Solved

SERVER 2012 VPN ISSUE connects but can't access resources

Posted on 2013-06-19
11
1,701 Views
Last Modified: 2013-11-21
Hi. I have setup VPN on server 2012 at a remote location.  The remote modem/router has been assigned a static ip from ISP. Port forward has been done to router which has ip 10.0.0.99. I am able to connect to the vpn server using a pptp vpn client setup on win7 or win 8 but cannot rdp to the server. It says cant find the server. The local computer has been assigned a 10.0.0.3 address, but I can't even ping the server ip. The wierd part about this is that I was able to rdp yesterday but not now???  I went to the remote location and restarted the server but that hasn't worked.  

I would be most grateful for any suggestions.

Thanks.   Michael M.
0
Comment
Question by:mjmacklin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
11 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39263856
>>"Port forward has been done to router which has ip 10.0.0.99"
Is that a typo, i.e. should it be; Port forward has been done to server, or is there a modem/router unit and a separate router?

If you have both, the modem needs to be put in bridge mode effectively making it a basic modem and removing the NAT feature which gives the inner router a public IP.

Most often when you can connect a VPN but not access any resources it is due to a duplicate network ID in the path between client and server.  In other words two network segments are using the same subnet such as server site and client site, or one in between, both using 10.0.0.x  Is that a possibility?  The VPN/PPP adapter can be the same as the server, but not the client site's local network.

Also when you enable a service on a server or PC, it "usually" enables a firewall exception but only from the local network/domain.  When connecting by VPN you usually have to add "public" to the firewall exception.  Is it possible to turn of the Windows, or any 3rd part, firewall just for testing?

To verify if it is a routing issue and not a VPN misconfiguration, try connecting the VPN from the LAN using the server's LAN IP, not the public IP.

Let us know how you make out.
0
 
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 39263894
My suggestion is to first get RWA working as it provides a much more secure connection to the internal LAN from outside.  Once that works you will have complete access to every station on the network from outside and can then more easily troubleshoot what is causing your current issue.  

BTW, we discourage VPN directly to servers, or RDP from outside directly to servers because forwarding ("opening") the required ports is a security risk from several standpoints.

Having said that, check on RobWills suggestion that the home router and the LAN router both have the same IP subnet.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39263935
Hi fl_flyfishing I would agree if SBS/Essentials, but was there mention of either?   I may have missed it, it wouldn't be the first time  :-)
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 39264004
@RobWill... my bad.  SBS on the brain today.

@ mjmacklin.  Sorry, under-caffinated brain somehow added SBS to your subject.  RWA will not work unless you have some version of SBS/Server Essentials/Storage Server Essentials or Windows Home Server inside your network.
0
 

Author Comment

by:mjmacklin
ID: 39265109
Hi, Thanks very much for your reply.

1. Yes, i have forwarded port 1723 to 10.0.0.99
2. It is just the NB5 modem/router
3. As for the duplicate id,  the local ip address is 192.168.1.10 and when it connects the ppp adapter address is 10.0.0.3 which ofcourse is on the same subnet as the remote LAN.
4. I will go to the remote site tommorow, but I think the firewall exception for remote access does enable public. ( but i will check that)
5. I havent tried to VPN from the LAN yet so i will also try that.

If it is a routing issue, could it be the RRAS?  Would i perhaps need to remove that role and reinstall it?

One thing worth mentioning is that when I set this up the other day it did work and I was able to remote to the server access the shares and RDP.

I also tried access the remote site from another network also, just to make sure it wasnt anything on the local network that was a problem.

Thanks again for your assistance.  Michael M
0
 

Author Comment

by:mjmacklin
ID: 39267420
Hi, I went to the remote site today and this is what i did:

1.  At the remote site I connected from the LAN to the servers address 10.0.0.99 and was able to access the resources and RDP.
2. I disabled the firewalls
3. I also removed the remote access role and reinstalled.

Still cant access from outside keeps saying the network path is not found.

Help!!!

Thanks ... Michael
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 39269311
Since you were able to function properly from the LAN, the VPN connects when on a public network, and you only have a single routing device, the NB5, I'm sorry but it still sounds like a firewall issue on the server.

However there are some other possibilities:
-The first phase of the VPN makes the connection and the second, GRE, completes the authentication.  It is possible the router is still blocking GRE, however that usually results in a 721 or 691 error when you connect
-some routers will not support PPTP VPN's despite what the manual says.
-non firewall software such as A/V can sometimes block VPN traffic
0
 

Author Closing Comment

by:mjmacklin
ID: 39274927
Yes!  Thank You very much for your help.  I finally changed the modem/router and now it works!!  Much gratitude for your suggestions.

Michael M.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39276743
Glad to hear you were able to resolve.
Thanks Michael.
--Rob
0

Featured Post

Ready to trade in that old firewall?

Whether you need to trade-up to a shiny new Firebox or just ready to upgrade from whatever appliance you're using now, WatchGuard has the right appliance for you! Find your perfect Firebox today with appliance sizing tool!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question