Windows Thread, VPN and IP Confusion in Technical; Hi everyone.
Recently I made a post about my attempts to set-up our school’s network to be available over the ...
Recently I made a post about my attempts to set-up our school’s network to be available over the CLEO VPN system. After the initial problems I was able to get the RADIUS functionality to work and so I can now authenticate with my username and password whilst using a home connection.
However, I have run into another bit of confusion and I was hoping someone would be able to help. I have never used a VPN before so I’m not sure what to expect, but when I connect I get an IP address within the 10.x.x.x range like the one issued to our internet connection from CLEO. The problem is that all of our servers work on the 172.16.x.x range.
If I am understanding things correctly, when I set up Routing and Remote Access I set my networks DHCP Relay Agent to that of my DHCP server. Is this supposed to act as a bridge to forward requests between the address I receive and that of my network? If so, I am unable to access resources by name of IP. I have found an article on here about the use of Proxy ARP. Is this something I need to configure, and if so where is it?
Thanks guys for your continued help with this. I’m under some pressure from the senior staff to get this thing up and running whilst still trying to learn and understand what I’m doing on the fly.
The DHCP Relay Agent is set to our school's DHCP server. Routing and Remote Access and the RADIUS system are both being run from the same server. All outside requests are being handled by the vpn.cleo.net.uk servers.
The DHCP Relay Agent is set to our school's DHCP server. Routing and Remote Access and the RADIUS system are both being run from the same server. All outside requests are being handled by the vpn.cleo.net.uk servers.
Is this the information you were after?
Cheers.
In the IAS configuration (under IP) there is a drop down box to choose which interface you wish to get dhcp etc requests from.
what options are there? I've not got it installed at the moment. Do they relate to your network adaptors? There should also be some options under the dhcp relay configuration. It sounds like it's sending to requests to your cleo adaptor
what options are there? I've not got it installed at the moment. Do they relate to your network adaptors? There should also be some options under the dhcp relay configuration. It sounds like it's sending to requests to your cleo adaptor
I have attached a screen shot of the IP window. Hope this makes sense. The three options available are:
Tried the connection again last night and the same things happen. 10.x.x.x address is received and I am still unable to connect to any resources.
I was thinking last night about this inability to communication with our servers and I starting to think that it may be our ISA firewall blocking these types of communication.
The notes I followed to set up RADIUS mention opening ports in ISA which I did, but there is no mention of what other protocols are needed for the remote access to work.
Ok, done a little more testing trying to figure this out. I have logged in again whilst my colleague was watching the server in school. Everything starts fine and an entry is added to the RADIUS log file.
However, on the Routing and Remote Access screen no entry appears in the Remote Access Clients area and the count stays at 0.
Is this normal? Am I right in thinking that each remotely logged in user should be displayed on this screen?
Ok, done a little more testing trying to figure this out. I have logged in again whilst my colleague was watching the server in school. Everything starts fine and an entry is added to the RADIUS log file.
However, on the Routing and Remote Access screen no entry appears in the Remote Access Clients area and the count stays at 0.
Is this normal? Am I right in thinking that each remotely logged in user should be displayed on this screen?
Thanks.
This should definatly show up on your screen.
Just a thought, are you sure that your VPN server is the one that is handling the requests. Earlier you said that the connections were handled through vpn.cleo.net.uk and I am guessing that they probably have more than one user of VPN stuff in their cloud. Perhaps their VPN server is handling the connection and is setup to ask your schools server for authentication information to validate. Unless you gave them your home IP address I don't see how they could know to forward your traffic to your server unless you are the only client.
In this case it would log you in to the CLEO internal network to which your server is connected ie the same subnet as the external interface on your server. If this is the case you would then need to open another VPN connection to your servers CLEO ip address to gain access to your internal network. You can chain these connections together by using the "dial another connection first" option in the general properties of the VPN link. This would allow it to automatically open up the connection in the right order with an single double click.
You could check if you are on the internal cleo network by opening up something like a web server on your ISA box and then trying to access that via your servers external CLEO ip when you are connected to the VPN.
As to opening the ports in ISA if you have ISA 2000 pref 2004 or above they have fantastic VPN setup wizards that will set everything up for you correctly in the management console. You can even see if anyone is connected easily in ISA2006.
Last edited by SYNACK; 1st February 2008 at 02:06 PM.
Reason: more information
To SYNACK:
As far as I’m aware the CLEO server just forwards the requests. The usernames are checked against our AD from RADIUS and so I thought that then there should be a direct link to our network (there is no additional username password combination issued to initially access the CLEO network). The documentation that we use only describes how to set RADIUS up on the server, they never mention anything to do with the actual VPN configuration in school.
We are running ISA 2000. I will have a look for the configuration options you have mentioned as I am really starting to suspect that it is ISA preventing any access after authentication.
The documentation that we use only describes how to set RADIUS up on the server, they never mention anything to do with the actual VPN configuration in school.
We are running ISA 2000. I will have a look for the configuration options you have mentioned as I am really starting to suspect that it is ISA preventing any access after authentication.
Thanks.
The fact that it only shows you how to configure a radius server does make it seem likely that they are just letting you into their local network so that you can access your servers 'external' IP directly. From that point any number of methods could be used to get through into your local network.
If you have ISA 2000 you may need to disable the VPN settings in RRAS before running the wizards as they are quite scruffy in that version. I had the same issue of not being able to access the VPNs properly until I used the wizards on ISA 2k. You may also need to restart the RRAS service when the wizard has completed.
The other thing that I find immensely helpful when I am fixing VPN stuff if a cellphone / laptop combo that will give you an external connection to VPN in from while you are sitting in front of the server.
LinkBack URL
About LinkBacks
Originally Posted by DMcCoy 
