VPN-1 Secure Remote Client - Problems connecting to Server Shares.

[zoeythecat]

Hi All,

I have an end user who uses the VPN Secure Remote Client (NG-AI R56) to connect to our Radius VPN. She is able to login after authenticating. She can ping and gets replys back from all the servers (I.E - Exchange Server, File Servers)but when she attempts to connect to our exchange server or when she attempts to connect to a file share she is not able to connect. I have checked the LMHOSTS file and all server entries are correct. I connect using the same softeware and my LMHOSTS file has the same entries. Basically when I do the "update site" it pulls the info from the DNS Server on the firewall and downloads it to the LMHOSTS file. I'm at a lost why she cannot connect. Anybody run into this type of problem?

Appreciate any thoughts.

Thanks in advance.

 

[Donachie]

have seen sr not work for certain applications before. Found out it was due to the user changing their hardware and sr had not been re-bound to the adapter - have you tried getting htem to re-bind?

 

[zoeythecat]

I updated to a newer version of the VPN software. She was able to connect fine for a day but then the problem returned again. I think it has something to do with her network at home. She has a netgear wireless hub and a router. I think maybe something here is interfering with her connection through our firewall. Even though she authenticates to the VPN, and she can get out onto the Internet something is preventing her from browsing servers on our network. I plan on taking her laptop home with me tomorrow to see if I can get out on my network (I'm having no problems with my VPN). If I can connect to exchange/outlook and connect to some of our server shares then this would tell me there is a problem within her home network.

Thanks for the response. I will post the results Wednesday.

 

[zoeythecat]

The problem did turn out to be something with her network (possible the way the router was configured in her home was not allowing traffic to pass through our firewall). I had no problems connecting from my home network. She is getting a new wireless/router, the same I have at home so i'm sure this should resolve her problem.

 

[shaggerTM]

If you have a clash of address space between the encryption domain behind the firewall, and the local addresses assigned by the home router then you'll have problems.

You could move to SecureClient with Office Mode which will get rid of the issue, or if you need to stick with SecuRemote I recommend the following to my clients:

Allocate one or more class C networks from RFC 1918 that isn't already in use by your firewalled networks. Divide these allocated addresses down into /28 chunks (16 addresses) which should be plenty for the average home user network. For each SR user, allocate a unique /28 chunk to configure the internal side of their router with. I often recommend to clients that they standardise on a router model too, so that they can easily support the users in making these config changes.

This should result in the SecuRemote problems disappearing completely (for all users).



========================================
Find out about what I do for a living at

http://www.ascltd.co.uk

========================================