Re: VPN Problem, need your help.....
From: PES (pestewart@adelphia.net)
Date: 12/04/02
- Next message: MyndPhlyp: "Re: p2p blocking"
- Previous message: Shane Matthews: "Re: p2p blocking"
- In reply to: qazmlp: "VPN Problem, need your help....."
- Next in thread: Curt Edsall: "Re: VPN Problem, need your help....."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "PES" <pestewart@adelphia.net> Date: Tue, 3 Dec 2002 20:52:31 -0500
The following statement jumped out at me:
"2.Two NIC's installed - one with internal IP address (155.200.100.101) and
another with external IP address (Our ISP provides us with static IP which
is mapped to NIC2 and NIC1 is the internal LAN card (I'm using 155.200.100.X
IP scheme for our internal LAN)."
My question to this is why? Are you actually connecting one card to the NAT
"outside" side, and the other to the NAT "inside" side? If so, I would not
recommend it. I would have an entry like "ip nat inside source static
address address" in the router that is doing nat. Make sure you are not
doing and an a translation like "ip nat inside tcp|udp".
Multihoming and MS PPTP sometimes does not get along very well. For example
if you specify the default gateway on the wrong card it can loose
connectivity to the gateway during pptp negotiation and then your connection
would fail. My advice is this, get this server to a single NIC scenario
unless you have a specific need for multi homing. If you do need to multi
home, get it to one nic until you get it connecting from the outside, then
enable the second nic and put out any fires that may cause.
"qazmlp" <qazmlp1209@rediffmail.com> wrote in message
news:db9bbf31.0212030731.280e5b9c@posting.google.com...
> I have a problem in solving VPN configuration in my office: I have
> described below the entire scenario:
>
> 1.Basically I have a Standalone Win2k server (upgraded from WinNT
> Server to in2k server) in a NT4 domain which I am setting up as the
> VPN server.
> 2.Two NIC's installed - one with internal IP address (155.200.100.101)
> and another with external IP address (Our ISP provides us with static
> IP which is mapped to NIC2 and NIC1 is the internal LAN card (I'm
> using 155.200.100.X IP scheme for our internal LAN).
> 3.I have Cisco2620 router with IOS 12.0 with NAT system for accessing
> Internet for all the systems on the network.
> 4.I don't have any kind of firewall installed
> 5.I have TCP 1723 enabled along with IP Protocol 47 on the router (but
> I'm not sure whether that is really opened or not).
> 6.When I connect a laptop to the ISP and try to establish VPN tunnel
> with the VPN Server it stops at "Verifying username and password" and
> gives Error No 721 "Remote peer is not responding".
> 7.Test user has diallin access both in the domain account in the NT
> arena and on a local account on the win2k server.
> 8.I'm able to ping the VPN Server's public IP from the Remote Laptop
> 9.If I try to establish VPN within the LAN it is working fine (VPN
> Server and client functionality's happening properly).
>
> I'm out of ideas totally and it seems every board on the net can only
> suggest enabling IP Protocol 47 as a solution, but it is enabled.
>
> I am thinking its possibly a routing problem, probably I need to add
> some kind of entry on the router to enable to allow IP pockets inside
> and outside.
>
> Currently I have following entry added to the router
>
> ip route <my public IP> 255.255.255.255 FastEthernet0/0
>
> access-list 102 permit gre any any
>
> access-list 102 permit tcp any host <my public IP> eq 1723
- Next message: MyndPhlyp: "Re: p2p blocking"
- Previous message: Shane Matthews: "Re: p2p blocking"
- In reply to: qazmlp: "VPN Problem, need your help....."
- Next in thread: Curt Edsall: "Re: VPN Problem, need your help....."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
