Can see the
remote computers but get access denied
Cause: The problem is the home LAN (VPN client) using the same IP and Subnet as the remote LAN you were trying to dial into.
1. Make sure the the Routing and Remote Access service on the VPN server is running. To do this go to the Properties of My Computer>Manager>Services.
2. Make sure remote access on the VPN server is enabled. To enable the remote access server, Open Routing and Remote Access, right-click the server name for which you want to enable remote access, and then click Properties. On the General tab, select the Remote access server check box.
3. Make sure PPTP or L2TP ports, or both are enabled for inbound remote access requests. For consultants, refer to case RL040503
Symptom: When attempting to connect to a VPN server on the outside of the PIX it returns error 721 or 800, the computer failed to respond.
Resolution: 1) In order to PPTP through a PIX, you must have a one-to-one mapping from the external IP to an internal IP for type 47 GRE packets and port 1723. For example, for pptp add this: conduit permit gre host x.x.x.x any AND conduit permit tcp host x.x.x.x eq 1723. For l2tp over ipsec: conduit permit esp host x.x.x.x any, conduit permit udp host x.x.x.x eq 1701 any AND conduit permit udp host x.x.x.x eq 500 any.
2) If the PIX is V6.3(3) or above, you can enable PPTP fixup, fixup protocol pptp 1723.
This is not supported in the Home edition.
Symptom: you setup a VPN server and assign the VPN server IP as a VPN default gateway. While VPN clients connecting to the VPN server, they can't access to the network.
Resolution: the gateway IP address should be the client's IP assigned by the VPN server, not the IP address of the VPN server's Internet interface. You can only determine the IP address of the VPN client's virtual interface when the client is connected by double-clicking the virtual private networking connection object when the VPN connection is active. In the resulting Status dialog box, click the Details tab. Or use ipconfig /all command.
Many users have reported that they were experienced some difficulties after installing VPN on w2k/xp running ICS and ICS clients may receive "Error: Page Can Not be Displayed" message. The reason is that establishing a VPN connection on the ICS Host modifies the Routing Table on the ICS Host. that will forces all clients that try to connect to the Internet to use the VPN routing table instead of the ICS routing table used to connect to the Internet service provider (ISP). You may modify the route table to fix this problem, for example, route -p add <network> mask <subnet mask> <router ip>. If you want to add a route for a single host (firewall which is on another subnet), do this route -p add <ip> mask 255.255.255.255 <host ip>, for example, route -p add 192.168.0.100 255.255.255.255 160.213.320.1.
Q: I uses Cisco VPN client at home to access my company VPN. However, I can't access my home network while connecting the VPN. Any suggestions?
A: You may enable Allow Local LAN Access. To do this, right-click the connection>transport, check Allow Local LAN Access.
1. To select the event type for RRAS, right-click RRAS>Logging.
Go to the client VPN connection properties>Options, have him select include Windows logon domain. When he connects to VPN network, he will have to enter the domain name as well as their username and password.
To Manage VPN idle time, go to Remote access policies and create a policy.
To setup VPN for MS VPN clients on Cisco PIX, you need to add the
To setup VPN for Cisco VPN clients on Cisco PIX, you add the following
Q: I just setup VPN on my windows server for my clients to VPN into my network. The one issue I'm noticing is that all their DNS requests flow through the VPN. How can I set it up so that only the subnets that I control are routed through the VPN?
A: Uncheck "Use Gateway on remote network" on the VPN client.
Symptoms: After a remote client establishes a connection on a RRAS which is installed on a domain controller with DNS, one or more of the following symptoms may occur:
1) Internal clients may no longer be able to
browse the Web through Internet Security and Acceleration (ISA) Server,
regardless of whether or not Web Proxy or the Firewall Client is being used
for Web browsing.
The server is not responding when client requests an update.
-The server is not an ISA Server.
-The server is down.
9) Windows 2000 LAN clients cannot map a network drive to the server. The client may receive the following error message: No Logon Servers Available to Service your Logon Request.
Resolutions: This issue can occur if the client computer receives a response from DNS that includes the wrong Internet Protocol (IP) address. This address is only returned in a query after a remote client has connected by using Dial-Up Networking. This IP address is registered with DNS if network basic input/output system (NetBIOS) is bound to the RRAS server's dial-in interfaces or if DNS is configured to listen on all interfaces. To resolve this problem, obtain the latest service pack for Windows 2000.
Causes: The Dependencies such as NetBIOSGroup and RPC may not start.
Symptom: you are trying to connect two or more computers to a Windows VPN behind a router. Each machine connects individually. However, when you try to use two more VPN clients to the VPN simultaneously. Only the first client connects successfully. Other clients may receive Error 721 - Remote PPP peer or computer is not responding.
Cause: Some router takes only one connection.
VPN connection appears with a red X
Resolution: Uninstall/reinstall the TCP/IP protocol
1. If it is XP and you use ICS/ICF, disable ICS/ICF or install latest SP.
SYMPTOMS: After you install SP1 for XP, your computer may drop VPN connections after about 55 seconds. This behavior may occur if ICS/ICF is enabled.
RESOLUTION: 1) disable ICS. 2) disable ICF. 3) contact Microsoft Product Support Services to obtain the fix.
VPN Win98 can
access the resources but not W2K/XP
A: Win2k and XP both use DNS to find other machines whereas Win98 uses NetBIOS or Wins. So, you will need to set up the DNS on VPN Server or clients.
This web is provided "AS IS" with no warranties.
Copyright © 2002-2017 ChicagoTech.net, All rights reserved. Unauthorized reproduction forbidden.