Unable to connect to office network from home

[ganeshSE]

Hey guys
Our office is a small business office, with 1 T1 line. We have 4 servers running Windows 2000 small business server. each server is connected to a cisco 2950 switch , which is inturn connected to a Cisco 2600 router. We have NAT configured on the router and have defined the transaltions from the public IP address to one of the servers IP address, to acces our production server. We had a Norton firewall installed on the production server, and there is not any problems in the firewall. When trying to initiate a connection from home, we are not able to get through the office network. I get an error saying " connection timed out" or " COnnection closed by the remote host". The configurations we had were working configuration and it stopped working quite recently. I would appreciate your suggestions.

Thanks
Ganesh

 

[mattjurado]

Well, first problem is we don't know what software/protocols you are trying to use to access the server, shall we start there?

Matt J.

Please always take the time to backup any and all data before performing any actions suggested for ANY problem, regardless of how minor a change it might seem. Also test the backup to make sure it is intact.

 

[ganeshSE]

Hey Matt
Thanks for replying. Well the software that we use to connect is RealVNC and also the WIndows native VPN client( protocol support set for automatic ). We try using both to connect to the office network.

An improvement or new step in this front is, I ran ethereal and Analyzer, network packet analyzers to check for the packet traces. I tried to telnet using different ports from my server and other workstation to the routers IP address(192.168.0.x). The router replies with an (RST, ACK) or (RST, SYN) for a SYN sent by the source for all the ports except for port 23 and 80. Also, the router replies with a window size of 0. When i used nmap to check for the open ports in my Cisco 2600 router, I found that only port 23 and 80 are open and all the other ports remain closed. But the router has been configured for NAT with an access-list that permits the entire subnet of 192.68.0.0 0.0.255.255 which is our internal network.

Will this suggest any clue to hit, where the problem is??

Thanks
Ganesh

 

[mattjurado]

So internally you ran port scans? Try telneting those ports from the outside world, that's a better test. I have 2 questions:

What ports are you forwarding to your server on the router?

Are you or are you not running that norton firewall on the server you are trying to remotely connect to?

Matt J.

Please always take the time to backup any and all data before performing any actions suggested for ANY problem, regardless of how minor a change it might seem. Also test the backup to make sure it is intact.

 

[ganeshSE]

I did run ethereal from outside to the router with the ISP assigned public address. Still i get the same (RST, SYN) reply from the router for any connections initated to the external interface of the router for all ports except for port 23 and 80, where i get the proper 3 way handshake. However when i tried to do a nmap to the router from outside, it did not work.

Answering to your questions. I am forwarding ports 21,23, 80, 47,53,25,67,68, 110, 135, 500, 1723, 137,138,139,443.

We were running norton firewall on the server, but have been temporarily disbaled to isolate the problems. First I assumed that firewall is blocking the ports. But then even when firewall is disabled, the connections are still blocked and it is the router blocking the connection. However we have NAt configured on the router which translates almost all ports mentioned above to the server from the external address. We have used NAt with overloading. Access-list is defined that permits the entire subnet of the internal network address (192.168.0.0)...

thanks
ganesh

 

[ganeshSE]

Hey Matt,
I am waiting on your suggestions / inputs

Thanks
ganesh

 

[mattjurado]

Sorry, missed your last reply, try removing the firewall software completely.

Matt J.

Please always take the time to backup any and all data before performing any actions suggested for ANY problem, regardless of how minor a change it might seem. Also test the backup to make sure it is intact.

 

[ganeshSE]

hi
the firewall is already disabled and it is switched off. When i tried to telnet from outside too, i see that the router is resetting the connection by replying with RST. But everything is in propoer place with respect to the router.

Thanks
Ganesh

 

[mattjurado]

Okay, so do you have an alternate router to test with, say a cheap Linksys router or comprable device? Port forward the same ports, assign your IP to the WAN interface, and test again. If you want someone to double check your Cisco's configuration, post in forum557, good luck!

Matt J.

Please always take the time to backup any and all data before performing any actions suggested for ANY problem, regardless of how minor a change it might seem. Also test the backup to make sure it is intact.

 

[jpm121]

If the only open ports you're detecting on the router's outside interface are 23 and 80, then clearly your access lists aren't set up properly. Also, there is no mention of opening ports for VNC (unless you meant that you're doing that after the PPTP VPN connection is established).

 

[ganeshSE]

hey jpm121-
Thanks for your reply. I appreciate your kindness. Well, My access-lists permits the entire subnet of 192.168.0.0. and regarding the application i use for establishing remote connection is either VNC or the windows native VPN application. however, we have defined ports for PPTP VPN. If needed may be i can send my configuration for u to look at.

Thanks
Ganesh