SERVER 2012 VPN ISSUE connects but can't access resources

Hi. I have setup VPN on server 2012 at a remote location.  The remote modem/router has been assigned a static ip from ISP. Port forward has been done to router which has ip I am able to connect to the vpn server using a pptp vpn client setup on win7 or win 8 but cannot rdp to the server. It says cant find the server. The local computer has been assigned a address, but I can't even ping the server ip. The wierd part about this is that I was able to rdp yesterday but not now???  I went to the remote location and restarted the server but that hasn't worked.  

I would be most grateful for any suggestions.

Thanks.   Michael M.
Who is Participating?

Improve company productivity with a Business Account.Sign Up

Rob WilliamsConnect With a Mentor Commented:
Since you were able to function properly from the LAN, the VPN connects when on a public network, and you only have a single routing device, the NB5, I'm sorry but it still sounds like a firewall issue on the server.

However there are some other possibilities:
-The first phase of the VPN makes the connection and the second, GRE, completes the authentication.  It is possible the router is still blocking GRE, however that usually results in a 721 or 691 error when you connect
-some routers will not support PPTP VPN's despite what the manual says.
-non firewall software such as A/V can sometimes block VPN traffic
Rob WilliamsCommented:
>>"Port forward has been done to router which has ip"
Is that a typo, i.e. should it be; Port forward has been done to server, or is there a modem/router unit and a separate router?

If you have both, the modem needs to be put in bridge mode effectively making it a basic modem and removing the NAT feature which gives the inner router a public IP.

Most often when you can connect a VPN but not access any resources it is due to a duplicate network ID in the path between client and server.  In other words two network segments are using the same subnet such as server site and client site, or one in between, both using 10.0.0.x  Is that a possibility?  The VPN/PPP adapter can be the same as the server, but not the client site's local network.

Also when you enable a service on a server or PC, it "usually" enables a firewall exception but only from the local network/domain.  When connecting by VPN you usually have to add "public" to the firewall exception.  Is it possible to turn of the Windows, or any 3rd part, firewall just for testing?

To verify if it is a routing issue and not a VPN misconfiguration, try connecting the VPN from the LAN using the server's LAN IP, not the public IP.

Let us know how you make out.
Larry Struckmeyer MVPCommented:
My suggestion is to first get RWA working as it provides a much more secure connection to the internal LAN from outside.  Once that works you will have complete access to every station on the network from outside and can then more easily troubleshoot what is causing your current issue.  

BTW, we discourage VPN directly to servers, or RDP from outside directly to servers because forwarding ("opening") the required ports is a security risk from several standpoints.

Having said that, check on RobWills suggestion that the home router and the LAN router both have the same IP subnet.
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Rob WilliamsCommented:
Hi fl_flyfishing I would agree if SBS/Essentials, but was there mention of either?   I may have missed it, it wouldn't be the first time  :-)
Larry Struckmeyer MVPCommented:
@RobWill... my bad.  SBS on the brain today.

@ mjmacklin.  Sorry, under-caffinated brain somehow added SBS to your subject.  RWA will not work unless you have some version of SBS/Server Essentials/Storage Server Essentials or Windows Home Server inside your network.
mjmacklinAuthor Commented:
Hi, Thanks very much for your reply.

1. Yes, i have forwarded port 1723 to
2. It is just the NB5 modem/router
3. As for the duplicate id,  the local ip address is and when it connects the ppp adapter address is which ofcourse is on the same subnet as the remote LAN.
4. I will go to the remote site tommorow, but I think the firewall exception for remote access does enable public. ( but i will check that)
5. I havent tried to VPN from the LAN yet so i will also try that.

If it is a routing issue, could it be the RRAS?  Would i perhaps need to remove that role and reinstall it?

One thing worth mentioning is that when I set this up the other day it did work and I was able to remote to the server access the shares and RDP.

I also tried access the remote site from another network also, just to make sure it wasnt anything on the local network that was a problem.

Thanks again for your assistance.  Michael M
mjmacklinAuthor Commented:
Hi, I went to the remote site today and this is what i did:

1.  At the remote site I connected from the LAN to the servers address and was able to access the resources and RDP.
2. I disabled the firewalls
3. I also removed the remote access role and reinstalled.

Still cant access from outside keeps saying the network path is not found.


Thanks ... Michael
mjmacklinAuthor Commented:
Yes!  Thank You very much for your help.  I finally changed the modem/router and now it works!!  Much gratitude for your suggestions.

Michael M.
Rob WilliamsCommented:
Glad to hear you were able to resolve.
Thanks Michael.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.