Page 1 of 2 12 LastLast
Results 1 to 15 of 17

Thread: VPN trouble

  1. #1
    Junior Member Sambo's Avatar
    Join Date
    Apr 2006
    Location
    Windsor near London
    Posts
    40

    VPN trouble

    Dear all,
    I am currently a junior administrator and currently having a spot of bother connecting through a vpn connection to our new server as the error messge tells me it is not able to connect.

    I have enabled remote connection but still cant set up a network place for it. The router is the netgear dg834g and i am using server 2003 but i think i must have a slight configration problem on the router side of things.

    Please help


    Sam

  2. #2
    Friendly Neighborhood Super Moderator phishhead's Avatar
    Join Date
    Apr 2002
    Location
    San Diego, Ca.
    Posts
    3,622
    are you trying to vpn in to your server or are you using RDP and logging in using terminal server sessions. Are you port forwarding to the correct ip address to the server. just a few things to check.



  3. #3
    Junior Member Sambo's Avatar
    Join Date
    Apr 2006
    Location
    Windsor near London
    Posts
    40
    no i am trying to vpn into the server which i believed was a case of opening a connection and tapping in the isp provided ip address. will check it out today and let you know how i am going.

    Is there anything else i should be trying?

  4. #4
    Friendly Neighborhood Super Moderator phishhead's Avatar
    Join Date
    Apr 2002
    Location
    San Diego, Ca.
    Posts
    3,622
    if its the isp's IP address then is the server outside the network like a DMZ server...if not then you will need to portforward to that servers ip address within the subnet.



  5. #5
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,735
    There are few things to check... Firewall (ISA2004), port forwarding on Router, Domain name or IP lookup. GPO settings for user remote access...

    --- 0wN3D by 3gG ---

  6. #6
    Junior Member Sambo's Avatar
    Join Date
    Apr 2006
    Location
    Windsor near London
    Posts
    40
    Still trying to set up a connection into the server and i thought i would give you a little more info. If i use remote desktop and the ip address i get a pc that is out of our domain but in the building, but if i try to set up a vpn then i get an error721.

    i have configured the WAN side to the router to


    100.100.100.100
    255.255.255.0
    D/G 100.100.100.1

    and the LAN is standard but i cant seem to get the router to let me in.Is this the router firewalling me? how do i port forward? any ideas?

  7. #7
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,735
    OK... im sure there are plenty of guides online... but:

    1. Enable VPN end point (built in XP connection) on ur client pc outside of your domain/building etc (ie. like home PC)

    2. Determine ur WAN IP from ISP for your modem/router in ur domain.

    3. Log into ur modem/Router and enable VPN forwarding (might be preselected option or just port forward)

    4. Enable Remote Access and VPN protocols on ur Server 2K3, grant the 'User' remote access priviledges and specifiy a strong password.

    5. Allow Remote access ports through ur Server Firewall, typically ISA2004.

    Now, these can be done in different orders (i just brainstormed)... others might have a better sequence... Good luck, let us know.

    --- 0wN3D by 3gG ---

  8. #8
    Junior Member Sambo's Avatar
    Join Date
    Apr 2006
    Location
    Windsor near London
    Posts
    40
    Cheers cash site, have done all you told me to although for some reason i cant get into the windows firewall for the reason stated being "windows firewall cant run because another program or service is running that might use the network translation component (ipnat.sys)"

    How can i configure the ports when i cant get in? sorry to be a burden.

    Cheers for the backup tip i will ask Dehcbad today

  9. #9
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,735
    Hmm.. not sure about the firewall... Other members might have experience with ISA, it is weird that you cant make real-time changes to the IPSec or Rules, but maybe it provides low-level firewall protection, thus must be loaded during driver boot-up...??

    We'll get it sorted soon

    --- 0wN3D by 3gG ---

  10. #10
    Junior Member Sambo's Avatar
    Join Date
    Apr 2006
    Location
    Windsor near London
    Posts
    40
    Sorry this has taken me a while to get back, we have moved on slighty now. When trying to connect we get a message saying error 649 which i looked up on google telling me that i dont have permission access to enter although it is the administrator a/c and correct p/w. Am i making policies correctly???? it seems i am pass the router stage now but another hurdle has been put in the way

  11. #11
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,735
    when entering the administrator username, you may need to specifiy the domain first ie DOMAIN_NAME\administrator ... this will aid in authentication across different networks etc.

    --- 0wN3D by 3gG ---

  12. #12
    Junior Member Sambo's Avatar
    Join Date
    Apr 2006
    Location
    Windsor near London
    Posts
    40

    Wink

    Cheers mate,

    Blinding tipbetween your help and google and a bit of tampering i managed to vpn in and i am all connected but i dont get any graphical interface, especially as i want to maintain the server through this connection. How can i get to see the screen of my server so i can administer it

    step by step hehehe

  13. #13
    Friendly Neighborhood Super Moderator phishhead's Avatar
    Join Date
    Apr 2002
    Location
    San Diego, Ca.
    Posts
    3,622
    well once your connected to your network via vpn then you can just rdp into the server with the server name or the ip.



  14. #14
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,735
    Yep, phish got it right... All the VPN connection does is 'virtually' adds your remote computer to the internal corporate network, ie, it assigns you an internal IP address, and access to shared folders etc...

    So, once you've got the IP, then Remote Desktop/Terminal Services etc to the Domain Controller Server, and from there you can manage everything.

    --- 0wN3D by 3gG ---

  15. #15
    Friendly Neighborhood Super Moderator phishhead's Avatar
    Join Date
    Apr 2002
    Location
    San Diego, Ca.
    Posts
    3,622
    well I know I got it right



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •