Home | Site Map | Cisco How ToNet How To | Wireless |Search | Forums | Services | Donations | Careers | About Us | Contact Us|

Vista VPN issues

RRAS, VPN, TS/RDP, Routing and remote Access.

Vista VPN issues

Postby chicagotech » Thu Feb 08, 2007 2:15 pm

Symptoms:

1. You can establish the VPN.
2. You can ping the remote computer IP.
3. You cannot access network resources using IP or name.
4. Domain name resolution is not successful

Resolutions:

1. The computer is configured to use TCP/IP version 6 (TCP/IPv6) only. Enable TCP/IP version 4 (TCP/IPv4) on the Vista.
2. Enable WINS for using NetBIOS name.
3. Setup DNS suffix on the Vista client.
4. Use domain or remote server credentials to access the resources.
5. Make sure VPN server and client LAN are using different IP range.
6. Make sure no firewall or security software blocks inbound traffic.
7. Make sure VPN firewall/router doesn't block port 445.
8. Setup the VPN client as private network.
9. The Vista VPN client TCP/IP settings are different from the previous version. Check the Vista VPN client routing table.

Vista VPN issues
http://chicagotech.net/netforums/viewtopic.php?t=268

Vista How to Collections
http://chicagotech.net/netforums/viewtopic.php?t=260

Info: Step by step troubleshooting VISTA sharing
http://www.chicagotech.net/netforums/vi ... .php?t=273

Troubleshooting Vista Wireless
http://chicagotech.net/netforums/viewtopic.php?t=300

Troubleshooting Vista TCP/IP Configuration
http://chicagotech.net/netforums/viewtopic.php?t=299
Last edited by chicagotech on Sat Oct 13, 2007 6:22 pm, edited 1 time in total.
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
chicagotech
Site Admin
 
Posts: 6992
Joined: Mon Nov 27, 2006 1:24 pm
Location: Chicago USA

Postby chicagotech » Tue Jul 24, 2007 4:10 pm

Symptom: You can successfully establish the connection to the remote VPN server. However, you cannot access any resources on the remote VPN server.

Resolution: To resolve this problem, install update 930163. Windows Vista
Download the Update for Windows Vista (KB930163) package now. (http://www.microsoft.com/downloads/deta ... 31A09A3B4A)

Windows Vista, 64-bit versions
Download the Update for Windows Vista, 64-bit versions package now.
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
chicagotech
Site Admin
 
Posts: 6992
Joined: Mon Nov 27, 2006 1:24 pm
Location: Chicago USA

Postby chicagotech » Tue Jul 24, 2007 4:11 pm

This might be happening because of the encryption settings on client and server. In Vista weak encryption is not supported by default any more (40 and 56 bit for PPTP and DES for L2TP). Only 128-bit, AES and 3DES strong encryption are supported. Refer to blog http://blogs.technet.com/rrasblog/archi ... arios.aspx. In case you want to re-enable weak encryption algorithms you can do that by changing certain reg. keys. This is mentioned in the blog too.
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
chicagotech
Site Admin
 
Posts: 6992
Joined: Mon Nov 27, 2006 1:24 pm
Location: Chicago USA

Postby chicagotech » Mon Jul 30, 2007 9:46 am

Yes that works great! Thank you.

"Kurt" wrote:

> armibewo wrote:
> > Thank you for your suggestions. Unfortunately this does not seem to work in
> > this case.
> >
> > When I add the route it will only add sucessfully if I specify the
> > interface. If I do not specify the interface I get the following mesage:
> >
> > "The route addition failed: Either the interface index is wrong or the
> > gateway does not lie on the same network as the interface. Check the IP
> > Address Table for the machine."
> >
> > It will add without problems if I specify the interface. However each time I
> > make the VPN connection the interface ID is different so a batch file would
> > not work.
> >
> > "Kurt" wrote:
> >
> >> I second Robert's suggestion, and might add that you can create a batch
> >> file that will start the VPN and add the route (not persistent) so it
> >> will be a one-step process instead of a 2-step. You can connect using
> >> "rasdial", pause a few seconds for the connection to be established,
> >> then add the route.
> >>
> >> ....kurt
> >>
> >> Robert L [MVP - Networking] wrote:
> >>> I don't have solution, but what I might do is create batch to add route
> >>> whenever you establish the VPN. You may also want to use CMAK.This link
> >>> may help too,
> >>>
> >>> How to vpn automatically
> >>> <http>
> >>> Add pre-setup VPN auto-connection by *CMAK* to the Startup. 2. Create a
> >>> logon batch with rasdail command to start the VPN connection. *...*
> >>> http://www.howtonetworking.com/VPN/autorasdial1.htm
> >>>
> >>>
> >>> Bob Lin, MS-MVP, MCSE & CNE
> >>> Networking, Internet, Routing, VPN Troubleshooting on
> >>> http://www.ChicagoTech.net
> >>> How to Setup Windows, Network, VPN & Remote Access on
> >>> http://www.HowToNetworking.com
> >>>
> >>> "armibewo" <armibewo> >>> <mailto>> wrote in message
> >>> news:B07B03BC-6B33-4223-BF54-7EA5A2732986@microsoft.com...
> >>> I'm having a bit of trouble using 'route add' on Windows 2000 Server.
> >>>
> >>> I have created a remote access VPN connection in Network and Dial Up
> >>> Connections and have cleared 'Use default gateway on remote network'
> >>> as I do
> >>> not want the VPN connection to alter the default gateway.
> >>>
> >>> I connect to VPN and I'm given an IP address on the remote subnet. I
> >>> need to
> >>> access a server on a different subnet through the VPN so I create a
> >>> persitant
> >>> route using:
> >>>
> >>> route -p add xxx.xxx.xxx.xxx mask 255.255.255.255 xxx.xxx.xxx.xxx
> >>> metric 1
> >>> if xxxxx
> >>>
> >>> The route adds fine and I can ping the server I need. However after I
> >>> disconnect the VPN and then recconnect, the route no longer works.
> >>> After
> >>> reconnecting the persistant route is still there but is not being
> >>> followed.
> >>>
> >>> I found the following on technet:
> >>>
> >>> "With Windows NT 4.0 Service Pack 3 and later and with Windows 2000,
> >>> the
> >>> persistent routes are not actually added to the IP routing table
> >>> (and are not
> >>> visible with the route print command at the Windows 2000 command
> >>> prompt)
> >>> until the IP address of the gateway is reachable. The IP address of the
> >>> gateway becomes reachable when the VPN connection is made."
> >>>
> >>> (http://www.microsoft.com/technet/prodte ... x?mfr=true)
> >>>
> >>> From reading this it appears that the the route is not actually
> >>> re-added to
> >>> the routing table after the VPN connection is reastablished for some
> >>> reason.
> >>> I have tried pinging the gateway to show that it is available but
> >>> the routing
> >>> table does not update. Presumably something should be checking to
> >>> see if a
> >>> gateway is available but is not recognising that the VPN has come
> >>> back up.
> >>>
> >>> Does anyone know how to bypass this checking and force persistant
> >>> routes to
> >>> be part of the routing table?
>
> You can specify the connection name to "dial". This works (I do it
> myself). I run it in a startup script so the VPN will start back up when
> the computer is rebooted.
>
> rasdial work name password
>
> "work" is the name of my VPN connection to my office. I need it alive
> 24/7 and to come back up by itself if the computer at home is rebooted.
>
> And you can set the other end up to allow your client to specify its own
> IP address, then just use the known local address as the gateway, rather
> than specifying a remote address and local interface. Seems strange, but
> it works.
>
> ....kurt
>
>
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
chicagotech
Site Admin
 
Posts: 6992
Joined: Mon Nov 27, 2006 1:24 pm
Location: Chicago USA

Re: Vista VPN issues

Postby anindeeta » Wed Feb 17, 2010 12:11 am

What firewall rules in Norman Personal Firewall v7.10 do I need for File and Printer sharing? I have a network for internet and file and printer sharing. The file and printer sharing only works when I turn off my firewall. Internet works always. Does someone know what firewall rules I should add to make file and printer sharing work with my firewall enabled?
anindeeta
 
Posts: 1
Joined: Sat Feb 13, 2010 12:29 am

Re: Vista VPN issues

Postby chicagotech » Wed Feb 17, 2010 9:28 am

You can try "Trusted IPs". With this feature you can add single IP addresses or a range of addresses that you trust and with
which you want to share services.
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
chicagotech
Site Admin
 
Posts: 6992
Joined: Mon Nov 27, 2006 1:24 pm
Location: Chicago USA


Return to VPN, TS and Remote Access

Your Ad Here

Who is online

Users browsing this forum: No registered users and 5 guests