Re: A RAS/VPN "Is it just me?" question

From: Kiran Otter (kiranotter_at_hotmail.com)
Date: 03/16/04 

Date: Tue, 16 Mar 2004 09:34:18 -0500

"Jim Behning SBS MVP" <jimbehingmvp@mindspring.com> wrote in message news:8s0d501k0jimg0m2p8bqab4s4umihc8qcl@4ax.com...
> Grabbing at straws. What is the ip of your remote workstation, the ip
> the vpn gets assigned and the ip of the network at the office? Weird
> things happen if your home network ip is the same as the office
> network. Maybe post and ipconfig/all >ipconfig.txt to see if anyone
> sees anything weird.

I had a problem where RAS was unable to get a lease from DHCP, but fixed that. There was no binding to the LAN adaptor in DHCP. The
server is giving VPN clients addresses in the 192.168.16.x range (usually 10-20). The workstation has the address of 192.168.0.20,
and the DSL at home gets a dynamic address around 68.215.96.51. I have the same DSL service at work, but the worksation address is
192.168.100.x.

At work, connected to the VPN through our DSL, an ipconfig looks like this:

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix . :
        Description . . . . . . . . . . . : Intel(R) PRO/100 VM Network Connection
        Physical Address. . . . . . . . . : 00-02-A5-DD-34-94
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.100.31
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.100.7
        DHCP Server . . . . . . . . . . . : 192.168.100.1
        DNS Servers . . . . . . . . . . . : 192.168.100.1
        Lease Obtained. . . . . . . . . . : Tuesday, March 16, 2004 8:47:30 AM
        Lease Expires . . . . . . . . . . : Thursday, March 18, 2004 8:47:30 AM

PPP adapter Connect to Small Business Server:

        Connection-specific DNS Suffix . : CCFFLL.local
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : 00-53-45-00-00-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.16.10
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 192.168.16.10
        DNS Servers . . . . . . . . . . . : 192.168.16.2
        Primary WINS Server . . . . . . . : 192.168.16.2

My workstation is currently part of a W2K server network. It is not connected to the SBS 2003 server via the LAN.

> What are mp3s doing on the server? I search and delete those but that
> is just me. But a good transfer test I suppose.

Just grabbed one for use as a test. :)

> Run Spybot Search and Destroy with the latest definitions at home.

I do this religiously and did last night just to check. Nothing was found.

> The last few installs have asked for one license key but Outlook has
> it's own key. True for my Action Pack and an open license set I have
> for a non profit. I have a couple of SBS retail but unwilling to open
> the seals on them.

I have the Action Pack too, I may try that. Seems odd though that they'd give you a CD and no product key.

> vpn pptp uses 1723 and gre 47. Something weird happen with someone's
> router?

It's a D-Link DI-604 here at work, and it has specific options for VPN. I also opened port 1723 to no avail. I'm a bit unclear what
GRE47 is.. I read it's not port 47 but a protocol. I have tried bypassing the D-Link and my router at home, nothing changed. Could
be the Cisco router on the T1.. I'll poke our T1 provider about that. As far as I know, it's wide open. But it does stand to reason
it's this T1 router since if I bypass it (and the rest of the net) everything is fine.

Thanks for your help Jim.

Kiran

>
> Kiran Otter <kiranotter@hotmail.com> wrote:
>
> >During a copy, the data flow appears to just stop, then the copy times out.
> >Copying a 8M MP3 isn't a problem and takes under 2 minutes. It seems to
> >have to do with .dll and .exe files. If I just right-click a 47k exe file,
> >it takes 4-5 minutes for the menu to appear. I thought the WinRAR context
> >menu had something to do with that, but I just tried the right-click again
> >and it's.. been going 5 minutes and I'm still waiting.
> >
> >The other thing is, I never see the correct icon for exe files. It's always
> >the basic Windows icon. (Looks like a little window.) The only time they
> >appear correctly is when I connect via the VPN directly through the switch
> >for the T1.
> >
> >I also had another question. The Outlook 2003 CD that came with the SBS
> >prompts me for a product key. The only product key I have (other than 3
> >CALs) is the one for SBS, and it didn't like that. So I took a copy from
> >the ClientApps of Outlook 2003 and I'm trying it at home, but it won't
> >connect through RPC. I found something about changing the time-outs in the
> >registry, but it points you to a RPC section under ...\11.0\Outlook, and
> >there isn't one. My guess at this point is that the copy off the server
> >has RPC disabled so you don't have users inadvertently enabling it when
> >they're on the local LAN.
> >
> >And the right-click I did earlier? I'm still waiting for it. But meanwhile
> >I can Terminal Service into the server, visit the Remote Web Workplace and
> >read emails via the web without a problem. I'm fine if I never touch an
> >.exe through a mapped drive in Explorer! :)
> >
> >Thanks,
> >
> >Kiran
> >
> >
> >
> >
> >Jim Behning SBS MVP<jimbehingmvp@mindspring.com> wrote in
> >news:ugnc505b5g4rdrg0kr18d21m5ik3o3l16e@4ax.com:
> >
> >> What happens when you do file copies? Trying to run an exe is a kind
> >> of tough test because you don't know what all it is trying to pull or
> >> push to you. Note that your dsl upload speed restricts everything. My
> >> dsl is about 200 k upload and I lose about 25% with the vpn tunnel. My
> >> av updates take a bit of time at home and at most of my remote offices
> >> accounts. Do a dsl reports speed test to see what you adsl is giving
> >> you before you do more vpn testing.
> >>
> >> I do laptop and remote computer installs from a cd or at the home
> >> office before they go out in the field.
> >>
> >> "Kiran Otter" <kiranotter@hotmail.com> wrote:
> >>
> >>>I have a 2003 SBS connected to a 768K T1. IIS, Terminal Services, and
> >>>surfing the web while connected via RAS/VPN are reasonably fast.
> >>>(Downloading a driver from HP came through at about 30K/sec.)
> >>>
> >>>What's not fast are simple explorer file copies. And here's one in
> >>>particular:
> >>>
> >>>On the SBS, in the ClientApps/Outlook 2003 folder, there's a
> >>>setup.exe. Simply right-clicking this file hangs Explorer for about
> >>>4-5 minutes before the context menu appears. During that time, the
> >>>connection is busybusy transferring data. That setup.exe is about
> >>>400K. (Update: I turned off the context menus from WinRAR.. and it's
> >>>faster, down to about a minute, but that's still slow.)
> >>>
> >>>Also a (don't laugh) attempt to install Outlook 2003 over the VPN
> >>>failed during the file copy, saying it couldn't access a file. And an
> >>>attempt to just copy that folder locally through the VPN failed.
> >>>
> >>>So, is it just me or is this normal? :)
> >>>
> >>>A direct VPN through the T1 switch, eliminating our DSL and T1 ISPs
> >>>and routers works fine. I've tried the workstation both at home and at
> >>>work, two different DSL routers, even tried being on the DMZ, no
> >>>difference.
> >>>
> >>>Thanks for your help.
> >>>
> >>>Kiran
> >>>
> >>>
> >>
> >> Jim B. SBS MVP
> >> remove the mvp to send email
> >>
>
> Jim B. SBS MVP
> remove the mvp to send email

Relevant Pages

  • Re: [Full-disclosure] Remote Desktop Command Fixation Attacks
    ... This set of steps is redundant in many places, and it's also enormously expensive, since you're using no less than three different expensive bits of networking hardware (AP, PIX, VPN Concentrator), in addition to a bunch of x86 server hardware, windows server licenses, and at least one ISA license. ... Your computers necessarily don't have full access to your network infrastructure when they aren't logged on, so GPOs, software updates, etc can't be applied at the times you want them to be applied. ... Turning on, enabling, and implementing every possible security setting and device you think of is not defence in depth, and will probably only have two effects - your users won't use your wireless network, and you'll burn so much cash you won't have any left to spend on *useful* security measures. ...
    (Full-Disclosure)
  • Re: VPN Question
    ... However, to administer that server, you don't have to use VPN. ... You can TS into that server, which will give you the server console. ... The SBS network is behind the ... > internal router and DHCP is handled by the SBS server. ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN with SBS 2003 (not R2) and DSL.
    ... Reading property value for VPN returned OK ... Reading VPN Server Name returned OK ... identical network cards. ... it seems doubtful that SBS will work properly with two NICs ...
    (microsoft.public.windows.server.sbs)
  • Re: Connection from remote computer to network SQL Server
    ... There is no firewall on the W2K machine acting as the SQL server. ... I tried making the SQL machine a "trusted" on the router. ... connection works. ... To find the IP address of your computer inside the network, ...
    (microsoft.public.access.adp.sqlserver)
  • Re: Help setting VPN (RRAS) on W2K Advanced Server behind a router
    ... if my router already provides the VPN tunnel into ... The mistake I made was to use the main server IP as the internet connect, ... once I connected it threw everybody off the network. ...
    (microsoft.public.win2000.ras_routing)