LISTSERV 16.0 - MSUNAG Archives

Bill,

Depending on the IP address obtained before your VPN is created,
you're likely running into routing issues.  Take a look at the
routing table to see where the problem is.
from a command prompt:

route print

You'll see where the packets may be getting confused as to which
interface they should be going out on.  If you're within a certain
subnet, and are then obtaining another IP within that subnet, you
will have these problems.

You can always troubleshoot with traceroute to be sure the packets
are going out over the correct interface.  You could also set the
clients to use the remote gateway as their default route, making
all of their traffic go out through their VPN connection (not the
best solution, but could help you in tracking down the problem.)
Hope this helps.

-Russell


Wheeler, Bill wrote:

>         In the library, we're having a combination problem with DHCP, VPN, and our building firewall, and are running out of places to look.
>
>         The firewall blocks Windows ports (137-139, 389, 445, and 3389) at the boundary of the Library staff physical network.  We have a VPN server inside the staff network.  A PC connects using a DHCP connection in the Library (or elsewhere on campus) and gets an IP address that is outside the staff network.  It then connects to the VPN, which assigns it an IP address inside the staff network.  Once that is done, Outlook can connect to our mail server (which is inside the staff network), but the PC cannot map to shared drives inside the staff network.  It also cannot ping into the staff network.  If I change the firewall to allow the Windows ports from the DHCP-assigned IP address, the PC can map to shared drives inside the staff network.  (Inference: the packets required to map the drive carry the DHCP-assigned IP address, not the VPN-assigned IP.)  However, the same PC, connecting from home using DHCP through Comcast and the same VPN connection, can map drives.  (Infer
ence!
> : the drive is mapped using the VPN-assigned IP address.)  Ipconfig shows the same information both in the Library and over Comcast, except for the DHCP-assigned IP address and its subnet mask (255.255.255.0 for Comcast, 255.248.0.0 in the Library).
>
>         Where should we look next?  When using a VPN connection, what determines whether packets are sent with the VPN-assigned IP or the DHCP-assigned IP?
>
>         Any hints, tips, or outright solutions will be appreciated!
>         --Bill Wheeler
>
> .
>