Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Lose Internet Access When I Enable VPN

Status
Not open for further replies.

bankrboy30

IS-IT--Management
Jun 20, 2007
3
US
I should start by saying the I am an extreme novice and while I have installed and secured many home networks, this was my first server based commercial install.

Basically this was for my Uncle's office, their original server crashed and they didn't care for their old IT guy so I got the call.

We got all new DELL's including the server and we only have about 5 Users and about 6 printers (one of them a wide format printer as they are a commercial contracting corp and deal with a lot of blueprints) and a fax is on the network as well.

All went well with the initial installation - on day one I was able to get everyone on the network with their e-mail and internet access working -- got all the printers up and running as well as the fax, installed all third party apps etc etc. They were pretty impressed as the original team of professionals has taken nearly a week to get this far and were never able to get the wideline printer on the network or get the fax working off the network either. I was pretty impressed with myself as well being that I had never attempted anything like this before, however I'm smart enough to know that most of this is attributable to hardware / software improvements which made me look good.

My problem now is that there are two power users who would like VPN access. I ran the Routing and RAS setup and configured the client computers to achieve this and tested them from remote locations. Everything went well and I had access to e-mail, applications, shared drives etc. However on the flip side this took down internet access for everyone else in the office.

I was able to reverse everything so that the office is back up and running, however I still need to go ahead and deal with their VPN requests.

Firstly I am not sure how to determine what is providing DHCP (there is the server, two NICS - one to the Modem a CISCO piece(they use a service here on Long Island called XO - I believe it is a fractionalised T1) and the other to a NETGEAR switch. There is also a Linksys wireless piece for the CEO's laptop all of which could be running DHCP...I know how to turn it off in the LINKSYS piece as I use the same one at home however I have no idea how to access the netgear or cisco pieces.

I have been going through my log files on the server and there is one recurring DNS issue where it detects a packet sent to itself over and over again all day everyday...so that is a problem even before I delve into the VPN taking down the internet issue. Also I get download speeds from the internet of only about 15kbps. I know our connection is rather small (I believe we only pay for a 128kbps pipeline) however I still have the feeling something is wrong in that arena, ie. I am probably only using a fraction of the bandwith allocated to me because everything is running through only one segment of the modem/router...do I have to turn off DHCP and assign all of my client computers one of the static IP's from the ISP or can the server divy up the bandwith??

I know this is alot of info...and clearly I am at a loss in terms of next steps...since nearly everything was initially achieved during the server setup via wizards I really do not have a firm grip on what is happening.

If someone could help walk me through some basic stuff I am confident I'll figure it out (I can be a very determined little sucker) but I'm not sure where to begin at this stage. There has got to be some command line stuff I can do to get a grip on where I'm at with my actual setup so that I can take it to the next level. Any help is greatly appreciated. Links are always helpful.

Many thanks in advance.

--J
 
Start by finding out where your clients are getting their DHCP addresses. I assume that there are at least a couple systems that use DHCP. Do an "ipconfig /all" from the command-line and it will show you, among other things, what the IP address of your DHCP server is. Then you'll know who's been giving them out.

The NetGear switch won't be giving out DHCP, so don't worry about that. And the Cisco device is in a different subnet from all your clients (they all have to pass through your server to get to it, right?), so it is out of the running too. If you've gotten the LinkSys out of the way, then only your server should be passing out addresses.

One possibility for the outage is that you have an insufficiently large DHCP scope on the server, and when you enable VPN, it automatically takes 8-10 addresses out of DHCP and reserves them for VPN clients. That could have kept some of your clients from getting addresses and using the internet.

The other, less likely, idea I had is that if someone is connected via VPN, it is going to use a lot of UPSTREAM bandwidth, and it may have used so much that user requests for internet resources weren't able to be made.

128kbps is a really small pipe, btw.

ShackDaddy
Shackelford Consulting
 
I am thinking that 128kbps is not the right #. I am going to stop in there tomorrow and make a few phone calls to get some answers from the XO provider as to what the reality # actually is. Their internet access is painfully slow...I had to download Java to access one of the third party software provider sites for another download...the 80mb file was slated to take like 3hrs...I actually ended up running home, downloaded it in 30sec. burned it to CD and ran back to the office.

It was at the same time that I tested the VPN via laptop from my home.

I do know that there are plenty of IP's to go around so I am thinking you are right that the SBS server is handling DHCP.

I remember a screen which listed a ton of VPN ports only one was active...do you think simply allocating 128 is what ties up the gateway to the internet because I can limit this to just the two I need when I set it up.

Alternatively...the IP I used for my VPN setup was likely the static IP of the router rather than the IP of either of the network cards on the server. For example...I used a 66.236.175.65 # instead of one of the 192.168.???.???#'s which would be the NIC's on the SBS server or should I possibly be using the 66.236.175.66 # which is the default gateway instead of the actual router IP?? Subtle distinctions but I know they must matter.

Finally I am wondering is there is an issue with multiple firewalls...we have Macaffee running on all machines throughout, including the server. It would seem that I am blocked out of disabling the Windows based firewall...not sure if this is a function of Macafee or if I am locked out for some other reason and I think its possible the CISCO or netgear pieces have their own firewall functionality but maybe not. XO, the ISP seems to offer a tool (not sure if its hardware or software since there was no info on their site) but its for VPN administration so who knows.

Also I just wanted to say thanks for responding at all as it looked for a while as though I was going to be shunned for my lack of technical expertise.
 
You want the VPN to terminate on the IP of the public NIC on the server. I assume that NIC has a real public IP address, right? It could be that specifying the router IP instead managed to break something. I don't think the firewalls should be an issue, given the scenario and symptoms you've described.

ShackDaddy
Shackelford Consulting
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top