Sign in with
Sign up | Sign in
Your question

VPN issue with XP SP2

Last response: in Windows XP
Share
Anonymous
January 19, 2005 7:16:36 PM

Archived from groups: microsoft.public.windowsxp.work_remotely,microsoft.public.win2000.ras_routing (More info?)

I have two internal networks, one with a 10.0.0.0 etc Subnet and one withe a
172.16.0.0 subnet. THere is a firewall between the two subnets the just
allows access on http and https to a few web sites (our 10.0.0.0 subnet is
open to students and the public and thus needs to be segmented from the rest
of our systems). Now, for faculty who want to access more then the few
websites from a publicly available port (on the 10.0.0.0 network), we have
set up a multi-homed Win2000 server (all the SP's and patches) with RRAS as
a VPN server (the NIC on 10.0.0.0 is filtered for PPTP and IPSec etc).
Problem is, when the machine used is a XP SP2 machine it sometimes works
fine and sometimes takes for ever to log in (the VPN connection always works
immediately) and when you do get in nothing really works (no mappings from
scripts no access to anything on the 172.6.0.0 network). Of course if I log
into the workstation under a local (or cahced) account and THEN connect to
the VPN RAS, I can connect to anything (manually map drives, browse to
internal websites). So it makes me think it is a timing issue or a
concurrent use of resources problem etc. Anyone have any ideas on how to
make the login play nicer?

More about : vpn issue sp2

Anonymous
January 19, 2005 8:23:02 PM

Archived from groups: microsoft.public.windowsxp.work_remotely,microsoft.public.win2000.ras_routing (More info?)

one extra thing to look at is that the reason it sometimes doesn't work is
that it "forgets" to add a route for the 172.16.0.0 network to go to the
172.16.0.0 interface (VPN connection)
ex:
172.16.0.0 255.255.0.0 172.16.2.31 172.16.2.31 (if .31 was the interface).

If it does add this route, it works perfectly but that is at best 1 in 4
times

"Steve Carr" <scarr@bastyr.edu.NOSPAM> wrote in message
news:%23SvKPVo$EHA.3424@TK2MSFTNGP11.phx.gbl...
> I have two internal networks, one with a 10.0.0.0 etc Subnet and one withe
a
> 172.16.0.0 subnet. THere is a firewall between the two subnets the just
> allows access on http and https to a few web sites (our 10.0.0.0 subnet
is
> open to students and the public and thus needs to be segmented from the
rest
> of our systems). Now, for faculty who want to access more then the few
> websites from a publicly available port (on the 10.0.0.0 network), we have
> set up a multi-homed Win2000 server (all the SP's and patches) with RRAS
as
> a VPN server (the NIC on 10.0.0.0 is filtered for PPTP and IPSec etc).
> Problem is, when the machine used is a XP SP2 machine it sometimes works
> fine and sometimes takes for ever to log in (the VPN connection always
works
> immediately) and when you do get in nothing really works (no mappings from
> scripts no access to anything on the 172.6.0.0 network). Of course if I
log
> into the workstation under a local (or cahced) account and THEN connect to
> the VPN RAS, I can connect to anything (manually map drives, browse to
> internal websites). So it makes me think it is a timing issue or a
> concurrent use of resources problem etc. Anyone have any ideas on how to
> make the login play nicer?
>
>
Anonymous
January 20, 2005 2:22:10 AM

Archived from groups: microsoft.public.windowsxp.work_remotely,microsoft.public.win2000.ras_routing (More info?)

it sounds like DNS issue. where is your DNS?

--
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
Networking Solutions, http://www.chicagotech.net/networksolutions.htm
VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm
VPN Process and Error Analysis, http://www.chicagotech.net/VPN%20process.htm
VPN Troubleshooting, http://www.chicagotech.net/vpn.htm
This posting is provided "AS IS" with no warranties.
"Steve Carr" <scarr@bastyr.edu.NOSPAM> wrote in message
news:%23SvKPVo$EHA.3424@TK2MSFTNGP11.phx.gbl...
>I have two internal networks, one with a 10.0.0.0 etc Subnet and one withe
>a
> 172.16.0.0 subnet. THere is a firewall between the two subnets the just
> allows access on http and https to a few web sites (our 10.0.0.0 subnet
> is
> open to students and the public and thus needs to be segmented from the
> rest
> of our systems). Now, for faculty who want to access more then the few
> websites from a publicly available port (on the 10.0.0.0 network), we have
> set up a multi-homed Win2000 server (all the SP's and patches) with RRAS
> as
> a VPN server (the NIC on 10.0.0.0 is filtered for PPTP and IPSec etc).
> Problem is, when the machine used is a XP SP2 machine it sometimes works
> fine and sometimes takes for ever to log in (the VPN connection always
> works
> immediately) and when you do get in nothing really works (no mappings from
> scripts no access to anything on the 172.6.0.0 network). Of course if I
> log
> into the workstation under a local (or cahced) account and THEN connect to
> the VPN RAS, I can connect to anything (manually map drives, browse to
> internal websites). So it makes me think it is a timing issue or a
> concurrent use of resources problem etc. Anyone have any ideas on how to
> make the login play nicer?
>
>
Anonymous
January 20, 2005 5:12:18 PM

Archived from groups: microsoft.public.windowsxp.work_remotely,microsoft.public.win2000.ras_routing (More info?)

thanks for the reply. There is a DNS server (or two) on both sides of the
firewall. DNS seems to work fine but the routes get screwy. I did figure out
a little more (enough to have a workaround but not a solution). It seems
that if the IP given for the VPN connection is in the same class C as the IP
for the RRAS then all is well (even though the subnet is not a class C but a
class B). Weird. Any other thoughts?

"Robert L [MS-MVP]" <noreply@hotmail.com> wrote in message
news:o JGRSAr$EHA.3708@TK2MSFTNGP14.phx.gbl...
> it sounds like DNS issue. where is your DNS?
>
> --
> For more and other information, go to http://www.ChicagoTech.net
>
> Don't send e-mail or reply to me except you need consulting services.
> Posting on MS newsgroup will benefit all readers and you may get more
help.
>
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
> http://www.ChicagoTech.net
> Networking Solutions, http://www.chicagotech.net/networksolutions.htm
> VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm
> VPN Process and Error Analysis,
http://www.chicagotech.net/VPN%20process.htm
> VPN Troubleshooting, http://www.chicagotech.net/vpn.htm
> This posting is provided "AS IS" with no warranties.
> "Steve Carr" <scarr@bastyr.edu.NOSPAM> wrote in message
> news:%23SvKPVo$EHA.3424@TK2MSFTNGP11.phx.gbl...
> >I have two internal networks, one with a 10.0.0.0 etc Subnet and one
withe
> >a
> > 172.16.0.0 subnet. THere is a firewall between the two subnets the just
> > allows access on http and https to a few web sites (our 10.0.0.0 subnet
> > is
> > open to students and the public and thus needs to be segmented from the
> > rest
> > of our systems). Now, for faculty who want to access more then the few
> > websites from a publicly available port (on the 10.0.0.0 network), we
have
> > set up a multi-homed Win2000 server (all the SP's and patches) with RRAS
> > as
> > a VPN server (the NIC on 10.0.0.0 is filtered for PPTP and IPSec etc).
> > Problem is, when the machine used is a XP SP2 machine it sometimes works
> > fine and sometimes takes for ever to log in (the VPN connection always
> > works
> > immediately) and when you do get in nothing really works (no mappings
from
> > scripts no access to anything on the 172.6.0.0 network). Of course if I
> > log
> > into the workstation under a local (or cahced) account and THEN connect
to
> > the VPN RAS, I can connect to anything (manually map drives, browse to
> > internal websites). So it makes me think it is a timing issue or a
> > concurrent use of resources problem etc. Anyone have any ideas on how to
> > make the login play nicer?
> >
> >
>
>
!