In the library, we're having a combination problem with DHCP, VPN, and our building firewall, and are running out of places to look.
The firewall blocks Windows ports (137-139, 389, 445, and 3389) at the boundary of the Library staff physical network. We have a VPN server inside the staff network. A PC connects using a DHCP connection in the Library (or elsewhere on campus) and gets an IP address that is outside the staff network. It then connects to the VPN, which assigns it an IP address inside the staff network. Once that is done, Outlook can connect to our mail server (which is inside the staff network), but the PC cannot map to shared drives inside the staff network. It also cannot ping into the staff network. If I change the firewall to allow the Windows ports from the DHCP-assigned IP address, the PC can map to shared drives inside the staff network. (Inference: the packets required to map the drive carry the DHCP-assigned IP address, not the VPN-assigned IP.) However, the same PC, connecting from home using DHCP through Comcast and the same VPN connection, can map drives. (Inference: the drive is mapped using the VPN-assigned IP address.) Ipconfig shows the same information both in the Library and over Comcast, except for the DHCP-assigned IP address and its subnet mask (255.255.255.0 for Comcast, 255.248.0.0 in the Library).
Where should we look next? When using a VPN connection, what determines whether packets are sent with the VPN-assigned IP or the DHCP-assigned IP?
Any hints, tips, or outright solutions will be appreciated!
--Bill Wheeler
