Re: Help! Cannot access network via VPN and no web in or out

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Shared Care (admin_at_nospamhere.sharedcare.org)
Date: 05/15/04 

Date: Sat, 15 May 2004 12:39:50 +0100

Thanks for the chin-up speech! It's just what I needed. I've been at this
for 20 hours yesterday and 2.5 hours this morning.

I can't post the ipconfig /all from the server as it's 25 miles away and I
can't remote to it... Equally, when I get to the office, I might not be able
to post it out as my router ain't working!!

Marina, is there a link I can send to the Cisco TAC that says "oi! your
router should be set up like this:" ?

"Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in message
news:Obqob$mOEHA.3944@tk2msftngp13.phx.gbl...
> Hi again,
>
> Don't doubt yourself. You have said it did work for more than 18 months,
> until the router stopped working and this cisco guy started messing
around.
> First: was the router getting faulty and was that the reason it stopped
> working? Has the router been replaced by a new one?
> Second: if you can't even get out on the internet from within your
network,
> they really have been messing around in your routersetup.
> You have proved it that your network was setup right as it has been
working
> perfectly for 18 months. Your SBS should be doing the authentication for
> sure, not the router. The router should pass through VPN, which isn't
doing
> that now obviously.
> Ask for another cisco tech, preferably one that is knowing what he/she is
> talking about. You shouldnot need to setup a static route. Again, it has
> been working for 18 months!
>
> Please, answer my other questions about ipconfig and if you have done the
> checking on your networkbinding and regedits. Just to rule that out.
>
>
> --
> Regards,
>
> Marina
> Microsoft SBS-MVP
>
> "Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> schreef in
> bericht news:OIlmx4mOEHA.3012@tk2msftngp13.phx.gbl...
> > Hi,
> >
> > Please, post the ipconfig/all from the server.
> >
> > --
> > Regards,
> >
> > Marina
> > Microsoft SBS-MVP
> >
> > "Shared Care" <admin@nospamhere.sharedcare.org> schreef in bericht
> > news:tEnpc.242$3M5.196@newsfe6-gui.server.ntli.net...
> > > I'm online with Cisco TAC now. They are telling me that port
forwarding
> > 1723
> > > to the external Nic (which was the original setup) won't work. They
are
> > > trying to set the router to authenticate the VPN - not pass the
request
> > > through. I am on a VPN now but this is inside the router on 172.16.0.2
> > > 255.255.255.255 and I can't ping anything or get anywhere.
> > >
> > > Cisco are telling me that I need a static route from 192.168.1.2 (my
SBS
> > > external NIC) to the 10.0.0.2 (SBS internal NIC). Are they wrong here?
> > >
> > > I also have no web access in or out. Is this related?
> > >
> > >
> > >
> > >
> > > "Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
> > message
> > > news:%23wBCKZmOEHA.1160@TK2MSFTNGP09.phx.gbl...
> > > > Hi,
> > > >
> > > > 800 is likely something wrong setup in the router. Check if you have
> > port
> > > > 1723 (VPN) forwarded in the router to your external nic IP.
> > > > To make sure everything else is alright, post the ipconfig/all from
> the
> > > > server.
> > > > You say you can successfully vpn within the network, which indeed
> would
> > > tell
> > > > me that vpn and rras are setup right.
> > > > 2 nics and using RRAS: check bindingorder nics and make sure
internal
> > nic
> > > is
> > > > on top, have you applied the regedits in 292822 (just checking)?
> > > >
> > > >
> > > > --
> > > > Regards,
> > > >
> > > > Marina
> > > > Microsoft SBS-MVP
> > > >
> > > > "Shared Care" <admin@nospamhere.sharedcare.org> schreef in bericht
> > > > news:wRmpc.218$3M5.129@newsfe6-gui.server.ntli.net...
> > > > > I have some major problems and need some help. I have Cisco TAC
> > > assisting
> > > > > with my router but they keep trying to blame the SBS setup for the
> > > > problems
> > > > > I'm experiencing. Can you check my setup here and advise me where
> > there
> > > > > might be a problem? Running SBS2K connected to a Cisco 801 router.
> > > > >
> > > > > Symptoms:
> > > > > No web access in or out. Email is ok outbound - can't check
inbound
> > from
> > > > > here. VPN will not connect to the SBS. Remotes receive error 800.
> > > > >
> > > > >
> > > > >
> > > > > I have 5 remote workers trying to connect to our network via
Windows
> > > VPN.
> > > > > All are running Windows XP Professional sp1. Each remote has their
> own
> > > > > network logon name and password. They all have dial in access.
> > > > >
> > > > > At the office:
> > > > > Cisco 801 Router connected to a bonded BRI line. Router's public
IP
> is
> > > > > A.B.C.D which the remotes use to hook up to the VPN. Router's
> inside
> > IP
> > > > is
> > > > > 192.168.1.1 connected to the SBS external NIC on 192.168.1.1 .
This
> > > routes
> > > > > over ISA2000 to the internal NIC on 10.0.0.2 For the past 18
months
> > this
> > > > has
> > > > > been fine and dandy. Then yesterday at 4.30am it stopped
> > authenticating
> > > > the
> > > > > remote users.
> > > > >
> > > > > What used to happen is that the router would pass the VPN request
to
> > the
> > > > > SBS. This would authenticate and issue a 10.0.0.X ip to the
remote.
> > The
> > > > > remote could then access all the network servers it needed. Cisco
> tell
> > > me
> > > > > that the router should never have done this and that it (the
router)
> > > > should
> > > > > be authenticating. They have changed the router setup so that
> > > > authentication
> > > > > now occurs on the router. If I VPN to the network using my own
> logons
> > > (now
> > > > > defined within the router) I am authenticated (by the router) and
> > issued
> > > a
> > > > > 172.16.0.X IP address by the router. XP declares that I'm
connected
> > > > > (probably just to the router) but I can't connect to any servers
nor
> > can
> > > I
> > > > > see or ping anything on the 10.0.0.X range.
> > > > >
> > > > > Locally I can ping to the router and I receive a response. Cisco
TAC
> > > tell
> > > > me
> > > > > that they see this as a ping from 192.168.1.2 (which seems
correct).
> > > > They're
> > > > > telling me that there must be a translation to get the VPN request
> > from
> > > > the
> > > > > router to the 10.0.0.2 server for server authentication. Surely
this
> > was
> > > > > already in place as it worked before?
> > > > >
> > > > > I have set up RRAS as instructed and the DHCP etc. are all
supplied
> by
> > > the
> > > > > internal NIC. I can VPN to the server from inside the network, I
> just
> > > > can't
> > > > > get to it from outside.
> > > > >
> > > > > Help. Please
> > > > >
> > > > > Admin
> > > > > Sharedcare.org
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages