Which interface is the request being directed to?
Recently I made a post about my attempts to set-up our schoolís network to be available over the CLEO VPN system. After the initial problems I was able to get the RADIUS functionality to work and so I can now authenticate with my username and password whilst using a home connection.
However, I have run into another bit of confusion and I was hoping someone would be able to help. I have never used a VPN before so Iím not sure what to expect, but when I connect I get an IP address within the 10.x.x.x range like the one issued to our internet connection from CLEO. The problem is that all of our servers work on the 172.16.x.x range.
If I am understanding things correctly, when I set up Routing and Remote Access I set my networks DHCP Relay Agent to that of my DHCP server. Is this supposed to act as a bridge to forward requests between the address I receive and that of my network? If so, I am unable to access resources by name of IP. I have found an article on here about the use of Proxy ARP. Is this something I need to configure, and if so where is it?
Thanks guys for your continued help with this. Iím under some pressure from the senior staff to get this thing up and running whilst still trying to learn and understand what Iím doing on the fly.
Which interface is the request being directed to?
what options are there? I've not got it installed at the moment. Do they relate to your network adaptors? There should also be some options under the dhcp relay configuration. It sounds like it's sending to requests to your cleo adaptor
looks like its private you want, it just uses the name you assign to the LAN connection
Tried the connection again last night and the same things happen. 10.x.x.x address is received and I am still unable to connect to any resources.
I was thinking last night about this inability to communication with our servers and I starting to think that it may be our ISA firewall blocking these types of communication.
The notes I followed to set up RADIUS mention opening ports in ISA which I did, but there is no mention of what other protocols are needed for the remote access to work.
Ok, done a little more testing trying to figure this out. I have logged in again whilst my colleague was watching the server in school. Everything starts fine and an entry is added to the RADIUS log file.
However, on the Routing and Remote Access screen no entry appears in the Remote Access Clients area and the count stays at 0.
Is this normal? Am I right in thinking that each remotely logged in user should be displayed on this screen?
What sort of vpn are you using? It it pptp?
Just a thought, are you sure that your VPN server is the one that is handling the requests. Earlier you said that the connections were handled through vpn.cleo.net.uk and I am guessing that they probably have more than one user of VPN stuff in their cloud. Perhaps their VPN server is handling the connection and is setup to ask your schools server for authentication information to validate. Unless you gave them your home IP address I don't see how they could know to forward your traffic to your server unless you are the only client.
In this case it would log you in to the CLEO internal network to which your server is connected ie the same subnet as the external interface on your server. If this is the case you would then need to open another VPN connection to your servers CLEO ip address to gain access to your internal network. You can chain these connections together by using the "dial another connection first" option in the general properties of the VPN link. This would allow it to automatically open up the connection in the right order with an single double click.
You could check if you are on the internal cleo network by opening up something like a web server on your ISA box and then trying to access that via your servers external CLEO ip when you are connected to the VPN.
As to opening the ports in ISA if you have ISA 2000 pref 2004 or above they have fantastic VPN setup wizards that will set everything up for you correctly in the management console. You can even see if anyone is connected easily in ISA2006.
Last edited by SYNACK; 1st February 2008 at 03:06 PM. Reason: more information
Yes the VPN is PPTP
As far as Iím aware the CLEO server just forwards the requests. The usernames are checked against our AD from RADIUS and so I thought that then there should be a direct link to our network (there is no additional username password combination issued to initially access the CLEO network). The documentation that we use only describes how to set RADIUS up on the server, they never mention anything to do with the actual VPN configuration in school.
We are running ISA 2000. I will have a look for the configuration options you have mentioned as I am really starting to suspect that it is ISA preventing any access after authentication.
If you have ISA 2000 you may need to disable the VPN settings in RRAS before running the wizards as they are quite scruffy in that version. I had the same issue of not being able to access the VPNs properly until I used the wizards on ISA 2k. You may also need to restart the RRAS service when the wizard has completed.
The other thing that I find immensely helpful when I am fixing VPN stuff if a cellphone / laptop combo that will give you an external connection to VPN in from while you are sitting in front of the server.
There are currently 1 users browsing this thread. (0 members and 1 guests)