Solved

Connectivity issues to my domain from an external network

Posted on 2010-09-16
13
481 Views
Last Modified: 2012-05-10
I am often (as in now) on the road and cannot connect to any server at my company.  I can connect to other domains in every other way (www, ftp, etc.).  Yet, I can't connect to my company's VPN, website, extranet, etc.

The hotel where I'm staying isn't blocking anything, and others in my company are able to connect to our VPN without issue, so it's something on my computer.  I'm sure it's something to do with my firewall settings, but I don't know which ones to look at.

Obi Wan Kenobi, you're my only hope.

Thanks.
0
Comment
Question by:dtburdick
  • 7
  • 4
  • 2
13 Comments
 
LVL 9

Expert Comment

by:Barry Gill
ID: 33690889
Are you using the hotel's LAN settings? Perhaps the IP address range their DHCP allocates conflicts with your office's...

this *usually* only affects VPN connections once you are connected to the VPN so maybe a red herring, but certainly something to look into.
Also, can you traceroute to your companies website or other external service and see where your packets are being sent. Perhaps there is a bad/dead route being advertised to your local provider so return traffic is not getting to you or your traffic is routing in circles and not getting to the right place.
0
 
LVL 9

Expert Comment

by:Tomas Valenta
ID: 33690894
what operation system have in your laptop ? Do you use special software for firewall function ? What VPN software are you using ?
0
 

Author Comment

by:dtburdick
ID: 33691031
I'm using Windows firewall and the hotel said they have never had problems with anyone else with this problem.  I really think it's my firewall since others from my company are connecting to the VPN fine.
0
 
LVL 9

Expert Comment

by:Barry Gill
ID: 33691054
from the same hotel?
can you do a tracert to your VPN termination address?
I would be more inclined to say it is a routing issue more than anything else. Your firewall should be the same as the others in your company.
0
 
LVL 9

Expert Comment

by:Tomas Valenta
ID: 33691573
others from your company are in the same hotel ?
What SW are you using for VPN ? Windows VPN client or other ? Did you receive error message from this client ?
0
 

Author Comment

by:dtburdick
ID: 33691692
I think we're onto something, only I don't know what I'm looking at:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\dburdick>tracert dcv.esncc.com

Tracing route to dcv.esncc.com [173.166.153.53]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  172.20.83.1
  2    <1 ms    <1 ms    <1 ms  12.97.184.1
  3     1 ms     1 ms     1 ms  12.88.175.41
  4     4 ms     2 ms     2 ms  cr1.santx.ip.att.net [12.123.154.10]
  5     6 ms     3 ms     3 ms  cr2.dlstx.ip.att.net [12.122.30.130]
  6     4 ms     7 ms    14 ms  12.122.195.241
  7     3 ms     3 ms     3 ms  te-0-10-0-0-pe01.1950stemmons.tx.ibone.comcast.net [75.149.230.161]
  8     8 ms     4 ms     4 ms  pos-1-5-0-0-cr01.dallas.tx.ibone.comcast.net [68.86.86.89]
  9     6 ms     7 ms     9 ms  pos-0-10-0-0-cr01.atlanta.ga.ibone.comcast.net [68.86.86.130]
 10    13 ms     9 ms    13 ms  pos-1-2-0-0-cr01.ashburn.va.ibone.comcast.net [68.86.87.65]
 11    11 ms    13 ms    13 ms  pos-0-15-0-0-ar03.capitolhghts.md.bad.comcast.net [68.86.90.38]
 12    13 ms    19 ms    14 ms  po-80-ur01.alexandria.va.bad.comcast.net [68.85.130.94]
 13    13 ms    49 ms    50 ms  po-100-ur02.alexandria.va.bad.comcast.net [68.85.130.98]
 14    11 ms    17 ms    10 ms  po-80-ur01.arlington.va.bad.comcast.net [68.85.130.102]
 15    13 ms    16 ms    14 ms  68.85.139.18
 16    13 ms    17 ms    13 ms  73.124.16.162
 17     *        *        *     Request timed out.
 18     *        *        *     Request timed out.
 19     *        *        *     Request timed out.
 20     *        *        *     Request timed out.
 21     *        *        *     Request timed out.
 22     *        *        *     Request timed out.
 23     *        *        *     Request timed out.
 24     *        *        *     Request timed out.
 25     *        *        *     Request timed out.
 26     *        *        *     Request timed out.
 27     *        *        *     Request timed out.
 28     *        *        *     Request timed out.
 29     *        *        *     Request timed out.
 30     *        *        *     Request timed out.

Trace complete.

C:\Documents and Settings\dburdick>ipconfig

Windows IP Configuration


Ethernet adapter Wireless Network Connection:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 172.20.42.230
        Subnet Mask . . . . . . . . . . . : 255.255.248.0
        Default Gateway . . . . . . . . . : 172.20.40.1

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 172.20.83.5
        Subnet Mask . . . . . . . . . . . : 255.255.255.248
        Default Gateway . . . . . . . . . : 172.20.83.1

C:\Documents and Settings\dburdick>
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:dtburdick
ID: 33691731
As for what VPN software I'm using, I assume it's just the one built into Windows since it's a wizard launched from the Network Connections window.

And yes, the other employees at my company are using the same software and hitting the same servers from the same hotel.
0
 
LVL 9

Accepted Solution

by:
Tomas Valenta earned 250 total points
ID: 33691755
If we don't know that ping replay is allowed on destination also tracert will not helped us.
You have two connections - LAN (cable) and WiFi. Why you use it together ? Your ping is using LAN connection. PLease disconnect wifi and try again. Also run vpn client
and if the connection is succesfull run again ipconfig /all command and show us please.
0
 

Author Comment

by:dtburdick
ID: 33691888
I am now connected to a different VPN server at my company at another location,  but we still want to try to resolve this because others in our company have occasional VPN issues on the road too.

Our IT director said things are theoretically set the same between the two servers.  The odd thing is that I'm the only one at this location having a problem.  I'm running XP and they are running 2007.

I forgot we have Ping disabled, so the Timeouts are actually denials.
0
 

Author Comment

by:dtburdick
ID: 33691902
This is getting good.  I turned off wi-fi on my computer and its working fine now connecting to our corporate VPN.  Any idea why that would be an issue?
0
 

Author Comment

by:dtburdick
ID: 33691920
And it doesn't work when I'm just going wireless, which is more and more the only option at hotels.
0
 
LVL 9

Expert Comment

by:Tomas Valenta
ID: 33692304
because in case if you have two connection together then you have also two default gateways and
then very important is routing table and how TCP/IP on computer is working with this settings.
Windows can deside one gateway as dead and then start using second. I had the same problem 2 years ago.
0
 

Author Closing Comment

by:dtburdick
ID: 33693527
Thank you!

The problem ultimately was due to the fact that we had two people connecting to our VPN wirelessly at the same time.  According to our VPN server, both of us were trying to connect from the same IP address at the hotel.

A more technical answer was provided by our IT director as follows:

The problem usually stems from a router or firewall that is not configured to support multiple client machines, behind a NAT, from accessing a single PPTP server/IP.  

It CAN be the reverse as well.  Where the incoming firewall/router is not configured to support multiple PPTP connections FROM a single IP.  We are configured to do this.

We see this all the time from users when they travel, and in locations that have the wired AND wireless networks, it almost always seems to be the wireless, whereas the wired connections work fine!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now