Win2K Server VPN

[italnstaln61]

Hello:

I am trying to setup VPN with a Win2K Server box in my small business network. My network configuration is quite simple and consists of a Cisco 678 DSL router/firewall and some servers. The server I am trying to setup as the VPN host is a Windows 2000 Server SP3 running MS ISA Server.

I installed Routing and Remote Access (RRA) and enabled VPN in the ISA Management Console. I have created a VPN security policy and added a DHCP relay agent in RRA as well. I believe I have configured the server correctly, but I can not get any Remote Access Clients to register in the RRA. I am trying to connect with a WinXP laptop over an Earthlink dial-up connection. I used the connection wizard on XP to make the connection.

I get the feeling that it is a routing or DNS problem. My server has a public NIC(static IP) and private NIC(DHCP). Please advise.

Thanks.
Andrew

 

[What90]

Is the client actually making the connection to the server? Does the remote machine actually log in to the ISA server
or is the Cisco Firewall blocking the PPTP connection.

If it is PPTP and it's allowed through the Cisco, then in ISA, try - right clicking on packet filters -properties and select the PPTP tab. Tick the box to allow PPTP to pass through the ISA.

See if that helps.

 

[John Lewis]

In addition . . .

If you aren't connecting, you should get an error on the client side when the connection fails. Report the number and the message.

If the client just simply doesn't connect and the user has to click 'cancel', you aren't waiting long enough (probably). Can take several minutes under certain conditions. One common cause would be problems with the RRAS getting DHCP IPs for the connection. Try setting a static block of addresses in the connection configuration -- don't forget to exclude those from the DHCP server.

 

[italnstaln61]

Thanks for the replies.

The 'PPTP through ISA' box is already checked. The router is quite simple, and there are currently no IP filters applied (to be changed later). So unless it is something automatic, the router shouldn't block any traffic at all.

The client connects to the server, and resolves the hostname to the correct IP address for the server. It does not register any error, even after several minutes. After the client says that it connects, there is no change on the server and the number of remote connections remains at 0.

The server is setup for DHCP, so the client should get a DHCP address. In the client connection details the server IP is XXX.XXX.XXX.108, and the client IP is always XXX.XXX.XXX.109. It is always the server IP + 1. This seems strange to me, especially because this IP is already taken on my network!

It seems to me that the VPN traffic is still not reaching the server. Are there logs I can check? Any ideas?

Thanks a bunch.

 

[John Lewis]

. . . because this IP is already taken on my network!


That can't fly. Either you have assigned a range of addresses to the VPN connection and not excluded them from DHCP, or RRAS is not correctly pulling addresses from DHCP. Either is possible. As I stated earlier, getting RRAS to play well with DHCP in this situation takes more than a little candy. Best to ditch DHCP, assign a static group of IPs -- and don't forget to exclude them from DHCP.

 

[italnstaln61]

Thanks. I had originally setup some designated IPs, but switched to DHCP after some reconfiguration. DHCP was an issue, but the original IPs I selected happened to be in my DHCP range. I used some that were out of range and it connected just fine. Thanks for the help.

Cheers,
Andrew