Solved

SERVER 2012 VPN ISSUE connects but can't access resources

Posted on 2013-06-19
11
1,346 Views
Last Modified: 2013-11-21
Hi. I have setup VPN on server 2012 at a remote location.  The remote modem/router has been assigned a static ip from ISP. Port forward has been done to router which has ip 10.0.0.99. I am able to connect to the vpn server using a pptp vpn client setup on win7 or win 8 but cannot rdp to the server. It says cant find the server. The local computer has been assigned a 10.0.0.3 address, but I can't even ping the server ip. The wierd part about this is that I was able to rdp yesterday but not now???  I went to the remote location and restarted the server but that hasn't worked.  

I would be most grateful for any suggestions.

Thanks.   Michael M.
0
Comment
Question by:mjmacklin
  • 4
  • 3
  • 2
11 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39263856
>>"Port forward has been done to router which has ip 10.0.0.99"
Is that a typo, i.e. should it be; Port forward has been done to server, or is there a modem/router unit and a separate router?

If you have both, the modem needs to be put in bridge mode effectively making it a basic modem and removing the NAT feature which gives the inner router a public IP.

Most often when you can connect a VPN but not access any resources it is due to a duplicate network ID in the path between client and server.  In other words two network segments are using the same subnet such as server site and client site, or one in between, both using 10.0.0.x  Is that a possibility?  The VPN/PPP adapter can be the same as the server, but not the client site's local network.

Also when you enable a service on a server or PC, it "usually" enables a firewall exception but only from the local network/domain.  When connecting by VPN you usually have to add "public" to the firewall exception.  Is it possible to turn of the Windows, or any 3rd part, firewall just for testing?

To verify if it is a routing issue and not a VPN misconfiguration, try connecting the VPN from the LAN using the server's LAN IP, not the public IP.

Let us know how you make out.
0
 
LVL 21

Expert Comment

by:Larry Struckmeyer MVP
ID: 39263894
My suggestion is to first get RWA working as it provides a much more secure connection to the internal LAN from outside.  Once that works you will have complete access to every station on the network from outside and can then more easily troubleshoot what is causing your current issue.  

BTW, we discourage VPN directly to servers, or RDP from outside directly to servers because forwarding ("opening") the required ports is a security risk from several standpoints.

Having said that, check on RobWills suggestion that the home router and the LAN router both have the same IP subnet.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39263935
Hi fl_flyfishing I would agree if SBS/Essentials, but was there mention of either?   I may have missed it, it wouldn't be the first time  :-)
0
 
LVL 21

Expert Comment

by:Larry Struckmeyer MVP
ID: 39264004
@RobWill... my bad.  SBS on the brain today.

@ mjmacklin.  Sorry, under-caffinated brain somehow added SBS to your subject.  RWA will not work unless you have some version of SBS/Server Essentials/Storage Server Essentials or Windows Home Server inside your network.
0
Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

 

Author Comment

by:mjmacklin
ID: 39265109
Hi, Thanks very much for your reply.

1. Yes, i have forwarded port 1723 to 10.0.0.99
2. It is just the NB5 modem/router
3. As for the duplicate id,  the local ip address is 192.168.1.10 and when it connects the ppp adapter address is 10.0.0.3 which ofcourse is on the same subnet as the remote LAN.
4. I will go to the remote site tommorow, but I think the firewall exception for remote access does enable public. ( but i will check that)
5. I havent tried to VPN from the LAN yet so i will also try that.

If it is a routing issue, could it be the RRAS?  Would i perhaps need to remove that role and reinstall it?

One thing worth mentioning is that when I set this up the other day it did work and I was able to remote to the server access the shares and RDP.

I also tried access the remote site from another network also, just to make sure it wasnt anything on the local network that was a problem.

Thanks again for your assistance.  Michael M
0
 

Author Comment

by:mjmacklin
ID: 39267420
Hi, I went to the remote site today and this is what i did:

1.  At the remote site I connected from the LAN to the servers address 10.0.0.99 and was able to access the resources and RDP.
2. I disabled the firewalls
3. I also removed the remote access role and reinstalled.

Still cant access from outside keeps saying the network path is not found.

Help!!!

Thanks ... Michael
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 39269311
Since you were able to function properly from the LAN, the VPN connects when on a public network, and you only have a single routing device, the NB5, I'm sorry but it still sounds like a firewall issue on the server.

However there are some other possibilities:
-The first phase of the VPN makes the connection and the second, GRE, completes the authentication.  It is possible the router is still blocking GRE, however that usually results in a 721 or 691 error when you connect
-some routers will not support PPTP VPN's despite what the manual says.
-non firewall software such as A/V can sometimes block VPN traffic
0
 

Author Closing Comment

by:mjmacklin
ID: 39274927
Yes!  Thank You very much for your help.  I finally changed the modem/router and now it works!!  Much gratitude for your suggestions.

Michael M.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39276743
Glad to hear you were able to resolve.
Thanks Michael.
--Rob
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Let’s list some of the technologies that enable smooth teleworking. 
Know what services you can and cannot, should and should not combine on your server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now