2003 VPN and the internal interface

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have a windows 2003 server that has been providing VPN services
successfully for months. However, this morning it has stopped working.

I can't find any errors in the event log or error logs. The only thing that
seems odd is that the internal interface seems to have lost it's IP address -
past experience says it won't work if that is the case. It was taking the
address from an internal address pool on the server. In the past I had had it
using DHCP. Now neither of them seem to be working.

Is there any way I can force it to have an IP address? Is there any way I
can find out why it has lost its IP address? Does loss of IP address mean
anything other than it can't find a pool of addreses to take one from (eg
loss of internet connection or something?) Is there any documentation
anywhere on the internal interface?

Any help you can give is very gratefully accepted - I'm desperate!

Cheers

Eric
 
we need more information to help. assuming you have just one NIC in the server and you use static ip, when a vpn client establishes the vpn, the server will assign another ip to the VPN server. which one lost? For more and other information, go to http://howtonetworking.com.

Don't send e-mail or reply to me except you need consulting services. Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.
I recommend Brinkster for web hosting!

I have a windows 2003 server that has been providing VPN services
successfully for months. However, this morning it has stopped working.

I can't find any errors in the event log or error logs. The only thing that
seems odd is that the internal interface seems to have lost it's IP address -
past experience says it won't work if that is the case. It was taking the
address from an internal address pool on the server. In the past I had had it
using DHCP. Now neither of them seem to be working.

Is there any way I can force it to have an IP address? Is there any way I
can find out why it has lost its IP address? Does loss of IP address mean
anything other than it can't find a pool of addreses to take one from (eg
loss of internet connection or something?) Is there any documentation
anywhere on the internal interface?

Any help you can give is very gratefully accepted - I'm desperate!

Cheers

Eric
 
Thanks for the reply. It was the IP address of the internal interface that
was lost - the one that is assigned to the server when a client connects. It
took several hours, but eventually it came back by itself.

The server does have a singe NIC, and it is in the DMZ of our firewall. The
firewall does a single NAT of the VPN server address, and we changed the
external address. I think a route was cached somewhere and it took some time
to expire.

I seem to still have a problem with IPSEC/L2TP though. When I try to
connect, it fails. I have looked in the Oakley log, and I think it starts to
go wrong here:-

4-15: 17:35:10:428:4d0 Finding Responder Policy for SRC=81.26.97.54.1701
DST=195.188.XXX.YYY.1701, SRCMask=255.255.255.255, DSTMask=255.255.255.255,
Prot=17 InTunnelEndpt f64a8c0 OutTunnelEndpt 36611a51
4-15: 17:35:10:428:4d0 Failed to get TunnelPolicy 13015
4-15: 17:35:10:428:4d0 Responder failed to match filter(Phase II) 13015
4-15: 17:35:10:428:4d0 Data Protection Mode (Quick Mode)
4-15: 17:35:10:428:4d0 Source IP Address 195.188.XXX.YYY Source IP Address
Mask 255.255.255.255 Destination IP Address 81.26.97.54 Destination IP
Address Mask 255.255.255.255 Protocol 17 Source Port 1701 Destination Port
1701 IKE Local Addr 192.168.100.15 IKE Peer Addr 81.26.97.54 IKE Source
Port 500 IKE Destination Port 500 Peer Private Addr
4-15: 17:35:10:428:4d0 Preshared key ID. Peer IP Address: 81.26.97.54
4-15: 17:35:10:428:4d0 Me
4-15: 17:35:10:428:4d0 No policy configured
(External addresses anonymised)

I can connect to the server using PPTP. I can connect the same client using
IPSEC/L2TP to a dual NIC VPN server that is not in the firewall DMZ & has a
NIC straight on the internet with no NAT.

I know it is like a needle in a hay stack, but I wondered if anyone had any
ideas as to where I might start looking?

Cheers

Eric
 
Back
Top