|
|
|
|||
|
Home | Troubleshooting | Quick Setup | Cisco How to | Data Recovery | Forums | Blog | IT Exam Practice | Services | About Us | Chicagotech MVP | Search | Contact Us | |
|
VPN Issues
How to
setup VPN Post your questions, comments, feedbacks and suggestions
Can see the
remote computers but get access denied Can't access the remote network at home only Symptoms: you setup VPN on a laptop connecting to the office VPN Server. At home, you can connect and authenticate just fine but can't ping any address on the remote network. If using the same laptop in a different location, the VPN works. Cause: The problem is the home LAN (VPN client) using the same IP and Subnet as the remote LAN you were trying to dial into.
1. Make sure the the Routing and Remote Access service on the VPN server is
running. To do this go to the Properties of My Computer>Manager>Services.
2. Make sure remote access on the VPN server is enabled. To enable the remote access server, Open Routing and Remote Access, right-click the server name for which you want to enable remote access, and then click Properties. On the General tab, select the Remote access server check box. 3. Make sure PPTP or L2TP ports, or both are enabled for inbound remote access requests. For consultants, refer to case RL040503 Can't connect to a VPN server on the outside of the PIX Symptom: When attempting to connect to a VPN server on the outside of the PIX it returns error 721, the computer failed to respond. Resolution: 1) In order to PPTP through a PIX, you must have a one-to-one mapping from the external IP to an internal IP for type 47 GRE packets and port 1723. For example, for pptp add this: conduit permit gre host x.x.x.x any AND conduit permit tcp host x.x.x.x eq 1723. For l2tp over ipsec: conduit permit esp host x.x.x.x any, conduit permit udp host x.x.x.x eq 1701 any AND conduit permit udp host x.x.x.x eq 500 any. 2) If the PIX is V6.3(3) or above, you can enable PPTP fixup, fixup protocol pptp 1723 Can XP Home have multi VPN connections open simultaneously, like NT and W2K Pro? This is not supported in the Home edition. Client VPN IP address must be used as a default gatewaySymptom: you setup a VPN server and assign the VPN server IP as a VPN default gateway. While VPN clients connecting to the VPN server, they can't access to the network.Resolution: the gateway IP address should be the client's IP assigned by the VPN server, not the IP address of the VPN server's Internet interface. You can only determine the IP address of the VPN client's virtual interface when the client is connected by double-clicking the virtual private networking connection object when the VPN connection is active. In the resulting Status dialog box, click the Details tab. Or use ipconfig /all command.Still need help, contact consultant Your feedback and contributions to this web site Do not install VPN on W2K with ICS running Many users have reported that they were experienced some difficulties after installing VPN on w2k/xp running ICS and ICS clients may receive "Error: Page Can Not be Displayed" message. The reason is that establishing a VPN connection on the ICS Host modifies the Routing Table on the ICS Host. that will forces all clients that try to connect to the Internet to use the VPN routing table instead of the ICS routing table used to connect to the Internet service provider (ISP). You may modify the route table to fix this problem, for example, route -p add <network> mask <subnet mask> <router ip>. If you want to add a route for a single host (firewall which is on another subnet), do this route -p add <ip> mask 255.255.255.255 <host ip>, for example, route -p add 192.168.0.100 255.255.255.255 160.213.320.1. Enable Allow Local LAN Access on Cisco VPN client Q: I uses Cisco VPN client at home to access my company VPN. However, I can't access my home network while connecting the VPN. Any suggestions? A: You may enable Allow Local LAN Access. To do this, right-click the connection>transport, check Allow Local LAN Access. How to enable RRAS and NAT logs 1. To select the event type for RRAS, right-click RRAS>Logging. Go to the client VPN connection properties>Options, have him select include Windows logon domain. When he connects to VPN network, he will have to enter the domain name as well as their username and password. You can create a
remote access policy to manage the VPN idle time. Open Routing and Remote
Access. Click on Remote Access Policies. Right-click on Connection to
Microsoft Routing and Remote Access Server. Click on Edit Profile. In the
Dial-in constraints tab, you will have two checkboxes against 'Session
timeout' and 'Idle timeout'. You can select this checkbox and specify the
time here. Session timeout is How to setup VPN for MS VPN clients on Cisco PIX To setup VPN for MS VPN clients on Cisco PIX, you need to add the
following lines. How to setup split-tunnel on Cisco PIX To setup VPN for Cisco VPN clients on Cisco PIX, you add the following
lines: How to stop other requests flow through the VPN Q: I just setup VPN on my windows server for my clients to VPN into my network. The one issue I'm noticing is that all their DNS requests flow through the VPN. How can I set it up so that only the subnets that I control are routed through the VPN? A: Uncheck "Use Gateway on remote network" on the VPN client. Internal clients can't access the Internet after a remote client connects to RRASSymptoms: After a remote client establishes a connection on a RRAS which is installed on a domain controller with DNS, one or more of the following symptoms may occur:1) Internal clients may no longer be able to
browse the Web through Internet Security and Acceleration (ISA) Server,
regardless of whether or not Web Proxy or the Firewall Client is being used
for Web browsing.
The server is not responding when client requests an update.
Possible causes: -The server is not an ISA Server. -The server is down. 9) Windows 2000 LAN clients cannot map a network drive to the server. The client may receive the following error message: No Logon Servers Available to Service your Logon Request. Resolutions: This issue can occur if the client computer receives a response from DNS that includes the wrong Internet Protocol (IP) address. This address is only returned in a query after a remote client has connected by using Dial-Up Networking. This IP address is registered with DNS if network basic input/output system (NetBIOS) is bound to the RRAS server's dial-in interfaces or if DNS is configured to listen on all interfaces. To resolve this problem, obtain the latest service pack for Windows 2000. Routing & Remote access service was unable was to start Causes: The Dependencies such as NetBIOSGroup and RPC may not start. Some routers may take just one VPN connection Symptom: you are trying to connect two or more computers to a Windows VPN behind a router. Each machine connects individually. However, when you try to use two more VPN clients to the VPN simultaneously. Only the first client connects successfully. Other clients may receive Error 721 - Remote PPP peer or computer is not responding. Cause: Some router takes only one connection.
VPN connection appears with a red X VPN client disconnection issues 1. If it is XP and you use ICS/ICF, disable ICS/ICF or install latest SP. VPN XP Client Disconnects After One MinuteSYMPTOMS: After you install SP1 for XP, your computer may drop VPN connections after about 55 seconds. This behavior may occur if ICS/ICF is enabled.RESOLUTION: 1) disable ICS. 2) disable ICF. 3) contact Microsoft Product Support Services to obtain the fix.
VPN Win98 can
access the resources but not W2K/XP A: Win2k and XP both use DNS to find other machines whereas Win98 uses NetBIOS or Wins. So, you will need to set up the DNS on VPN Server or clients. |
|
|
This web is provided "AS IS" with no warranties.
Copyright © 2002-2018
ChicagoTech.net,
All rights reserved. Unauthorized reproduction forbidden.