Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Routing, Remote Access and VPNs

Status
Not open for further replies.
sharyn

sharyn

IS-IT--Management
Mar 6, 2001
161
US
Good morning fellow techies,

I am having VPN issues that I never had before I upgraded my nt 4.0 PDC to a win2k DC.

Here is my setup for my remote users:

They dial into AOL or whatever ISP they use. They connect to my firewall, via a PPTP VPN connection. The firewall gives them an IP address from our external (public) block of IP's, such as 207.190.36.x. With that IP address, they are (were) able to access all our internal network resources. Our internal subnet is 192.168.x.x. There were never any issues before, they could hit our mail server, browse via network neighborhood, ping by dns name etc.

Now, for some reason, they can no longer browse using dns names. DNS is just not working through the vpn connections. They can still hit network neighborhood and browse by machine name, and they can ping every machine on the network with the exception of the DC which is also running AD dns. When I run an ipconfig on a laptop connected via vpn, I get the proper IP of the DNS server.

I cant tell if this is 2 separate issues or not. Is there something that has to be set on the win2k DC that allows pinging from outside the local subnet? I don't have this disabled on my firewall.

Is there some sort of routing entry I have to set up to allow DNS to work? I am at a loss!


Sharyn
 
Sort by date Sort by votes
Hi Sharyn, what about giving private IPs (192.168.x.x) to your clients, by DHCP or static in AD. I don't think you want to add a route in between your public and private network!

 
Upvote 0 Downvote
Here is an interesting twist. This only seems to be an issue on the win98 laptops. I can authenticate, browse, hit the mail server, ping by ip and dns name, everything , on the win2k boxes.

The ips are given out by the firewall. When I was first setting this up, there was a reason I was having the firewall hand out public IPs instead of private ones, but I cant remember what it was anymore.

Why would everything in my current setup be working fine with a win2k box and not a win98? It just doesnt make any sense.

Ideally, I'd like to know why it works with win2k and not win98 before I go doing major amounts of reconfigurations.

Good suggestion though, I may have to go that route (no pun intended) once I am convinced that is my only option.

Thanks!
Sharyn
 
Upvote 0 Downvote
Is the 98 machine a true member of the domain? I've found that sometimes the machine looks like it's setup to authenticate to the domain, but on the second tab in networking, workgroup is still set and not the domain name. Glen A. Johnson
Microsoft Certified Professional
gjohn76351@msn.com
"To be ignorant of what occurred before you were born is to remain always a child."
Cicero (106-43 B.C.); Roman orator, philosopher.
 
Upvote 0 Downvote
Yes, none of the settings changed on the laptops. I am wondering if there is some sort of patch that win98 VPN needs to authenticate correctly with a win2k server?
 
Upvote 0 Downvote
Can you change nics on the 98 machine and try? I've had authentication issues with bad nics. Not bad enough not to see the network, but just bad enough not to be able to authenticate. Glen A. Johnson
Microsoft Certified Professional
gjohn76351@msn.com
"To be ignorant of what occurred before you were born is to remain always a child."
Cicero (106-43 B.C.); Roman orator, philosopher.
 
Upvote 0 Downvote
Do you have a WINS server configured in your setup? If so, is it sent to your client computers by DHCP.
I already experienced problems with Win98 clients authenticated to a W2K DC + router connected by VPN over the internet (DSL link).
Just curious!
 
Upvote 0 Downvote
Yes, we have WINs set up. When I run an winipcfg on the laptop in question, it shows the WINS and DNS servers. WINS is working when connected via VPN as I can browse by machine name, just not fdqn. Weird huh.

As far as the network cards, this is 4 different laptops that are having this problem. I am sure it's not the network card since it is happening on all those different boxes.
 
Upvote 0 Downvote
Yes, DNS is running on the VPN server.
 
Upvote 0 Downvote
So if I understand, you can connect to your VPN but cannot ping the server in question once connected??? You can't ping the private or public IP? I think we're coming back to a route problem.
 
Upvote 0 Downvote
I can ping everything BUT the DNS/VPN server. I can ping /browse by IP address, as in, if I put the IP address of our intranet site in the address box of the webbrowser, I can pull up the site, no problems. However, if I try to browse using the address it can't find the site. Same with mail, can't hit the mail server using mail.todhunter.com but no problems hitting it when I put in the IP address.

I can pull up network neighborhood and browse by \\machinename to any machine on the network.

The ONLY thing that isn't working is DNS, and pinging the DNS/VPN server by IP address. All the rest of the machines are on the exact same subnet and I can ping those fine.

I am wondering if there is some setting on the server that is blocking pings by default? This may or may not be part of the DNS issue, or it may be something separate. Not sure?

I was on the MS website wondering if there was a patch for these win98 boxes that might fix this but I can't find anything. What I find incredibly strange is, that, with the exact same setup, except using a Win2k pro laptop, I can ping, browse, DNS works, everything works. It's ONLY on the win98 boxes, which leads me to believe there is some sort of patch or something.

Sharyn
 
Upvote 0 Downvote
I don't think there is any default ping blocking on servers, you should be able to ping. Is the gateway on the client computer is set to that DNS/VPN server? You can ping the public address cause you can connect by VPN, once you're connected, check the ipconfig /all to check that you receive all the gateway, DNS, Wins from the DHCP.
 
Upvote 0 Downvote
The gateway is the IP address of the client itself. It defaults to it automatically because I leave the "use default gateway on remote network" box checked.

This default setting has worked for as long as we have been using vpn, up until now, and it works on the win2k boxes. I know, this doesn't make any sense.

If I am going to set a gateway, I am not exactly sure which one to set. The firewall? The router? The DNS server itself?

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
544
MaioMaio
MaioMaio
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
380
hairlessupportmonkey
hairlessupportmonkey
StevenFromSouth
  • Locked
  • Question
VPN Connects but cannot access remote network computers or folders
Replies
1
Views
346
StevenFromSouth
StevenFromSouth
iCDT
  • Locked
  • Question
Remote Desktop Web Access ( No application available)
Replies
2
Views
340
hairlessupportmonkey
hairlessupportmonkey
bechna
  • Locked
  • Question
Windows Server and VPN Setup
Replies
1
Views
335
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top