Solved

VPN works for one wifi adapter but not another one

Posted on 2010-08-31
32
1,290 Views
Last Modified: 2012-05-10
I am in an area where I subscribe to a local community wifi service. I have a Dell laptop computer with an internal Dell Wireless 1390 WLAN Mini-Card.  I am on the fringe of the service area and the signal strength and quality are not very good. I can successfully establish a VPN connection to my remote work office network using Cisco VPN client.  Once the connection is established, I can ping any of the computers at the remote office network.

I purchased a Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter because I am on the fringe area of my community wifi service and I get a much stronger and better quality signal using this adapter.  I can successfully establish a VPN connection to my remote work office network using Cisco VPN client.  However, once the connection is established, I CANNOT ping any of the computers at the remote office network.

So the VPN connection works correctly when using my laptop computer's internal wifi adapter, but not with the RealTek USB wifi adapter. By the way, I have tried establishing VPN connections sponging off another unsecured wifi access point and the same thing happens.  The VPN connection works for my Dell internal wifi adapter, but not the Realtek USB wifi adapter.

I am running Windows XP and McAfee Personal Firewall.

Your task is to provide a solution that will cause the VPN connection via the RealTek USB wifi adapter to work correctly (so I can ping the computers at my remote office network).
0
Comment
Question by:glentek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 17
  • 9
  • 6
32 Comments
 
LVL 9

Expert Comment

by:vanbarsoun
ID: 33571451
If your PINGing by IP address and having mixed results, then I'd check both firewall programs (XP and McAfee) to make sure they're allowing PING in both directions for your VPN LAN. If your PINGing to computer NAMES, I'd also look at both your internal and external properties regarding DNS configuration; also try pinging from the Realtek to the FQDN of the computer name, not just the name itself.
0
 
LVL 4

Expert Comment

by:Jimmy Andrews
ID: 33571502
When you add another network device you are effectivly creating another network connection.  I agree with vanbarsoun, you need to check your firewall settings for that specific device/connection.  Firewall programs are generally pretty stupid and tend to lock things down when a user response was missed or the configuration wasn't rerun after the new hardware install.

Try this, disable all your firewalls and try to connect.  If it works, then there is your answer.  If it doesn't, well, there are a few more things that could be going on.

Do any other services work over the VPN other than an ICMP ping?  Such as RDP. Telnet, FTP, etc.?
0
 

Author Comment

by:glentek
ID: 33572222
vanbarsoun and JimmyITCS,

II think I  need to provide more clarity about what is going on.  Here is the sequence that demonstrates the problem.:

1. Enable internal wifi adapter.
2. Connect to community wifi network.
3. Use Cisco VPN Client to establish VPN connection to work office network.
4. All IP addresses and computer names on work office network are reachable (by any network application).
5. Disable internal wifi adapter.
6. Enable external USB wifi adapter.
7. Connect to community wifi network.
8. Use Cisco VPN Client to establish VPN connection to work office network.
9. NO IP addresses and computer names (fully qualified or otherwise) on work office network are reachable (by any network application)

It is #9 above that I want fixed.  The only thing that has changed is that I am using the internal wifi adapter verses a new one.  Not at the same time.  One at a time.  In both cases the VPN connection is created via the same connection (Cisco Systems VPN adapter).

I disabled the McAfee firewall  and the problem still exists.
0
Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

 
LVL 9

Expert Comment

by:vanbarsoun
ID: 33572263
Have you tried disabling the XP built-in firewall, if it's turned on?
0
 

Author Comment

by:glentek
ID: 33572573
vanbarsoun.

XP firewall is not enabled.
0
 
LVL 9

Expert Comment

by:vanbarsoun
ID: 33572615
Does the Realtek get assigned the same internal IP by the VPN as your internal wireless card? If not, I wonder if there's some sort of IP address filtering going on at the remote end.
0
 

Author Comment

by:glentek
ID: 33572893
vanbarsoun.

That is a difficult thing to determine.  Even with 2 successive connections using the same internal card, the VPN IP address can change.  I am not the only one connecting via VPN, and IP addresses can be assigned to others when I disconnect.
0
 
LVL 9

Expert Comment

by:vanbarsoun
ID: 33573113
After you connect to the VPN just do an ipconfig /all on the command line to see if you're getting the same or different IP address. Normally, if you're getting the IP address via DHCP, it won't change that quickly. I suppose the next step would be to contact your system/network admin for live troubleshooting.
0
 

Author Comment

by:glentek
ID: 33573190
vanbarsoun.

I have already done what you suggest. Again. Even with 2 successive connections using the same internal card, the VPN IP address can (and does) change.  I am not the only one connecting via VPN, and IP addresses can be assigned to others when I disconnect.
0
 
LVL 9

Expert Comment

by:vanbarsoun
ID: 33573278
So you are 100% sure that your internal wireless card's MAC address is not being given a reserved IP address, and thus allowed special rules to access the VPN resources? Can you please post the results of your ipconfig /all from both adapters? We can't help if you won't give us answers we're specifically asking for.
0
 

Author Comment

by:glentek
ID: 33573435
vanbarsoun.

I am providing answers to what you are "specifically" asking.  This is  your first request  to post the results of ipconfig/all.  

As I have told you, my internal wireless card's MAC address is being given different IP addresses, depending on when I establish the VPN  connection.

I will provide an example shortly, per your  most recent "specific" request.
0
 

Author Comment

by:glentek
ID: 33573685
Here is an example.  My client has thousands of employees, so during the day, the IP address that is assigned typically changes depending on when the VPN connection is established.  In this example the assigned  IP address did not change, probably because there are  not many people connecting and disconnecting.

Note that the IP address assigned by my local community wifi service is different between the Dell internal card and the Realtek card.  Apparently that IP address is assigned based on MAC address.

Note that I have globally changed the first 2 octets of IP addresses that are associated with my client's network.  It does not change the information that you are interested in.  Thanks.



vpn-example.txt
0
 
LVL 9

Expert Comment

by:vanbarsoun
ID: 33574012
In your first paragraph above, which "assigned IP address" are you referring to exactly?

It seems that paragraph conflicts with your second paragraph where you mention your internal NIC is assigned an IP address based on MAC, which would mean it would ALWAYS get the same IP address, which I'm assuming would be 10.12.0.23, because that is the only DHCP I'm seeing. Your Cisco VPN adapter is statically configured, so that would obviously never change. Your setup is little odd to me.

If you can detail the actual IP addresses in your "IP address" instances above I think that will clear up the obscurity.

0
 

Author Comment

by:glentek
ID: 33574044
Ethernet adapter Dell 1390 Wireless Connection:
        Physical Address. . . . . . . . . : 00-19-7E-F4-8A-4D
         IP Address. . . . . . . . . . . . : 10.12.0.23

Ethernet adapter Realtek RTL8187 Wireless Connection:
        Physical Address. . . . . . . . . : 00-C0-CA-96-89-3F
        IP Address. . . . . . . . . . . . : 10.12.0.18
0
 
LVL 4

Expert Comment

by:Jimmy Andrews
ID: 33576990
glentek,
Let's take a different approach.  Do you have access to a server or PC within the network in which you can install a port scanner?  Here is what I am thinking, connect to the VPN with the card that is working and do a port scan on yourself, but from the inside.  You may need help from another person that has inside access.  Do a quick scan.  I use angry ip scanner or Zenmap.  See what is open and then disconnect so you can log in with the problem device.  Do the same thing with the failing card and compare results.

Another thing to chat about is MAC Address cloning.  See if you can clone the MAC of your working device, you should be able to when you dig into the driver properties.  See if that works.

And it is also time to start chatting about just a plain bad device, but to determine that, we need to know how well this failing device operates.  Can you surf the internet normally with it?  Can you do everything you normally would with your other device, but with the bad one?

You can also look at the biz side VPN logs, firewall logs and server logs to see if the ping requests are reaching the respective boxes.

Disable IPv6 on the failing adapter. This could cause an issue.

Check to see if your Dell card is bridged with any other connections, or check the realtek.  One may be and the other isn't.  Also check for ICS.

Try that Realtek adapter on another PC if possible.

BTW - Your IP Config data seems light, basically useless.  I think vanbarsoun's point was to see the full-out and compare for anomolies.
0
 

Author Comment

by:glentek
ID: 33578638
JimmyITCS,

Thank you for all the ideas. I will have to ask you for further clarification on some.

I will see if I can do a port scan on the biz side.  Problem is that I have to  VPN in to do it, and I can only do that with the Dell internal card.

How would I clone the Dell internal MAC so that is used for the Realtek card?

The Realtek device performs perfectly other than this VPN issue.

I will see if I can look at the biz side VPN logs.

How do I disable IPv6 on the Realtek adapter?

How do I check to see if my Dell card is bridged with another connections?

How do I check  for ICS?

I will try the Realtek adapter on another computer.

A few messages ago I attached a file containing output of ipconfig/all.  Is this what you are calling "light"?  Please explain how I can get more details for you.

Thanks.


I can respond to some of your comments right now.
0
 

Author Comment

by:glentek
ID: 33578674
Please ignore the line "I can respond to some of your comments right now" in my previous post.  My editing error....
0
 
LVL 4

Expert Comment

by:Jimmy Andrews
ID: 33578832
To check for IPv6:
When Realtek is connected, open up your network devices and righ click on the realtek and select properties.  In that screen you should see the protocols used.  If there is an IPv6 in there, uncheck it.

Click on the advanced tab to check for ICS (internet connection sharing).  Should be unchecked.

This will also be the same spot to check on MAC cloning, but you need to click on the configure button next to your device in the first tab.  If you can configure MAC cloning, this is where it will be.  You will just need to scroll through the settings.

To check bridging, just open up the network connections and it will tell you if and which adapters are bridged.  You probably would have seen it by now with your troubleshooting if they were bridged.
0
 

Author Comment

by:glentek
ID: 33579829
JimmyITCS,

Thanks for the specific instructions.

IPv6 - no
ICS - unchecked
MAC cloning - not available
Bridging - no

0
 

Author Comment

by:glentek
ID: 33579911
I see that I can configure the "Locally Administered MAC Address" in the Dell internal adapter.  Should I set this to the MAC address of the Realtek adapter and see if VPN problems occur?
0
 
LVL 4

Expert Comment

by:Jimmy Andrews
ID: 33580587
Sure, worth a shot at this point.  Can't really break anything.
0
 

Author Comment

by:glentek
ID: 33581466
I changed the "Locally Administered MAC Address" in the Dell internal adapter to the MAC address of the Realtek adapter and then enabled the Dell internal adapter and connected to the wifi AP.  The MAC address (Physical address) was still set to the original Dell internal adapter value when I did a ipconfig/all.

Maybe "Locally Administered MAC Address" is here just for looks?  Or is there something else I must do to clone the Realtek MAC address?
0
 

Author Comment

by:glentek
ID: 33593012
JimmyITCS,

I intalled the Realtek on a computer that has Windows 2000 installed on it, and that's about all.  No firewall software.  I installed Cicso VPN Client and established a VPN connetion to my client's network.  Lo and behold, I could access the computers on that network.

Any ideas what might be interfering with VPN connections using the Realtek on my Dell Laptop?
0
 
LVL 4

Expert Comment

by:Jimmy Andrews
ID: 33597144
OK, so the good news is you have a good device.  My recommendation would be uninstall that device completely, including in the device manager and reinstalling the driver software.

My guess is that McAfee hasn't properly classified the network your Realtek stick creates and has it locked down because of it.  Reinstalling the device should initiate another McAfee check.
0
 

Author Comment

by:glentek
ID: 33597779
JimmyITCS,

Tried uninstalling and reinstalling Realtek driver software.  The VPN problem persists.  I can establish a VPN connection, but can't access any computers on the remote network.  I can use the Realtek device for www browsing, email, etc. No problems with that (McAfee or otherwise).  It's just the VPN issue, which is an important one for me because I use this notebook computer for work when I'm travelling.

So I am still open to other deas.
0
 
LVL 4

Expert Comment

by:Jimmy Andrews
ID: 33597925
OK, another troubleshooting step.

Can you ping yourself with the Realtek?  Both your LAN and your VPN IP.  Don't just ping localhost, although you can do that too.
0
 
LVL 4

Accepted Solution

by:
Jimmy Andrews earned 500 total points
ID: 33597971
Here's some more to add;

Tracert to your VPN gateway w/ realtek;
Check your gateway on the VPN tunnel to be sure it is there;
Uninstall/Reinstall your VPN software with the Realtek attacked;
0
 
LVL 4

Expert Comment

by:Jimmy Andrews
ID: 33597978
'attacked' --> attached... oops :-p
0
 

Author Comment

by:glentek
ID: 33598033
JimmyITCS,

Regarding "OK, another troubleshooting step"

I can ping myself (My LAN, VPN IP, and localhost).  I can't ping the VPN default gateway (times out).

Will tracert as you suggest and report back.  And uninstall/reinstall VPN software iwith Realtek connected as you suggest.
0
 

Author Comment

by:glentek
ID: 33598073
JimmyITCS,

Tracert to VPN default gateway times out.
0
 

Author Closing Comment

by:glentek
ID: 33598981
We have a winner. JimmyITCS is the man.  Other contributors should take note of JimmyITCS.  Thanks for the detailed step by step analysis.  Reinstalling the Cisco VPN Client software while the Realtek adapter was attached (not attacked) fixed the problem.  Thanks!!!
0
 
LVL 4

Expert Comment

by:Jimmy Andrews
ID: 33599070
Excellent!  Glad we got you up and running.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Need WiFi? Often, there are perfectly good networks that don't have WiFi capability - and there's a need to add it.  - Perhaps you have an Ethernet port into a network but no WiFi nearby. - Perhaps you have a powerline extender and no WiFi at the…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question