Re: VPN/Remote Desktop/Internet problem
- From: Newell White <NewellWhite@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 16 Aug 2006 06:21:02 -0700
Sorry for delay in replying, but here in UK business hours have had great
difficulty connecting to this group after logging in. 'Page not available'
First reply to Bob:
Don't have a policy prohibiting Internet Access.
Pinging routable IP address times out.
Pinging same address by name leaves blank DOS window which disappears after
several minutes.
Now to Bill:
I inherited this set-up (previous admin left before I joined to do a
different job, I have had to self-educate to keep network running - small
firm!).
Yes our roaming users use Cisco VPN client, and tunnel terminates in our
Cisco Pix.
Does that mean inherited W2k3 VPN server role is redundant, and I can close
it down?
Further question:
To ease restricted upload speed on our ADSL connection, I have to configure
users to access Internet by their local ISP - plan was to disable 'Use Remote
Gateway' on their Windows XP VPN connection.
But if the Cisco Pix is the tunnel end, it must be doing some sort of
routing to reach Remote Desktop on the DC. Do I have to configure
split-tunnel on the Pix?
Thanks to all
--
Newell White
"Bill Grant" wrote:
I basically agree with Bob. The PDC emulator is the worst choice for the.
VPN server. The PIX is the best choice. If you must use a Windows server,
don't use the PDC emulator for a remote access server. Even if you use the
other W2k3 for RRAS you may have probems if it is a DNS server or is a
master browser for the LAN. See KB 292822 and 830063 .
Robert L [MS-MVP] wrote:
First of all, it is not recommended to enable RRAS on a DC. Since you
have Cisco PIX, I would use Cisco VPN.
Secondly, I would setup a group policy to restrict TS/RDP users to
access the Internet if they access to the DC. So, do you have group
policy to block internet access?
Can you ping a public IP after RDC to the DC?
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"Newell White" <NewellWhite@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:A7D3D7B8-1589-434C-926E-17894BCDDEE3@xxxxxxxxxxxxxxxx
We have a single subnet LAN, 192.168.1.0, with 2 W2k3 servers
running AD and
DNS/WINS/DCHP. The PDC also hosts our database and RRAS/VPN server.
We have about 40 XP workstations on the LAN, and 10 VPN clients
running XP
or 2000.
VPN client access is configured via the public IP address of our
Cisco Pix
firewall (only route from ADSL connection to the LAN), and they
login to
Remote Desktop on the PDC to access the database and file-shares
only.
The only detectable problem with this set-up is - VPN users can't
access the
Internet from the PDC remote desktop. They get 'cannot find server
or DNS
error' - sounds like a clue!
Can anyone point me to a CLEAR article which explains why this
problem
arises and how it can be solved? I don't want the security and
support
headache of configuring the VPN clients (world-wide) for
split-tunnel to get
Internet from their ISP.
Are there any other potential problems I am ignorant of?
TIA,
--
Newell White
- Follow-Ups:
- Re: VPN/Remote Desktop/Internet problem
- From: Bill Grant
- Re: VPN/Remote Desktop/Internet problem
- References:
- Re: VPN/Remote Desktop/Internet problem
- From: Robert L [MS-MVP]
- Re: VPN/Remote Desktop/Internet problem
- From: Bill Grant
- Re: VPN/Remote Desktop/Internet problem
- Prev by Date: Event Log errors
- Next by Date: Re: Share INTERNET CONNECTION
- Previous by thread: Re: VPN/Remote Desktop/Internet problem
- Next by thread: Re: VPN/Remote Desktop/Internet problem
- Index(es):
Relevant Pages
|
