G
Guest
I am having a problem with VPN. Or...was. Now I'm having a browsing issue.
I'm running Windows 2000 Server and ISA Server 2000. I've never done this
before, so I'm going slowly. I CAN connect to the Server from INSIDE our
network, however if you try to connect to the server (via the website
address) I cannot.
The server has TWO network cards. NIC1 is set for 192.168.0.2 the second is
automatic.
For the firewall, I have several ports open and forwarded to 192.168.02
Steps:
1. Routing And Remote Acess
2. Right Click Server >> Configure and Enable >> Next >> VPN Server >> Next
3. It asks me the internet connect that this server uses. I select
192.169.0.2 >> Next >> Automatically >> Next >> No >> Next >> Finish
4. Routing andRmote access initialization box comes up and after a few
minutes later, everything looks ok
5. I try to connect to the server via "Remote Desktop Connection" and I must
use 192.168.0.18 which is the ip given the second NIC
6. I go to the firewall, forward port 80 to ip 192.168.0.18 and do the same
in IIS - This fixes the website problem.
7. Back in the firewall, I swap everything over to ip 192.168.0.18 EXCEPT
port 1723 which I PRESUME is the port that VPN needs.
8. When I try to connect to the server, with vpn, I can get to the server
through 192.168.0.2 OR 192.168.0.18 - Doesn't Matter - Both Work
9. When trying to go through our website, it doesn't work.
So...Here are the questions.
Do I need something BESDIES port forwarding?
I've read a couple microsoft articles about ISA and IP Packet filtering, but
I don't understand what they're trying to tell me. They mentioned something
about using an Internet Connection Wizard to have the folder show up, but I'm
not comprehending this.
I've also read that this is a tunneling protocol and doesn't use ports at
all - it just uses the standard TCP/IP port. Is this true? If so, is it port
80?
Ive also read about Remote Access Policies, but when I go into Routing and
Remote Access >> Remote Access Policies - There isn't anything in there. I
added in the condition that:
Windows-Groups / Domain Users would be granted. This helped my autentication
issue the first time around.
I still think this is some sort of a firewall issue or a packet filtering
issue, but I'm not sure where to start. Any suggestions, whether it be
microsoft support articles or just open advice, would be appreciated. Please
please please remember I'm still new to this so over explain things!
Lastly, when i use nmap from my linux box to scan the server (from the
website address, so it's external ip) it says i have the following ports
open: 21, 22, 25, 80, 110, 143, 1723, and 3389
+++++
Over my lunch I ran home and checked...just to see what would happen on the
outside of our network. It connected fine. I can see the domain by I cannot
browse it and see the computers within the domain, or the server.
So, I browsed google groups looking for some answers. I read about NetBeui
and browsing networks. I also tried searching for our server in the Search
option (My computer is XP Pro), couldn't find it. When I went into the
advanced settings on the vpn connection at home, there was a checkbox that
said, Enable NetBeui, which was checked. Do I need to have NetBuei as an
option on the two NICs in the server?
When the VPN connected, it said authenticated. Just for kicks and grins, I
tried another username/pass on the server that wasn't supposed to have
permission to VPN/dial in...it wouldn't authenticate. I really think I'm
authenticating alright.
http://server does not work
\\server\ does not work
When I go into Microsoft Outlook and attempt to setup an exchange email
setup, the server and username area... it does not see the server name
either.
I also read a bit about WINS, which didn't make much sense to me. There were
a few things I DID try while at home:
1. changing my workgroup name to the domain name
2. chasing my username/pass i login with to match the domain
3. dialup to internet >> connect to vpn >> then trying to join my entire
computer to the domain. It said that it couldn't find the host
I don't really have to browse the network...being able to map a drive or
create a shortcut would even work.
Just for kicks and grins, I checked the protocols under LAN and LAN2 (ip 2
and 18 respectively)
\
Nearly everything is going to 18 and 18 has netbeui.
2 does not...so I added that on there.
I'll see what happens tonight..maybe that will fix it.
Anyway, recommendations welcome!
Angela
I'm running Windows 2000 Server and ISA Server 2000. I've never done this
before, so I'm going slowly. I CAN connect to the Server from INSIDE our
network, however if you try to connect to the server (via the website
address) I cannot.
The server has TWO network cards. NIC1 is set for 192.168.0.2 the second is
automatic.
For the firewall, I have several ports open and forwarded to 192.168.02
Steps:
1. Routing And Remote Acess
2. Right Click Server >> Configure and Enable >> Next >> VPN Server >> Next
3. It asks me the internet connect that this server uses. I select
192.169.0.2 >> Next >> Automatically >> Next >> No >> Next >> Finish
4. Routing andRmote access initialization box comes up and after a few
minutes later, everything looks ok
5. I try to connect to the server via "Remote Desktop Connection" and I must
use 192.168.0.18 which is the ip given the second NIC
6. I go to the firewall, forward port 80 to ip 192.168.0.18 and do the same
in IIS - This fixes the website problem.
7. Back in the firewall, I swap everything over to ip 192.168.0.18 EXCEPT
port 1723 which I PRESUME is the port that VPN needs.
8. When I try to connect to the server, with vpn, I can get to the server
through 192.168.0.2 OR 192.168.0.18 - Doesn't Matter - Both Work
9. When trying to go through our website, it doesn't work.
So...Here are the questions.
Do I need something BESDIES port forwarding?
I've read a couple microsoft articles about ISA and IP Packet filtering, but
I don't understand what they're trying to tell me. They mentioned something
about using an Internet Connection Wizard to have the folder show up, but I'm
not comprehending this.
I've also read that this is a tunneling protocol and doesn't use ports at
all - it just uses the standard TCP/IP port. Is this true? If so, is it port
80?
Ive also read about Remote Access Policies, but when I go into Routing and
Remote Access >> Remote Access Policies - There isn't anything in there. I
added in the condition that:
Windows-Groups / Domain Users would be granted. This helped my autentication
issue the first time around.
I still think this is some sort of a firewall issue or a packet filtering
issue, but I'm not sure where to start. Any suggestions, whether it be
microsoft support articles or just open advice, would be appreciated. Please
please please remember I'm still new to this so over explain things!
Lastly, when i use nmap from my linux box to scan the server (from the
website address, so it's external ip) it says i have the following ports
open: 21, 22, 25, 80, 110, 143, 1723, and 3389
+++++
Over my lunch I ran home and checked...just to see what would happen on the
outside of our network. It connected fine. I can see the domain by I cannot
browse it and see the computers within the domain, or the server.
So, I browsed google groups looking for some answers. I read about NetBeui
and browsing networks. I also tried searching for our server in the Search
option (My computer is XP Pro), couldn't find it. When I went into the
advanced settings on the vpn connection at home, there was a checkbox that
said, Enable NetBeui, which was checked. Do I need to have NetBuei as an
option on the two NICs in the server?
When the VPN connected, it said authenticated. Just for kicks and grins, I
tried another username/pass on the server that wasn't supposed to have
permission to VPN/dial in...it wouldn't authenticate. I really think I'm
authenticating alright.
http://server does not work
\\server\ does not work
When I go into Microsoft Outlook and attempt to setup an exchange email
setup, the server and username area... it does not see the server name
either.
I also read a bit about WINS, which didn't make much sense to me. There were
a few things I DID try while at home:
1. changing my workgroup name to the domain name
2. chasing my username/pass i login with to match the domain
3. dialup to internet >> connect to vpn >> then trying to join my entire
computer to the domain. It said that it couldn't find the host
I don't really have to browse the network...being able to map a drive or
create a shortcut would even work.
Just for kicks and grins, I checked the protocols under LAN and LAN2 (ip 2
and 18 respectively)
\
Nearly everything is going to 18 and 18 has netbeui.
2 does not...so I added that on there.
I'll see what happens tonight..maybe that will fix it.
Anyway, recommendations welcome!
Angela
