check for ICS.

Try that Realtek adapter on another PC if possible.

BTW - Your IP Config data seems light, basically useless.  I think vanbarsoun's point was to see the full-out and compare for anomolies.
0
 

Author Comment

by:glentek
Comment Utility
JimmyITCS,

Thank you for all the ideas. I will have to ask you for further clarification on some.

I will see if I can do a port scan on the biz side.  Problem is that I have to  VPN in to do it, and I can only do that with the Dell internal card.

How would I clone the Dell internal MAC so that is used for the Realtek card?

The Realtek device performs perfectly other than this VPN issue.

I will see if I can look at the biz side VPN logs.

How do I disable IPv6 on the Realtek adapter?

How do I check to see if my Dell card is bridged with another connections?

How do I check  for ICS?

I will try the Realtek adapter on another computer.

A few messages ago I attached a file containing output of ipconfig/all.  Is this what you are calling "light"?  Please explain how I can get more details for you.

Thanks.


I can respond to some of your comments right now.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:glentek
Comment Utility
Please ignore the line "I can respond to some of your comments right now" in my previous post.  My editing error....
0
 
LVL 4

Expert Comment

by:JimmyITCS
Comment Utility
To check for IPv6:
When Realtek is connected, open up your network devices and righ click on the realtek and select properties.  In that screen you should see the protocols used.  If there is an IPv6 in there, uncheck it.

Click on the advanced tab to check for ICS (internet connection sharing).  Should be unchecked.

This will also be the same spot to check on MAC cloning, but you need to click on the configure button next to your device in the first tab.  If you can configure MAC cloning, this is where it will be.  You will just need to scroll through the settings.

To check bridging, just open up the network connections and it will tell you if and which adapters are bridged.  You probably would have seen it by now with your troubleshooting if they were bridged.
0
 

Author Comment

by:glentek
Comment Utility
JimmyITCS,

Thanks for the specific instructions.

IPv6 - no
ICS - unchecked
MAC cloning - not available
Bridging - no

0
 

Author Comment

by:glentek
Comment Utility
I see that I can configure the "Locally Administered MAC Address" in the Dell internal adapter.  Should I set this to the MAC address of the Realtek adapter and see if VPN problems occur?
0
 
LVL 4

Expert Comment

by:JimmyITCS
Comment Utility
Sure, worth a shot at this point.  Can't really break anything.
0
 

Author Comment

by:glentek
Comment Utility
I changed the "Locally Administered MAC Address" in the Dell internal adapter to the MAC address of the Realtek adapter and then enabled the Dell internal adapter and connected to the wifi AP.  The MAC address (Physical address) was still set to the original Dell internal adapter value when I did a ipconfig/all.

Maybe "Locally Administered MAC Address" is here just for looks?  Or is there something else I must do to clone the Realtek MAC address?
0
 

Author Comment

by:glentek
Comment Utility
JimmyITCS,

I intalled the Realtek on a computer that has Windows 2000 installed on it, and that's about all.  No firewall software.  I installed Cicso VPN Client and established a VPN connetion to my client's network.  Lo and behold, I could access the computers on that network.

Any ideas what might be interfering with VPN connections using the Realtek on my Dell Laptop?
0
 
LVL 4

Expert Comment

by:JimmyITCS
Comment Utility
OK, so the good news is you have a good device.  My recommendation would be uninstall that device completely, including in the device manager and reinstalling the driver software.

My guess is that McAfee hasn't properly classified the network your Realtek stick creates and has it locked down because of it.  Reinstalling the device should initiate another McAfee check.
0
 

Author Comment

by:glentek
Comment Utility
JimmyITCS,

Tried uninstalling and reinstalling Realtek driver software.  The VPN problem persists.  I can establish a VPN connection, but can't access any computers on the remote network.  I can use the Realtek device for www browsing, email, etc. No problems with that (McAfee or otherwise).  It's just the VPN issue, which is an important one for me because I use this notebook computer for work when I'm travelling.

So I am still open to other deas.
0
 
LVL 4

Expert Comment

by:JimmyITCS
Comment Utility
OK, another troubleshooting step.

Can you ping yourself with the Realtek?  Both your LAN and your VPN IP.  Don't just ping localhost, although you can do that too.
0
 
LVL 4

Accepted Solution

by:
JimmyITCS earned 500 total points
Comment Utility
Here's some more to add;

Tracert to your VPN gateway w/ realtek;
Check your gateway on the VPN tunnel to be sure it is there;
Uninstall/Reinstall your VPN software with the Realtek attacked;
0
 
LVL 4

Expert Comment

by:JimmyITCS
Comment Utility
'attacked' --> attached... oops :-p
0
 

Author Comment

by:glentek
Comment Utility
JimmyITCS,

Regarding "OK, another troubleshooting step"

I can ping myself (My LAN, VPN IP, and localhost).  I can't ping the VPN default gateway (times out).

Will tracert as you suggest and report back.  And uninstall/reinstall VPN software iwith Realtek connected as you suggest.
0
 

Author Comment

by:glentek
Comment Utility
JimmyITCS,

Tracert to VPN default gateway times out.
0
 

Author Closing Comment

by:glentek
Comment Utility
We have a winner. JimmyITCS is the man.  Other contributors should take note of JimmyITCS.  Thanks for the detailed step by step analysis.  Reinstalling the Cisco VPN Client software while the Realtek adapter was attached (not attacked) fixed the problem.  Thanks!!!
0
 
LVL 4

Expert Comment

by:JimmyITCS
Comment Utility
Excellent!  Glad we got you up and running.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now