Sign in with
Sign up | Sign in
Your question

VPN Problem

Last response: in Windows XP
Share
October 3, 2004 12:17:24 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Hi,
I am trying to set up a VPN to connect to an office computer from a home
computer. The configuration is as follows:

Home Network: Consists of a desktop and a laptop, both running XP Home,
cable broadband access and a wireless router. The laptop has a wireless
connection. The workgroup name is "Workgroup". The router's firewall is
disabled.

Office Network: Consists of 4 desktops - 2 running ME, 1 XP home and 1 XP
Professional, DSL broadband access and all computers connected via wired
ethernet. The DSL modem cum access point is connected to a ethernet switch
as are all the computers. The workgroup name is again "Workgroup". The
firewall of the DSL modem cum access point is set to allow PPTP connections
to the computer with XP Professional.

I set up a "Incoming Connection" on the office computer with XP Professional
(say Computer B-the computer name is "Roger") and an outgoing VPN connection
from the home laptop (say Computer A-the computer name is "Sam") to Computer
B using the Internet IP address (not the IP address of computer B assigned
via DHCP) of the Office modem cum access point.

Case 1: With NIS 2004 disabled on computer B, the connection is successful,
but I cannot access resources on the office network from computer A. I
cannot even access the shareddocs folder on computer B. Only my home network
computers show up in windows explorer on computer A. Note that the second
computer (the desktop) in my home network also has the name "Roger". In
TCP/IP properties of the incoming connection item on computer B, the "Allow
callers to access my LAN" is checked and "Assign TCP/IP addresses
automatically using DHCP" is selected.

Case 2: With NIS 2004 enabled on computer B, the connection fails and I get
error #800.

I will appreciate any help resolving the above problems. Note that Remote
Desktop connections and TCP/IP connection via PC Anywhere work fine even
with NIS 2004 enabled everywhere.

Thanks.
Roger

More about : vpn problem

Anonymous
October 3, 2004 12:17:25 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Roger wrote:
> Hi,
> I am trying to set up a VPN to connect to an office computer from a
> home computer. The configuration is as follows:
>
> Home Network: Consists of a desktop and a laptop, both running XP
> Home, cable broadband access and a wireless router. The laptop has a
> wireless connection. The workgroup name is "Workgroup". The router's
> firewall is disabled.

Why? I'd leave it enabled....you can initiate a VPN connection behind a
router with no inbound ports open at all. Of course, since you're using
wireless, you also need to secure that - even 128-bit WEP is better than
nothing. But I digress...
>
> Office Network: Consists of 4 desktops - 2 running ME, 1 XP home and
> 1 XP Professional, DSL broadband access and all computers connected
> via wired ethernet. The DSL modem cum access point is connected to a
> ethernet switch as are all the computers. The workgroup name is again
> "Workgroup". The firewall of the DSL modem cum access point is set to
> allow PPTP connections to the computer with XP Professional.

Meaning:
TCP port 1723
Protocol 47 ( GRE )
?

>
> I set up a "Incoming Connection" on the office computer with XP
> Professional (say Computer B-the computer name is "Roger") and an
> outgoing VPN connection from the home laptop (say Computer A-the
> computer name is "Sam") to Computer B using the Internet IP address
> (not the IP address of computer B assigned via DHCP) of the Office
> modem cum access point.
>
> Case 1: With NIS 2004 disabled on computer B, the connection is
> successful, but I cannot access resources on the office network from
> computer A. I cannot even access the shareddocs folder on computer B.
> Only my home network computers show up in windows explorer on
> computer A. Note that the second computer (the desktop) in my home
> network also has the name "Roger". In TCP/IP properties of the
> incoming connection item on computer B, the "Allow callers to access
> my LAN" is checked and "Assign TCP/IP addresses automatically using
> DHCP" is selected.
>
> Case 2: With NIS 2004 enabled on computer B, the connection fails and
> I get error #800.
>
> I will appreciate any help resolving the above problems. Note that
> Remote Desktop connections and TCP/IP connection via PC Anywhere work
> fine even with NIS 2004 enabled everywhere.
>
> Thanks.
> Roger

What did you open up in NIS for inbound ports?

What IP networks are you on at home and at work? For VPN to work, you need
to have two different networks - can't connect if you are using, for example
say, 192.168.0.0 in both places.

Presuming that isn't the issue, can you ping the LAN IP of the computer you
want to connect to, once you're connected as in case#1 above?
If so, but you can't ping by name, you'll need an LMHOSTS file to do name
resolution. See
http://support.microsoft.com/default.aspx?scid=kb;en-us;150800

Again, I'm not an expert on PPTP as I usually use IPSec with a proprietary
client through a firewall.
October 4, 2004 2:26:28 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message
news:u8J8d0MqEHA.3800@TK2MSFTNGP14.phx.gbl...
> > Home Network: Consists of a desktop and a laptop, both running XP
> > Home, cable broadband access and a wireless router. The laptop has a
> > wireless connection. The workgroup name is "Workgroup". The router's
> > firewall is disabled.
>
> Why? I'd leave it enabled....you can initiate a VPN connection behind a
> router with no inbound ports open at all. Of course, since you're using
> wireless, you also need to secure that - even 128-bit WEP is better than
> nothing. But I digress...

I use a Belkin router at home and its firewall interferes with email and
even sometimes disconnects from the internet if I enable it. Therefore, I
disabled it and installed and enabled NIS 2004 on both the home desktop and
laptop. As for wireless, yes, WEP 128-bit is configured and enabled.

> >
> > Office Network: Consists of 4 desktops - 2 running ME, 1 XP home and
> > 1 XP Professional, DSL broadband access and all computers connected
> > via wired ethernet. The DSL modem cum access point is connected to a
> > ethernet switch as are all the computers. The workgroup name is again
> > "Workgroup". The firewall of the DSL modem cum access point is set to
> > allow PPTP connections to the computer with XP Professional.
>
> Meaning:
> TCP port 1723
> Protocol 47 ( GRE )
> ?
I honestly don't know which port. The office router's interface provides a
selection (from a listing of items to allow) for "PPTP Server" and
associates the selection to a specified computer on the LAN. That is how I
set it.
> >
>
> What did you open up in NIS for inbound ports?

In NIS 2004 on computer B, I set up a rule to open port 1723-this port was
in the preset list of ports. I could not find any entry for Protocol 47 and
not knowing what to do about it, I left it alone. The rule did not work, so
I disabled NIS completely just to see if the connection worked without the
firewall. It did.

>
> What IP networks are you on at home and at work? For VPN to work, you need
> to have two different networks - can't connect if you are using, for
example
> say, 192.168.0.0 in both places.

Home network: IP addresses behind the router are 192.168.x.x. Cable ISP is
Adelphia
Office network: IP addresses behind the router are 172.16.1.38. DSL ISP is
SBC.
The outgoing connection is set to connect to the Internet IP address of the
office network which in my case comes from SBC.

>
> Presuming that isn't the issue, can you ping the LAN IP of the computer
you
> want to connect to, once you're connected as in case#1 above?

Yes, I can.

> If so, but you can't ping by name, you'll need an LMHOSTS file to do name
> resolution. See
> http://support.microsoft.com/default.aspx?scid=kb;en-us;150800

I can also ping the connected computer by name. Note however that I can only
ping the other computers on the office LAN by IP address and not by name.

Thank you and best regards,
Roger
>
> Again, I'm not an expert on PPTP as I usually use IPSec with a proprietary
> client through a firewall.
>
>
Anonymous
October 4, 2004 8:25:38 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Roger wrote:
> "Lanwench [MVP - Exchange]"
> <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in
> message news:u8J8d0MqEHA.3800@TK2MSFTNGP14.phx.gbl...
>>> Home Network: Consists of a desktop and a laptop, both running XP
>>> Home, cable broadband access and a wireless router. The laptop has a
>>> wireless connection. The workgroup name is "Workgroup". The router's
>>> firewall is disabled.
>>
>> Why? I'd leave it enabled....you can initiate a VPN connection
>> behind a router with no inbound ports open at all. Of course, since
>> you're using wireless, you also need to secure that - even 128-bit
>> WEP is better than nothing. But I digress...
>
> I use a Belkin router at home and its firewall interferes with email
> and even sometimes disconnects from the internet if I enable it.

Have you tried updating the firmware on the router?

> Therefore, I disabled it and installed and enabled NIS 2004 on both
> the home desktop and laptop.

> As for wireless, yes, WEP 128-bit is
> configured and enabled.
>
>>>
>>> Office Network: Consists of 4 desktops - 2 running ME, 1 XP home and
>>> 1 XP Professional, DSL broadband access and all computers connected
>>> via wired ethernet. The DSL modem cum access point is connected to a
>>> ethernet switch as are all the computers. The workgroup name is
>>> again "Workgroup". The firewall of the DSL modem cum access point
>>> is set to allow PPTP connections to the computer with XP
>>> Professional.
>>
>> Meaning:
>> TCP port 1723
>> Protocol 47 ( GRE )
>> ?
> I honestly don't know which port. The office router's interface
> provides a selection (from a listing of items to allow) for "PPTP
> Server" and associates the selection to a specified computer on the
> LAN. That is how I set it.
>>>
>>
>> What did you open up in NIS for inbound ports?
>
> In NIS 2004 on computer B, I set up a rule to open port 1723-this
> port was in the preset list of ports. I could not find any entry for
> Protocol 47 and not knowing what to do about it, I left it alone. The
> rule did not work, so I disabled NIS completely just to see if the
> connection worked without the firewall. It did.

So there's something going on in there - I don't know NIS (am not a huge fan
of local software firewalls unless absolutely necessary) but you'll need to
look up PPTP in NIS help, I suspect.
>
>>
>> What IP networks are you on at home and at work? For VPN to work,
>> you need to have two different networks - can't connect if you are
>> using, for example say, 192.168.0.0 in both places.
>
> Home network: IP addresses behind the router are 192.168.x.x. Cable
> ISP is Adelphia
> Office network: IP addresses behind the router are 172.16.1.38. DSL
> ISP is SBC.
> The outgoing connection is set to connect to the Internet IP address
> of the office network which in my case comes from SBC.

OK....
>
>>
>> Presuming that isn't the issue, can you ping the LAN IP of the
>> computer you want to connect to, once you're connected as in case#1
>> above?
>
> Yes, I can.
>
>> If so, but you can't ping by name, you'll need an LMHOSTS file to do
>> name resolution. See
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;150800
>
> I can also ping the connected computer by name. Note however that I
> can only ping the other computers on the office LAN by IP address and
> not by name.

This is a name resolution isssue & if you don't have WINS, you'll need an
LMHOSTS file.
>
> Thank you and best regards,
> Roger
>>
>> Again, I'm not an expert on PPTP as I usually use IPSec with a
>> proprietary client through a firewall.
!