Re: Help! Cannot access network via VPN and no web in or out

From: Shared Care (admin_at_nospamhere.sharedcare.org)
Date: 05/15/04 

Date: Sat, 15 May 2004 12:01:19 +0100

I'm online with Cisco TAC now. They are telling me that port forwarding 1723
to the external Nic (which was the original setup) won't work. They are
trying to set the router to authenticate the VPN - not pass the request
through. I am on a VPN now but this is inside the router on 172.16.0.2
255.255.255.255 and I can't ping anything or get anywhere.

Cisco are telling me that I need a static route from 192.168.1.2 (my SBS
external NIC) to the 10.0.0.2 (SBS internal NIC). Are they wrong here?

I also have no web access in or out. Is this related?

"Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in message
news:%23wBCKZmOEHA.1160@TK2MSFTNGP09.phx.gbl...
> Hi,
>
> 800 is likely something wrong setup in the router. Check if you have port
> 1723 (VPN) forwarded in the router to your external nic IP.
> To make sure everything else is alright, post the ipconfig/all from the
> server.
> You say you can successfully vpn within the network, which indeed would
tell
> me that vpn and rras are setup right.
> 2 nics and using RRAS: check bindingorder nics and make sure internal nic
is
> on top, have you applied the regedits in 292822 (just checking)?
>
>
> --
> Regards,
>
> Marina
> Microsoft SBS-MVP
>
> "Shared Care" <admin@nospamhere.sharedcare.org> schreef in bericht
> news:wRmpc.218$3M5.129@newsfe6-gui.server.ntli.net...
> > I have some major problems and need some help. I have Cisco TAC
assisting
> > with my router but they keep trying to blame the SBS setup for the
> problems
> > I'm experiencing. Can you check my setup here and advise me where there
> > might be a problem? Running SBS2K connected to a Cisco 801 router.
> >
> > Symptoms:
> > No web access in or out. Email is ok outbound - can't check inbound from
> > here. VPN will not connect to the SBS. Remotes receive error 800.
> >
> >
> >
> > I have 5 remote workers trying to connect to our network via Windows
VPN.
> > All are running Windows XP Professional sp1. Each remote has their own
> > network logon name and password. They all have dial in access.
> >
> > At the office:
> > Cisco 801 Router connected to a bonded BRI line. Router's public IP is
> > A.B.C.D which the remotes use to hook up to the VPN. Router's inside IP
> is
> > 192.168.1.1 connected to the SBS external NIC on 192.168.1.1 . This
routes
> > over ISA2000 to the internal NIC on 10.0.0.2 For the past 18 months this
> has
> > been fine and dandy. Then yesterday at 4.30am it stopped authenticating
> the
> > remote users.
> >
> > What used to happen is that the router would pass the VPN request to the
> > SBS. This would authenticate and issue a 10.0.0.X ip to the remote. The
> > remote could then access all the network servers it needed. Cisco tell
me
> > that the router should never have done this and that it (the router)
> should
> > be authenticating. They have changed the router setup so that
> authentication
> > now occurs on the router. If I VPN to the network using my own logons
(now
> > defined within the router) I am authenticated (by the router) and issued
a
> > 172.16.0.X IP address by the router. XP declares that I'm connected
> > (probably just to the router) but I can't connect to any servers nor can
I
> > see or ping anything on the 10.0.0.X range.
> >
> > Locally I can ping to the router and I receive a response. Cisco TAC
tell
> me
> > that they see this as a ping from 192.168.1.2 (which seems correct).
> They're
> > telling me that there must be a translation to get the VPN request from
> the
> > router to the 10.0.0.2 server for server authentication. Surely this was
> > already in place as it worked before?
> >
> > I have set up RRAS as instructed and the DHCP etc. are all supplied by
the
> > internal NIC. I can VPN to the server from inside the network, I just
> can't
> > get to it from outside.
> >
> > Help. Please
> >
> > Admin
> > Sharedcare.org
> >
> >
>
>

Relevant Pages

  • Re: window 2003 server vpn connection connects but cannot browse anywhere
    ... You should not setup both NICs using the same IP range and should not have two gateways event they are the same. ... Networking, Internet, Routing, VPN Troubleshooting on ...
    (microsoft.public.windows.server.networking)
  • Re: Help! Cannot access network via VPN and no web in or out
    ... > I'm online with Cisco TAC now. ... I am on a VPN now but this is inside the router on 172.16.0.2 ... >> 2 nics and using RRAS: check bindingorder nics and make sure internal ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: Windows 2003 VPN
    ... > docs, but they talk about configuring with two nics, and I don't have that ... I have also found one on the client side setup, ... which is the VPN router ...
    (microsoft.public.win2000.setup)
  • Re: Windows 2003 with VPN behind DSL
    ... > but the VPN connection would be extended to the server. ... >> You should not assign the same IP range to these two NICs. ... >> How to setup vpn on 2003 as router ...
    (microsoft.public.win2000.ras_routing)
  • Re: Join domain from remote and VPN setup
    ... I would recommend that you do the DC install & Exchange setup onsite, ... and they'll handle all the VPN stuff ... Windows Server MVP ... > 2 NICs for a VPN setup. ...
    (microsoft.public.isa.vpn)