Home | Site Map | Cisco How To Net How To | Wireless | Search | Forums | Services | Setup Guide | Chicagotech MVP | About Us | Contact Us|
Clearapps network inventory
software.
VPN Issues

How to setup VPN
VPN Authentication Issues
 A connection to the remote computer could not be established
 Access denied synchronize offline files via VPN connection
BSOD (DPC_WATCHDOG_VIOLATION) when connecting to a VPN
 Can ping VPN server but receive System error 53 using net use
 Can see the remote computers but get access denied
 Can ping the RRAS server but other resources because of Office Scan client
Can't access the Internet after establish Juniper VPN
Can't Access VPN at home
Can't access MS VPN because of Cisco VPN client
Can't access the remote network at home only
 Can't access internet when using VPN
 Can't access Linux server over VPN
Can't access outside VPN
 Can't access VPN
 Can’t access the shared folder of the VPN client
 Can't access VPN resources because of two NICs using same IP
Can't connect to a VPN server on the outside of the PIX
 Can't browse over VPN
Can't establish VPN via wireless
Can't establish VPN with Error 800
Can't join domain in site to site VPN
Can't join domain over VPN because of using DHCP
Cannot map network drive to vpn connection
Can't map network drives over VPN
 Can't ping one of VPN clients
 Can't ping external NIC while RRAS is active
Can't remote desktop because router blocks port 3389
Can't see any Network Drives.......
 Cannot access remote computers via VPN because of NIS
 Cannot access resources after establishing the VPN because of the same IP
 Cannot access whole network
 Cannot establish the VPN through Netgear RO318
Cannot establish VPN with error 721 and 800
 Client VPN IP address must be used as a default gateway
 Can XP Home have multi VPN connections open simultaneously, like NT and W2K Pro?
Connecting to vpn disables internet connection on network
Connectivity issue after enabling Windows VPN
 Do not install VPN on a system with ICS running
 Don't receive assign static Ip after VPN drops/reconnect
 Enable Allow Local LAN Access on Cisco VPN client
 Error 682, 721 and 800 - Case Study
 Error 1060: RASM service does not exist
 Error registering your computer
 Establishing the VPN only first try
File sharing between domains over site to site VPN
 Firewall restricts accessing outside
How to enable RRAS and NAT logs
 How  to get VPN client to authenticate on the server with the same credentials that they used to connect to the VPN
 How to manage VPN idle time
 How to setup VPN for MS VPN clients on Cisco PIX
 How to setup split-tunnel on Cisco PIX
 How to stop other requests flow through the VPN
 I cannot browse local computers through WHS
Internal clients can't access the Internet/network after a remote client connects to RRAS
 Issue of save VPN password and IPSec pre-share key
It shows Dial-up connection type rather than a VPN type
Laptop can't VPN while Desktop can - VPN error 721
 Local printing via VPN
Logging into AD from remote location?
How to logon locally and remotely
 Missing WAN Miniport L2TP and PPTP
Network Filter Drivers Issues in Windows 7
 One VPN user disconnects LAN connection
Only able to ping 1 way but no firewall turned on
Problems with WHS Connector
Problems with mapping network drives over a VPN connection
Prompt username when accessing shares over VPN
RDC over VPN disconnects in a several minutes
RDC over VPN problem
 Routing & Remote access service was unable was to start
 RRAS allow port 25 only
Server 2008 newbie VPN setup question/troubleshooting
Solution for Peer to Peer VPN using the same IP range.
 Some routers may take just one VPN connection
 The connection to <connection_name> made by user <user_name> using device <com_port> was disconnected. 
 The option to create a VPN connection unavailable (grayed out)
 The remote access server does not accept a PPTP connection
Verizon Air Card: VPN Error Code 720
Fixed: Vista WAN Miniport (SSTP) missing
Vista can't access the WHS
VPN Access not working
VPN and Group Policy
VPN between ASA 5510 and NetVanta 2054 - Case Study
VPN Client can't access remote computer sharing
VPN client can access shared folder with System error 5
 VPN client disconnection issues
 VPN client can ping all remote computers except one
 VPN client cannot ping SBS 2003 server
VPN client can't access one of new server
VPN client access denied when accessing shared folder
VPN connection failed
VPN connection failed 10047
VPN client cant map network drive with Not-NAP capable error
VPN client connection issue after installing 2003 SP1
VPN client lost connectivity
 VPN connection appears with a red X
 VPN connection is disconnected after several minutes
VPN connection drops after 3 minutes
Vista VPN disappear
VPN disconnects when transferring files
VPN disconnect in one hour and error 800
VPN error 800 on only one computer
VPN Error 721 Collections
VPN Error 709 - can't change the password
VPN Error 800 Collections
VPN always defaults to WAN Miniport (L2TP) instead of PPTP
VPN Logon Problems
VPN network resources issues
VPN user can't map a network drive
VPN speed issue
VPN works on one computer but other one
 VPN XP Client Disconnects After One Minute
W2K clients connect but can´t ping VPN server
 WSASocket() failed: 10013 when testing GRE
WAN Miniport accidentally deleted; unable to reinstall
Windows 2003 cannot access remote network using Cisco VPN
 Windows 2003 VPN can't browse because routing
Wireless can't access the Internet after establishing VPN
 Wireless VPN loses connection

VPN Win98 can access the resources but not W2K/XP
 

Can see the remote computers but get access denied

Cause: This is permission issue. You are using local computer credentials to access the remote domain/workgroup network. For consultants, refer to 082004RL.

Can't access the remote network at home only

Symptoms:  you setup VPN on a laptop connecting to the office VPN Server.  At home, you can connect and authenticate just fine but can't ping any address on the remote network. If using the same laptop in a different location, the VPN works.

Cause: The problem is the home LAN (VPN client) using the same IP and Subnet as the remote LAN you were trying to dial into.  

Can't access VPN

1. Make sure the the Routing and Remote Access service on the VPN server is running. To do this go to the Properties of My Computer>Manager>Services.
2. Make sure remote access on the VPN server is enabled. To enable the remote access server, Open Routing and Remote Access, right-click the server name for which you want to enable remote access, and then click Properties. On the General tab, select the Remote access server check box.
3. Make sure PPTP or L2TP ports, or both are enabled for inbound remote access requests. For consultants, refer to case RL040503

Can't connect to a VPN server on the outside of the PIX

Symptom: When attempting to connect to a VPN server on the outside of the PIX it returns error 721 or 800, the computer failed to respond.

Resolution: 1) In order to PPTP through a PIX, you must have a one-to-one mapping from the external IP to an internal IP for type 47 GRE packets and port 1723. For example, for pptp add this: conduit permit gre host x.x.x.x any AND conduit permit tcp host x.x.x.x eq 1723. For l2tp over ipsec: conduit permit esp host x.x.x.x any, conduit permit udp host x.x.x.x eq 1701 any AND conduit permit udp host x.x.x.x eq 500 any.

2) If the PIX is V6.3(3) or above, you can enable PPTP fixup, fixup protocol pptp 1723.

Case Study - Firewall restricts accessing outside

Can XP Home have multi VPN connections open simultaneously, like NT and W2K Pro?

This is not supported in the Home edition.

Client VPN IP address must be used as a default gateway

Symptom: you setup a VPN server and assign the VPN server IP as a VPN default gateway. While VPN clients connecting to the VPN server, they can't access to the network.

Resolution: the gateway IP address should be the client's IP assigned by the VPN server, not the IP address of the VPN server's Internet interface. You can only determine the IP address of the VPN client's virtual interface when the client is connected by double-clicking the virtual private networking connection object when the VPN connection is active. In the resulting Status dialog box, click the Details tab. Or use ipconfig /all command.

Still need help, contact consultant          Your feedback and contributions to this web site

Do not install VPN on W2K with ICS running

Many users have reported that they were experienced some difficulties after installing VPN on w2k/xp running ICS and ICS clients may receive "Error: Page Can Not be Displayed" message. The reason is that establishing a VPN connection on the ICS Host modifies the Routing Table on the ICS Host. that will forces all clients that try to connect to the Internet to use the VPN routing table instead of the ICS routing table used to connect to the Internet service provider (ISP). You may modify the route table to fix this problem, for example, route -p add <network> mask <subnet mask> <router ip>. If you want to add a route for a single host (firewall which is on another subnet), do this route -p add <ip> mask 255.255.255.255 <host ip>, for example, route -p add 192.168.0.100 255.255.255.255 160.213.320.1.

Enable Allow Local LAN Access on Cisco VPN client

Q: I uses Cisco VPN client at home to access my company VPN. However, I can't access my home network while connecting the VPN. Any suggestions?

A: You may enable Allow Local LAN Access. To do this, right-click the connection>transport, check Allow Local LAN Access.

How to enable RRAS and NAT logs

1. To select the event type for RRAS, right-click RRAS>Logging.
2. To select NAT log, right-click NAT.
3. The log files are located %windir%\tracing or %windir%\system32\Logfiles

How  to get VPN client to authenticate on the server with the same credentials that they used to connect to the VPN

Go to the client VPN connection properties>Options, have him select include Windows logon domain.  When he connects to VPN network, he will have to enter the domain name as well as their username and password.

How to manage VPN idle time.

To Manage VPN idle time, go to Remote access policies and create a policy.

How to setup VPN for MS VPN clients on Cisco PIX

To setup VPN for MS VPN clients on Cisco PIX, you need to add the following lines.
access-list 101 permit ip 10.1.0.0 255.255.0.0 192.168.1.0 255.255.255.0
ip local pool bigpool 192.168.1.1-192.168.1.254
nat (inside) 0 access-list 101
vpdn group 1 accept dialin pptp
vpdn group 1 ppp authentication pap
vpdn group 1 ppp authentication chap
vpdn group 1 ppp authentication mschap
vpdn group 1 ppp encryption mppe 128
vpdn group 1 client configuration address local bigpool
vpdn group 1 client configuration dns yourdns
vpdn group 1 client configuration wins yourwins
vpdn group 1 pptp echo 60
vpdn group 1 client authentication local
vpdn username username password *********
vpdn enable outside

 

How to setup split-tunnel on Cisco PIX

To setup VPN for Cisco VPN clients on Cisco PIX, you add the following lines:
access-list split permit ip 10.1.0.0 255.255.0.0 192.168.1.0 255.255.255.0
ip local pool bigpool 192.168.1.1-192.168.1.254
vpngroup vpn3000 address-pool bigpool
vpngroup vpn3000 dns-server yourdns
vpngroup vpn3000 wins-server yourwins
vpngroup vpn3000 default-domain cisco.com
vpngroup vpn3000 split-tunnel split
vpngroup vpn3000 idle-time 1800
vpngroup vpn3000 password ********

How to stop other requests flow through the VPN

Q: I just setup VPN on my windows server for my clients to VPN into my network.  The one issue I'm noticing is that all  their DNS requests flow through the VPN.  How can I set  it up so that only the subnets that I control are routed  through the VPN? 

A: Uncheck "Use Gateway on remote network" on the VPN client.

Internal clients can't access the Internet after a remote client connects to RRAS

Symptoms: After a remote client establishes a connection on a RRAS which is installed on a domain controller with DNS, one or more of the following symptoms may occur:

1) Internal clients may no longer be able to browse the Web through Internet Security and Acceleration (ISA) Server, regardless of whether or not Web Proxy or the Firewall Client is being used for Web browsing.
2) A "The page cannot be displayed" error message is generated when you use a Web browser.
3) A "cannot find server or DNS" error occurs.
4) From an internal client, if you use PING to ping the name of the server, PING returns any other address other than the IP address that is bound to the server's internal adapter.
5) You cannot browse through the list of computers in Network Neighborhood or My Network Places.
6) You cannot connect to the following Web page: http://server_name/myconsole
7) You may receive the following event message: Event ID: 4319, Source: Netbt, Description: A duplicate name has been detected on the tcp network. The IP address of the machine that sent the message is in the data. Use NBTSTAT with a switch of N in a command window to see which name is in a conflict state.
8) When a client clicks Update Now from the Firewall Client applet in Control Panel, the client may receive the following error message:

The server is not responding when client requests an update.
Possible causes:
-The server is not an ISA Server.
-The server is down.

9) Windows 2000 LAN clients cannot map a network drive to the server. The client may receive the following error message: No Logon Servers Available to Service your Logon Request.

Resolutions: This issue can occur if the client computer receives a response from DNS that includes the wrong Internet Protocol (IP) address. This address is only returned in a query after a remote client has connected by using Dial-Up Networking. This IP address is registered with DNS if network basic input/output system (NetBIOS) is bound to the RRAS server's dial-in interfaces or if DNS is configured to listen on all interfaces. To resolve this problem, obtain the latest service pack for Windows 2000.

Routing & Remote access service was unable was to start

Causes: The Dependencies such as NetBIOSGroup and RPC may not start.

Some routers may take just one VPN connection

Symptom: you are trying to connect two or more computers to a Windows VPN behind a router.  Each machine connects individually. However, when you try to use two more VPN clients to the VPN simultaneously. Only the first client connects successfully. Other clients may receive Error 721 - Remote PPP peer or computer is not responding.  

Cause: Some router takes only one connection.

VPN connection appears with a red X
Missing WAN Miniport L2TP and PPTP

Symptoms: 1. The VPN connection appears with a red X.
2. You receive the following error message: You do not have sufficient privileges for accessing the connection properties. Contact your administrator.
3. Missing WAN Miniport L2TP and PPTP under Device Manager

Cause: that happens After applying Q318138.

Resolution: Uninstall/reinstall the TCP/IP protocol

VPN client  disconnection issues

1. If it is XP and you use ICS/ICF, disable ICS/ICF or install latest SP.
2. It could be idle time issue. Go to Remote Access Policies to make change.

VPN XP Client Disconnects After One Minute

SYMPTOMS: After you install SP1 for XP, your computer may drop VPN connections after about 55 seconds. This behavior may occur if ICS/ICF is enabled.

RESOLUTION:  1) disable ICS. 2) disable ICF. 3) contact Microsoft Product Support Services to obtain the fix.

VPN Win98 can access the resources but not W2K/XP

We're trying to use a Win2k and w98 laptops to our office over a VPN to our office.  from this location the Win2K client will connect correctly and authorize correctly, but you cannot browse the remote network.  You cannot ping a remote network address, nothing.  At the same location a Win98 client will connect correctly and browse the network no problem.  What's the difference in the networking of the two that would cause this to happened?

A: Win2k and XP both use DNS to find other machines  whereas Win98 uses NetBIOS or Wins. So, you will need to set up the DNS on VPN Server or clients.

  This web is provided "AS IS" with no warranties.
Copyright © 2002-2013 ChicagoTech.net, All rights reserved. Unauthorized reproduction forbidden.