update
jjd228_at_NOSPAMoptonline.net
Date: 04/02/04
- Next message: Phillip Windell: "Re: VERY frustrating 2000 server RRAS/VPN problem"
- Previous message: Warren Guffey: "Printer Permissions"
- In reply to: jjd228_at_NOSPAMoptonline.net: "Re: VERY frustrating 2000 server RRAS/VPN problem"
- Next in thread: Matthew [MSFT]: "Re: update"
- Reply: Matthew [MSFT]: "Re: update"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 02 Apr 2004 16:56:19 GMT
ok. that config works. although im not entirely sure why. my last problem is
that the connection hangs at the "verifying username and passowrd" stage. i
have opened port 1723 on the cisco pix firewall and forwarded traffic to the
server. does port 47 also need to be opened? if not, what could be the
problem?
<jjd228@NOSPAMoptonline.net> wrote in message
news:fNgbc.24602$Nu3.6569803@news4.srv.hcvlny.cv.net...
> ok, so please let me get this all straight.
>
> first, i only have one nic in the machine. so youre telling me that i dont
> have to configure a dhcp relay agent, NOR do i have to create a pool of ip
> addresses within RRAS... youre saying that i dont have to do either?
please
> verify that and i will test it.
>
>
> "Phillip Windell" <@.> wrote in message
> news:uODNekMGEHA.3540@TK2MSFTNGP09.phx.gbl...
> > Your client machine receives an address when connecting (or it should),
> > therefore it is already in the same subnet (or it should be), so there
is
> no
> > "routing",...you can not "route" to where you are already at to start
> with.
> > You need to verify which address your client is receiving and verify
> > specifically which machine you can ping and which you cannot, and the
> subnet
> > each is in if there are multiple subnets. Knowing *all* this makes a big
> > difference when trying to troublshoot this type of stuff.
> >
> >
> > --
> >
> > Phillip Windell [MCP, MVP, CCNA]
> > www.wandtv.com
> >
> >
> > <jjd228@NOSPAMoptonline.net> wrote in message
> > news:oyfbc.24175$Nu3.6348790@news4.srv.hcvlny.cv.net...
> > > great! i can connect now. however i cant ping any machines on the
> network.
> > i
> > > imagine i need to create a static route somewhere. i know that when
> using
> > > dialin access via a phone modem to act as in ISP a static route must
be
> > > created with 0.0.0.0... would this be the same case?
> > >
> > >
> > > "Matthew [MSFT]" <mfresoli@online.microsoft.com> wrote in message
> > > news:OO79DKMGEHA.1128@TK2MSFTNGP11.phx.gbl...
> > > > If you are using the domain name when logging one with the VPN
client,
> > > then
> > > > the server is mostlikely trying to use the domain admin account.
> > > >
> > > > When logging on, try using the context machinename\username, where
> > machine
> > > > name is the RRAS server name.
> > > >
> > > > Another thing to try would be creating a new user locally that does
> not
> > > have
> > > > a domain account and give it dial in permissions.
> > > >
> > > > On your VPN connection properties, leave the domain name blank when
> > > logging
> > > > on.
> > > >
> > > >
> > > >
> > > > --
> > > > [This posting is provided AS IS
> > > > with no warranties, and confers
> > > > no rights.]
> > > > <jjd228@NOSPAMoptonline.net> wrote in message
> > > > news:qMebc.23891$Nu3.6221665@news4.srv.hcvlny.cv.net...
> > > > > since the machine is a stand alone server i am using the local
> > > > administrator
> > > > > account. would the fact that there is also an account named
> > > administrator
> > > > in
> > > > > AD be causing a problem? there is on,y one DC. i have not changed
> the
> > > > policy
> > > > > to GRANT because my understanding of the default policy is that
> access
> > > > will
> > > > > be allowed IF dialin access is permitted at the user level as long
> as
> > > day
> > > > > and time restrictions do not match. please advise...
> > > > >
> > > > >
> > > > >
> > > > > "Matthew [MSFT]" <mfresoli@online.microsoft.com> wrote in message
> > > > > news:%23XMTP3LGEHA.3372@TK2MSFTNGP09.phx.gbl...
> > > > > > Hi,
> > > > > >
> > > > > > Are you using a local user account or domain account? If domain
> > > > account,
> > > > > > make sure there is no local account with the same name on the
> > server.
> > > > > >
> > > > > > Also, is there more than one DC? Check to see if the dial in
> > > > permissions
> > > > > > replicated to all DCs if using a domain account.
> > > > > >
> > > > > > If you change the RAS policy to Grant remote access permissions
> > based
> > > on
> > > > > the
> > > > > > conditions, does this work?
> > > > > >
> > > > > > -Matt
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > [This posting is provided AS IS
> > > > > > with no warranties, and confers
> > > > > > no rights.]
> > > > > > <jjd228@NOSPAMoptonline.net> wrote in message
> > > > > > news:i_dbc.23612$Nu3.6078728@news4.srv.hcvlny.cv.net...
> > > > > > > i setup rras as a remote access server. i leave the default
> remote
> > > > > access
> > > > > > > policy alone. i then open the properties for a user account
and
> on
> > > the
> > > > > > > dial-in tab i click to ALLOW remote access via dial in or vpn.
> > guess
> > > > > what?
> > > > > > a
> > > > > > > vpn connection attempt is denied and says the user does not
have
> > > > dialin
> > > > > > > rights! ive rebooted, logged in physically at the machine,
> logged
> > > off,
> > > > > > tried
> > > > > > > again... same thing! whats the problem? the server is a member
> of
> > a
> > > > > domain
> > > > > > > but is NOT a domain controller. would there be a setting on
the
> > > > default
> > > > > > > domain security policy that could be screwing me up?
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: Phillip Windell: "Re: VERY frustrating 2000 server RRAS/VPN problem"
- Previous message: Warren Guffey: "Printer Permissions"
- In reply to: jjd228_at_NOSPAMoptonline.net: "Re: VERY frustrating 2000 server RRAS/VPN problem"
- Next in thread: Matthew [MSFT]: "Re: update"
- Reply: Matthew [MSFT]: "Re: update"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
