Re: VPN - One Client Can't Connect: SECOND REQUEST
From: Dave Nickason [SBS MVP] (gwdibble_at_NOSPAM.frontiernet.net)
Date: 03/09/04
- Next message: Andy Nestor: "Re: ISA in SBS2k Painfully Slow"
- Previous message: Andy Nestor: "Re: ISA in SBS2k Painfully Slow"
- In reply to: Michael Rudnick: "VPN - One Client Can't Connect: SECOND REQUEST"
- Next in thread: Merv Porter [SBS-MVP]: "Re: VPN - One Client Can't Connect: SECOND REQUEST"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 9 Mar 2004 11:11:22 -0500
VPN issues are frustrating, having spent the past three days troubleshooting
an issue of my own.
Please don't mess with ISA if you have users who are connecting as
expected - you can pretty much rule that out. About the only thing that
could apply on the SBS is that maybe the particular user has remote access
permissions denied in AD or RRAS. One thing you could try is to see if the
problem user can VPN in from someone's computer that is known to work, or if
a user who has normal access can log in from the problem user's computer.
You'd also want to check every VPN-related setting on the problem
workstation. If your ISP uses DHCP, you probably got a new IP when you
removed the router, so check the IP being used as the VPN target (sorry I
know this is pretty obvious). But also the security settings - for example,
if you select not to use encryption and the server requires it, you won't
connect.
You may be able to spot something in either the server or workstation logs.
If you don't already audit security, enabling that may point you to
something. As a wild last attempt, you could try opening the Network
Connections window and run the Repair option from each connection's r-click
menu. That will clear out all cached networking information for the
connection, possibly clearing up an issue of cached incorrect settings.
"Michael Rudnick" <news@rcc-pcsupport.com> wrote in message
news:Xns94A76637A14E5newsrccpcsupportcom@207.46.248.16...
> Sorry for the second post. I didn't get a reply on the first one.
> Note: I have since added a rule in ISA to allow all traffic from the
remote
> router to the server with still no success. Help!
>
> ---------
>
> We're running SBS 2000 and have had VPN running for some time. We were
> having some problems with response times and chose to remove the router
> between the server's WAN NIC and the DSL router. We now have the server's
> WAN with a public IP address. Currently several computers are able to VPN
> in with no problem.
>
> Except one computer...
>
> The problem computer was able to VPN prior to us removing the router at
the
> server. Now it cannot. We've spent hours trying to figure out the problem.
>
> The workstation is XP Pro. We have installed all the Windows updates on
it.
> We've upgraded the router it's connected to with the latest firmware.
We've
> opened the ports for VPN. We've checked to see that the virus program
isn't
> blocking anything and have checked Interconnection Firewall (it's off). As
> a test, we even tried plugging the workstation directly into the DSL
router
> and still could not connect. I enabled 'IcmpPingQueryPredefinedType'
> requests in ISA on the server and was able to ping the server from outside
> the network. But I cannot ping from the problem workstation, even when
it's
> directly connected to the DSL router.
>
> Since there was no change in the situation when we were plugged in
> directly, I don't think the local router is the problem. I haven't
> considered that the server is the problem since other workstations have
> been able to connect. At this point I want to scream.
>
> Any ideas on where to go at this point?
>
>
> --
> Michael Rudnick
> news@RCC-pcSupport.com
- Next message: Andy Nestor: "Re: ISA in SBS2k Painfully Slow"
- Previous message: Andy Nestor: "Re: ISA in SBS2k Painfully Slow"
- In reply to: Michael Rudnick: "VPN - One Client Can't Connect: SECOND REQUEST"
- Next in thread: Merv Porter [SBS-MVP]: "Re: VPN - One Client Can't Connect: SECOND REQUEST"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
