VPN connects, but inbound internal network not accessible 2

[icedyce2426]

OK,I am completely baffled on this one.
Equipment:
Dlink DI 614+ router & DWL 650 wireless card.
Windows XP/ Compaq Evo N610c

I am able to connect to my company's network and get email from an MS exchange server via my outlook client. However I am unable to send email and or access any internal sites within my organization. I am able to access external sites via the corporate web proxy, however as again nothing internal.
Going through the lan line attached to the router and VPNing into the corporation works just fine. So the problem resides in the laptops configuration, I would presume.

The issue here is that this worked on my old laptop just fine. Though I do not have this laptop anymore so going back is not an option.

Any hints?

Thx!

 

[John Lewis]

Strikes me as a routing issue off the bat.

Try 'tracert xxx.xxx.xxx.xxx', replacing the xxx's with IPs of servers on the network you are trying to reach. Also try with the Exchange server -- interesting that you are able to make a connection there. Report back.

Also, 'Going through the lan line attached to the router and VPNing into the corporation works just fine. So the problem resides in the laptops configuration, I would presume.' . . . Not a safe assumption, if I understand what you mean. If you are physically connected to the network and establish a VPN connection to a server on the same network, ability to reach other hosts on that network doesn't mean the traffic is being routed through the VPN. Likely that the traffic is going directly across the LAN and skipping the VPN altogether.

In the way of details, what kind of internet connection do you have on each end, what are you using for a VPN server, and what kind of access are you trying to achive on the server side network -- are you accessing a web server, file sharing, terminal services, etc.?

 

[icedyce2426]

I did the traceroute and I was able to connect to those servers. Though still unable to actually send an email, it will just sit in the outbox. As for internal web sites, no go either.

I can also ping both servers. I am wondering if it might be a proxy issue? I would not think this given that the exchange server is not using proxy.

I am connecting through cable modem from home and then using the Nortel Client version 4_15.14. Once I VPN in, I am mainly accessing web servers and an exchange server.
Could it be that the IPSec NAT Traversal is inactive? Are there any registry settings that might be set that is causing this to happen?

THx

 

[John Lewis]

When you did the tracert, did you see your VPN IPs in the trace -- you should have a hit on the VPN server's VPN ip.

IPSec is not the problem here, that would cause the client to not be able to connect.

Beyond that, not sure. Not real familiar with the Nortel client.

 

[bcastner]

Change your local LAN IPs from whatever it is now, to a different subnet. Usually you need only change the LAN IP of the router for it to change its DHCP scope.

I think you are using the same subnet addressing scheme as your office LAN.

 

[icedyce2426]

After some tweaking I figured out what the problem was or well at least how to fix it. I lowered the MTU (Maximum transfer rate) from the standard 1500 down to 1392 and it worked. However this is not the best solution, but from what I hear it seems to be the only one thus far.

Thx!

 

[TedGMan]

Icedyce2426,

I am having a very similar issue with:
Dlink DI 614+ router & DWL 650 wireless card
Windows 2000 / IBM T23

I am able to make a connection to my company network using Nortel Contivity VPN V04_65.18. Everything seems to work just fine. I can access all company intranet sites, and shared drives. In Outlook 2000, however, I can receive mail and send new mail, but I can not reply or forward mail. When I try, I get a message that "Network problems are preventing me from communicating with my Exchange server".

Can you tell me how you determined that 1392 was the correct setting for you and also can you tell me exactly how you made the change? After reading your post, I tried changing MTU to 1392 using DRTCP021.exe, but it still did not work.

 

[TedGMan]

I forgot to mention that I am able to reply and forward e-mail just fine if I use a wired connection from my laptop directly to a port on the DI-614+ router.

 

[rgrlahti]

I think I have the solution...

Dlink uses a proprietary format for its 4X mode to double the speed of its Airplus cards.

Just disable 4X mode in the router AND the NIC. That should solve the problem.

I think that the compression DLink uses screws with the MTU somehow.

In fact, you may be able to disable 4x in the NIC alone - although I can't be sure that will work.

Good Luck.

 

[sandycam]

I have a laptop that has wireless DWL 650+, and 2 desktop computers - one with a wireless card DWL 520+ and my base computer has a D-Link DI-614+ router. I use a DSL (Sympatico). I can connect to the internet with all three computers with no problem. However, I use my laptop to connect to work using VPN Nortel Contivity. I can connect via VPN if I bypass the router and connect directly to the DSL but as soon as I put the router into the mix I cannot connect via VPN. I get a message "Login Failed. See VPN switch log for information" or sometimes message is "Remote host not responding". I can ping the address of the computer shown in the VPN client but still cannot view anything on my company network. I tried all the configuration suggestions for several days to no avail.

My company support staff finally determined there is no guarantee that you will be able to connect through this router using certificate authentication as other users with this same model are having varied results depending on which ISP they use. They suggested that I try to get it to work using a token and follow the configuration of the router based on the Dlink documentation. I tried this and it worked. Finally I am able to use my wireless connection with VPN.

Just when I was about to go out and buy a new router this worked. If you are able to use a token authentication rather than certificate this may resolve your issue

 

[bigguync]

Similar problem here. I have DSL and Linksys BEFSR41. I run XP Prof and Nortel VPN software. When connecting to work via VPN all works fine (Email, Intranet, Internet, etc.), EXCEPT 3 or 4 Intranet sites return the famous "The page cannot be displayed" message. I, my work, Linksys, Bellsouth cannot figure this out. I'm thinking a PORT problem maybe?

 

[JohnJohn]

The Nortel Contivity box/client is/are preventing you from seeing local resources once you launch the client.

Your company is not allowing split tunneling. This is a good thing. Allowing so is not as secure.

John

 

[fitu]

To SandyCam
I have just posted my problem which seems to be exactly the same(sorry guys!) as the one you have solved..using token instead of certificate and configuring Dlink 614. Can you please explain more?

I am using an ActivCard that I believe generates a token(first requirement met then?)...so what needs to configured specifically in the DLink614+ to make it work?

your help would be appreciated.
what's difficult to understand in my case it that it works fine with a previous release of Contivity !!

 

[TheTall]

I was having the same problem sending mail from Outlook Express and Outlook 2003, and have been looking for a fix for weeks.
Changing the Mode4X to "Off" on my NIC fixed the problem!! Finally.
Thanks.