[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

SERVER 2012 VPN ISSUE connects but can't access resources

Posted on 2013-06-19
11
Medium Priority
?
2,072 Views
Last Modified: 2013-11-21
Hi. I have setup VPN on server 2012 at a remote location.  The remote modem/router has been assigned a static ip from ISP. Port forward has been done to router which has ip 10.0.0.99. I am able to connect to the vpn server using a pptp vpn client setup on win7 or win 8 but cannot rdp to the server. It says cant find the server. The local computer has been assigned a 10.0.0.3 address, but I can't even ping the server ip. The wierd part about this is that I was able to rdp yesterday but not now???  I went to the remote location and restarted the server but that hasn't worked.  

I would be most grateful for any suggestions.

Thanks.   Michael M.
0
Comment
Question by:mjmacklin
  • 4
  • 3
  • 2
9 Comments
 
LVL 78

Expert Comment

by:Rob Williams
ID: 39263856
>>"Port forward has been done to router which has ip 10.0.0.99"
Is that a typo, i.e. should it be; Port forward has been done to server, or is there a modem/router unit and a separate router?

If you have both, the modem needs to be put in bridge mode effectively making it a basic modem and removing the NAT feature which gives the inner router a public IP.

Most often when you can connect a VPN but not access any resources it is due to a duplicate network ID in the path between client and server.  In other words two network segments are using the same subnet such as server site and client site, or one in between, both using 10.0.0.x  Is that a possibility?  The VPN/PPP adapter can be the same as the server, but not the client site's local network.

Also when you enable a service on a server or PC, it "usually" enables a firewall exception but only from the local network/domain.  When connecting by VPN you usually have to add "public" to the firewall exception.  Is it possible to turn of the Windows, or any 3rd part, firewall just for testing?

To verify if it is a routing issue and not a VPN misconfiguration, try connecting the VPN from the LAN using the server's LAN IP, not the public IP.

Let us know how you make out.
0
 
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 39263894
My suggestion is to first get RWA working as it provides a much more secure connection to the internal LAN from outside.  Once that works you will have complete access to every station on the network from outside and can then more easily troubleshoot what is causing your current issue.  

BTW, we discourage VPN directly to servers, or RDP from outside directly to servers because forwarding ("opening") the required ports is a security risk from several standpoints.

Having said that, check on RobWills suggestion that the home router and the LAN router both have the same IP subnet.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 39263935
Hi fl_flyfishing I would agree if SBS/Essentials, but was there mention of either?   I may have missed it, it wouldn't be the first time  :-)
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 39264004
@RobWill... my bad.  SBS on the brain today.

@ mjmacklin.  Sorry, under-caffinated brain somehow added SBS to your subject.  RWA will not work unless you have some version of SBS/Server Essentials/Storage Server Essentials or Windows Home Server inside your network.
0
 

Author Comment

by:mjmacklin
ID: 39265109
Hi, Thanks very much for your reply.

1. Yes, i have forwarded port 1723 to 10.0.0.99
2. It is just the NB5 modem/router
3. As for the duplicate id,  the local ip address is 192.168.1.10 and when it connects the ppp adapter address is 10.0.0.3 which ofcourse is on the same subnet as the remote LAN.
4. I will go to the remote site tommorow, but I think the firewall exception for remote access does enable public. ( but i will check that)
5. I havent tried to VPN from the LAN yet so i will also try that.

If it is a routing issue, could it be the RRAS?  Would i perhaps need to remove that role and reinstall it?

One thing worth mentioning is that when I set this up the other day it did work and I was able to remote to the server access the shares and RDP.

I also tried access the remote site from another network also, just to make sure it wasnt anything on the local network that was a problem.

Thanks again for your assistance.  Michael M
0
 

Author Comment

by:mjmacklin
ID: 39267420
Hi, I went to the remote site today and this is what i did:

1.  At the remote site I connected from the LAN to the servers address 10.0.0.99 and was able to access the resources and RDP.
2. I disabled the firewalls
3. I also removed the remote access role and reinstalled.

Still cant access from outside keeps saying the network path is not found.

Help!!!

Thanks ... Michael
0
 
LVL 78

Accepted Solution

by:
Rob Williams earned 2000 total points
ID: 39269311
Since you were able to function properly from the LAN, the VPN connects when on a public network, and you only have a single routing device, the NB5, I'm sorry but it still sounds like a firewall issue on the server.

However there are some other possibilities:
-The first phase of the VPN makes the connection and the second, GRE, completes the authentication.  It is possible the router is still blocking GRE, however that usually results in a 721 or 691 error when you connect
-some routers will not support PPTP VPN's despite what the manual says.
-non firewall software such as A/V can sometimes block VPN traffic
0
 

Author Closing Comment

by:mjmacklin
ID: 39274927
Yes!  Thank You very much for your help.  I finally changed the modem/router and now it works!!  Much gratitude for your suggestions.

Michael M.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 39276743
Glad to hear you were able to resolve.
Thanks Michael.
--Rob
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
Measuring Server's processing rate with a simple powershell command. The differences in processing rate also was recorded in different use-cases, when a server in free and busy states.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

590 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question