Re: Help! Cannot access network via VPN and no web in or out
From: Marina Roos [SBS-MVP] (marina_at_roos.nodontwantspam.nl.com)
Date: 05/15/04
- Next message: Shared Care: "Re: Help! Cannot access network via VPN and no web in or out"
- Previous message: Marina Roos [SBS-MVP]: "Re: Help! Cannot access network via VPN and no web in or out"
- In reply to: Marina Roos [SBS-MVP]: "Re: Help! Cannot access network via VPN and no web in or out"
- Next in thread: Shared Care: "Re: Help! Cannot access network via VPN and no web in or out"
- Reply: Shared Care: "Re: Help! Cannot access network via VPN and no web in or out"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 15 May 2004 13:28:08 +0200
Hi again,
Don't doubt yourself. You have said it did work for more than 18 months,
until the router stopped working and this cisco guy started messing around.
First: was the router getting faulty and was that the reason it stopped
working? Has the router been replaced by a new one?
Second: if you can't even get out on the internet from within your network,
they really have been messing around in your routersetup.
You have proved it that your network was setup right as it has been working
perfectly for 18 months. Your SBS should be doing the authentication for
sure, not the router. The router should pass through VPN, which isn't doing
that now obviously.
Ask for another cisco tech, preferably one that is knowing what he/she is
talking about. You shouldnot need to setup a static route. Again, it has
been working for 18 months!
Please, answer my other questions about ipconfig and if you have done the
checking on your networkbinding and regedits. Just to rule that out.
-- Regards, Marina Microsoft SBS-MVP "Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> schreef in bericht news:OIlmx4mOEHA.3012@tk2msftngp13.phx.gbl... > Hi, > > Please, post the ipconfig/all from the server. > > -- > Regards, > > Marina > Microsoft SBS-MVP > > "Shared Care" <admin@nospamhere.sharedcare.org> schreef in bericht > news:tEnpc.242$3M5.196@newsfe6-gui.server.ntli.net... > > I'm online with Cisco TAC now. They are telling me that port forwarding > 1723 > > to the external Nic (which was the original setup) won't work. They are > > trying to set the router to authenticate the VPN - not pass the request > > through. I am on a VPN now but this is inside the router on 172.16.0.2 > > 255.255.255.255 and I can't ping anything or get anywhere. > > > > Cisco are telling me that I need a static route from 192.168.1.2 (my SBS > > external NIC) to the 10.0.0.2 (SBS internal NIC). Are they wrong here? > > > > I also have no web access in or out. Is this related? > > > > > > > > > > "Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in > message > > news:%23wBCKZmOEHA.1160@TK2MSFTNGP09.phx.gbl... > > > Hi, > > > > > > 800 is likely something wrong setup in the router. Check if you have > port > > > 1723 (VPN) forwarded in the router to your external nic IP. > > > To make sure everything else is alright, post the ipconfig/all from the > > > server. > > > You say you can successfully vpn within the network, which indeed would > > tell > > > me that vpn and rras are setup right. > > > 2 nics and using RRAS: check bindingorder nics and make sure internal > nic > > is > > > on top, have you applied the regedits in 292822 (just checking)? > > > > > > > > > -- > > > Regards, > > > > > > Marina > > > Microsoft SBS-MVP > > > > > > "Shared Care" <admin@nospamhere.sharedcare.org> schreef in bericht > > > news:wRmpc.218$3M5.129@newsfe6-gui.server.ntli.net... > > > > I have some major problems and need some help. I have Cisco TAC > > assisting > > > > with my router but they keep trying to blame the SBS setup for the > > > problems > > > > I'm experiencing. Can you check my setup here and advise me where > there > > > > might be a problem? Running SBS2K connected to a Cisco 801 router. > > > > > > > > Symptoms: > > > > No web access in or out. Email is ok outbound - can't check inbound > from > > > > here. VPN will not connect to the SBS. Remotes receive error 800. > > > > > > > > > > > > > > > > I have 5 remote workers trying to connect to our network via Windows > > VPN. > > > > All are running Windows XP Professional sp1. Each remote has their own > > > > network logon name and password. They all have dial in access. > > > > > > > > At the office: > > > > Cisco 801 Router connected to a bonded BRI line. Router's public IP is > > > > A.B.C.D which the remotes use to hook up to the VPN. Router's inside > IP > > > is > > > > 192.168.1.1 connected to the SBS external NIC on 192.168.1.1 . This > > routes > > > > over ISA2000 to the internal NIC on 10.0.0.2 For the past 18 months > this > > > has > > > > been fine and dandy. Then yesterday at 4.30am it stopped > authenticating > > > the > > > > remote users. > > > > > > > > What used to happen is that the router would pass the VPN request to > the > > > > SBS. This would authenticate and issue a 10.0.0.X ip to the remote. > The > > > > remote could then access all the network servers it needed. Cisco tell > > me > > > > that the router should never have done this and that it (the router) > > > should > > > > be authenticating. They have changed the router setup so that > > > authentication > > > > now occurs on the router. If I VPN to the network using my own logons > > (now > > > > defined within the router) I am authenticated (by the router) and > issued > > a > > > > 172.16.0.X IP address by the router. XP declares that I'm connected > > > > (probably just to the router) but I can't connect to any servers nor > can > > I > > > > see or ping anything on the 10.0.0.X range. > > > > > > > > Locally I can ping to the router and I receive a response. Cisco TAC > > tell > > > me > > > > that they see this as a ping from 192.168.1.2 (which seems correct). > > > They're > > > > telling me that there must be a translation to get the VPN request > from > > > the > > > > router to the 10.0.0.2 server for server authentication. Surely this > was > > > > already in place as it worked before? > > > > > > > > I have set up RRAS as instructed and the DHCP etc. are all supplied by > > the > > > > internal NIC. I can VPN to the server from inside the network, I just > > > can't > > > > get to it from outside. > > > > > > > > Help. Please > > > > > > > > Admin > > > > Sharedcare.org > > > > > > > > > > > > > > > > > > > >
- Next message: Shared Care: "Re: Help! Cannot access network via VPN and no web in or out"
- Previous message: Marina Roos [SBS-MVP]: "Re: Help! Cannot access network via VPN and no web in or out"
- In reply to: Marina Roos [SBS-MVP]: "Re: Help! Cannot access network via VPN and no web in or out"
- Next in thread: Shared Care: "Re: Help! Cannot access network via VPN and no web in or out"
- Reply: Shared Care: "Re: Help! Cannot access network via VPN and no web in or out"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
