+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
Windows Thread, VPN and IP Confusion in Technical; ...
  1. #1

    Join Date
    Mar 2007
    Location
    Chorley
    Posts
    76
    Thank Post
    20
    Thanked 5 Times in 5 Posts
    Rep Power
    16

    VPN and IP Confusion

    Hi everyone.

    Recently I made a post about my attempts to set-up our schoolís network to be available over the CLEO VPN system. After the initial problems I was able to get the RADIUS functionality to work and so I can now authenticate with my username and password whilst using a home connection.

    However, I have run into another bit of confusion and I was hoping someone would be able to help. I have never used a VPN before so Iím not sure what to expect, but when I connect I get an IP address within the 10.x.x.x range like the one issued to our internet connection from CLEO. The problem is that all of our servers work on the 172.16.x.x range.

    If I am understanding things correctly, when I set up Routing and Remote Access I set my networks DHCP Relay Agent to that of my DHCP server. Is this supposed to act as a bridge to forward requests between the address I receive and that of my network? If so, I am unable to access resources by name of IP. I have found an article on here about the use of Proxy ARP. Is this something I need to configure, and if so where is it?

    Thanks guys for your continued help with this. Iím under some pressure from the senior staff to get this thing up and running whilst still trying to learn and understand what Iím doing on the fly.

    Cheers.

  2. #2
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,491
    Thank Post
    10
    Thanked 502 Times in 442 Posts
    Rep Power
    114
    Which interface is the request being directed to?

  3. #3

    Join Date
    Mar 2007
    Location
    Chorley
    Posts
    76
    Thank Post
    20
    Thanked 5 Times in 5 Posts
    Rep Power
    16
    Quote Originally Posted by DMcCoy View Post
    Which interface is the request being directed to?
    The DHCP Relay Agent is set to our school's DHCP server. Routing and Remote Access and the RADIUS system are both being run from the same server. All outside requests are being handled by the vpn.cleo.net.uk servers.

    Is this the information you were after?

    Cheers.

  4. #4
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,491
    Thank Post
    10
    Thanked 502 Times in 442 Posts
    Rep Power
    114
    Quote Originally Posted by mcowley View Post
    The DHCP Relay Agent is set to our school's DHCP server. Routing and Remote Access and the RADIUS system are both being run from the same server. All outside requests are being handled by the vpn.cleo.net.uk servers.

    Is this the information you were after?

    Cheers.
    In the IAS configuration (under IP) there is a drop down box to choose which interface you wish to get dhcp etc requests from.

  5. #5

    Join Date
    Mar 2007
    Location
    Chorley
    Posts
    76
    Thank Post
    20
    Thanked 5 Times in 5 Posts
    Rep Power
    16
    Quote Originally Posted by DMcCoy View Post
    In the IAS configuration (under IP) there is a drop down box to choose which interface you wish to get dhcp etc requests from.
    Ah, right. The "Enable broadcast name resolution" box is checked, and the drop down list is set to "Allow RAS to select adapter".

    Would I take it that this should be set to Private to allow the connection to forward requests?

  6. #6
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,491
    Thank Post
    10
    Thanked 502 Times in 442 Posts
    Rep Power
    114
    what options are there? I've not got it installed at the moment. Do they relate to your network adaptors? There should also be some options under the dhcp relay configuration. It sounds like it's sending to requests to your cleo adaptor

  7. #7

    Join Date
    Mar 2007
    Location
    Chorley
    Posts
    76
    Thank Post
    20
    Thanked 5 Times in 5 Posts
    Rep Power
    16
    Quote Originally Posted by DMcCoy View Post
    what options are there? I've not got it installed at the moment. Do they relate to your network adaptors? There should also be some options under the dhcp relay configuration. It sounds like it's sending to requests to your cleo adaptor
    I have attached a screen shot of the IP window. Hope this makes sense. The three options available are:
    • Allow RAS to select adapter
    • Public
    • Private


    Thanks again for your help.
    Attached Images Attached Images

  8. #8
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,491
    Thank Post
    10
    Thanked 502 Times in 442 Posts
    Rep Power
    114
    looks like its private you want, it just uses the name you assign to the LAN connection

  9. #9

    Join Date
    Mar 2007
    Location
    Chorley
    Posts
    76
    Thank Post
    20
    Thanked 5 Times in 5 Posts
    Rep Power
    16
    Quote Originally Posted by DMcCoy View Post
    looks like its private you want, it just uses the name you assign to the LAN connection
    Thanks for the quick replies. I will test it when I get home later and get back to you in the morning.

    Chreers.

  10. #10

    Join Date
    Mar 2007
    Location
    Chorley
    Posts
    76
    Thank Post
    20
    Thanked 5 Times in 5 Posts
    Rep Power
    16
    Tried the connection again last night and the same things happen. 10.x.x.x address is received and I am still unable to connect to any resources.

    I was thinking last night about this inability to communication with our servers and I starting to think that it may be our ISA firewall blocking these types of communication.

    The notes I followed to set up RADIUS mention opening ports in ISA which I did, but there is no mention of what other protocols are needed for the remote access to work.

    Any ideas?

    Cheers.

  11. #11

    Join Date
    Mar 2007
    Location
    Chorley
    Posts
    76
    Thank Post
    20
    Thanked 5 Times in 5 Posts
    Rep Power
    16
    Ok, done a little more testing trying to figure this out. I have logged in again whilst my colleague was watching the server in school. Everything starts fine and an entry is added to the RADIUS log file.

    However, on the Routing and Remote Access screen no entry appears in the Remote Access Clients area and the count stays at 0.

    Is this normal? Am I right in thinking that each remotely logged in user should be displayed on this screen?

    Thanks.

  12. #12
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,491
    Thank Post
    10
    Thanked 502 Times in 442 Posts
    Rep Power
    114
    What sort of vpn are you using? It it pptp?

  13. #13

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,268
    Thank Post
    884
    Thanked 2,747 Times in 2,321 Posts
    Blog Entries
    11
    Rep Power
    785
    Quote Originally Posted by mcowley View Post
    Ok, done a little more testing trying to figure this out. I have logged in again whilst my colleague was watching the server in school. Everything starts fine and an entry is added to the RADIUS log file.

    However, on the Routing and Remote Access screen no entry appears in the Remote Access Clients area and the count stays at 0.

    Is this normal? Am I right in thinking that each remotely logged in user should be displayed on this screen?

    Thanks.
    This should definatly show up on your screen.

    Just a thought, are you sure that your VPN server is the one that is handling the requests. Earlier you said that the connections were handled through vpn.cleo.net.uk and I am guessing that they probably have more than one user of VPN stuff in their cloud. Perhaps their VPN server is handling the connection and is setup to ask your schools server for authentication information to validate. Unless you gave them your home IP address I don't see how they could know to forward your traffic to your server unless you are the only client.

    In this case it would log you in to the CLEO internal network to which your server is connected ie the same subnet as the external interface on your server. If this is the case you would then need to open another VPN connection to your servers CLEO ip address to gain access to your internal network. You can chain these connections together by using the "dial another connection first" option in the general properties of the VPN link. This would allow it to automatically open up the connection in the right order with an single double click.

    You could check if you are on the internal cleo network by opening up something like a web server on your ISA box and then trying to access that via your servers external CLEO ip when you are connected to the VPN.

    As to opening the ports in ISA if you have ISA 2000 pref 2004 or above they have fantastic VPN setup wizards that will set everything up for you correctly in the management console. You can even see if anyone is connected easily in ISA2006.
    Last edited by SYNACK; 1st February 2008 at 03:06 PM. Reason: more information

  14. #14

    Join Date
    Mar 2007
    Location
    Chorley
    Posts
    76
    Thank Post
    20
    Thanked 5 Times in 5 Posts
    Rep Power
    16
    To DMcCoy:
    Yes the VPN is PPTP

    To SYNACK:
    As far as Iím aware the CLEO server just forwards the requests. The usernames are checked against our AD from RADIUS and so I thought that then there should be a direct link to our network (there is no additional username password combination issued to initially access the CLEO network). The documentation that we use only describes how to set RADIUS up on the server, they never mention anything to do with the actual VPN configuration in school.

    We are running ISA 2000. I will have a look for the configuration options you have mentioned as I am really starting to suspect that it is ISA preventing any access after authentication.

    Thanks.

  15. #15

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,268
    Thank Post
    884
    Thanked 2,747 Times in 2,321 Posts
    Blog Entries
    11
    Rep Power
    785
    Quote Originally Posted by mcowley View Post
    The documentation that we use only describes how to set RADIUS up on the server, they never mention anything to do with the actual VPN configuration in school.

    We are running ISA 2000. I will have a look for the configuration options you have mentioned as I am really starting to suspect that it is ISA preventing any access after authentication.

    Thanks.
    The fact that it only shows you how to configure a radius server does make it seem likely that they are just letting you into their local network so that you can access your servers 'external' IP directly. From that point any number of methods could be used to get through into your local network.

    If you have ISA 2000 you may need to disable the VPN settings in RRAS before running the wizards as they are quite scruffy in that version. I had the same issue of not being able to access the VPNs properly until I used the wizards on ISA 2k. You may also need to restart the RRAS service when the wizard has completed.

    The other thing that I find immensely helpful when I am fixing VPN stuff if a cellphone / laptop combo that will give you an external connection to VPN in from while you are sitting in front of the server.



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. SSL Confusion!
    By mitchell1981 in forum Windows
    Replies: 10
    Last Post: 14th September 2007, 04:17 PM
  2. RIS ACPI confusion
    By netadmin in forum Windows
    Replies: 3
    Last Post: 24th July 2007, 08:52 AM
  3. ISA Confusion
    By Pearno in forum Windows
    Replies: 10
    Last Post: 18th May 2007, 11:34 AM
  4. DC Confusion
    By Grommit in forum Windows
    Replies: 15
    Last Post: 20th February 2007, 08:24 PM
  5. DHCP confusion
    By Gatt in forum Wireless Networks
    Replies: 5
    Last Post: 31st March 2006, 09:24 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •