VPN Problem - must solve or I get fired

Discussion in 'Networks' started by guess who, Jun 6, 2007.

  1. guess who

    guess who Bit Poster

    49
    0
    19
    Please help !

    Here is the situation.

    I just started working as a IT admin and second day of a work - a problem ! :(

    We have one domain in a company with 25 computers. We connect through VPN to other servers that users administer (SQL). I got problem is with one user. He cant connect to 1 specific SQL server through remote desktop connection. When connecting to IP adress 192.168.0.2 - ERROR.

    I thought that is a problem in that company but IT admin in that company said that everything is there ok.

    Now, we have DHCP that leases IP addresses in 192.168.0.1 - 192.168.0.254 range. IT admin of that company said that I must change IP address in that specific computer to be static but in some other subnet ?! (said something about IP conflict).

    Ou yeah, and another thing. When we connect through HDSPA card everything is ok ?! (we can connect)

    Any thoughts ??

    Here is how it's all configured:

    IP address: 192.168.0.108
    Subnet: 255.255.255.0
    Gateway: 192.168.0.2
    DNS: 192.168.0.10
    (all assigned by DHCP)
     
    Certifications: MCP, MCSA
    WIP: MCSE
  2. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,205
    136
    199
    Wow! talk about a high pressure environment! you sure you'll get fired?

    If your server has a DHCP assigned address how do you know that you are attempting to access the correct address when trying to access the server?

    Servers should really always have a statically assigned IP Address.

    I'm not sure what a HDSPA card is, but you may be able to connect as it may use another protocol other than TCP. NetBIOS perhaps?

    How do you initiate the VPN connection, does the other site have a public IP? Are you sure that you have the correct IP Addresses?
     
  3. BosonMichael
    Honorary Member Highly Decorated Member Award 500 Likes Award

    BosonMichael Yottabyte Poster

    19,183
    500
    414
    If you're going to get fired your second day of work, is that somewhere you REALLY want to be working?

    Agreed, servers should have static addresses.

    Can that user connect to ANY resources over RDP? Can other remote users connect to that SQL server over RDP?
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  4. guess who

    guess who Bit Poster

    49
    0
    19

    The user is connecting with to a server in a company named "Bambi"...he can connect with VPN but when he wants to connect to that specific server (that has IP address 192.168.0.25) with remote desktop, he gets error...

    here is all that in pictures:

    connected with VPN to "Bambi"

    [​IMG]


    [​IMG]


    ..cant ping 192.168.0.25 server in "Bambi"

    [​IMG]
     
    Certifications: MCP, MCSA
    WIP: MCSE
  5. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    To me it looks like one network is configured as a class A and the other a class C. The client also looks like it has a static IP address and is not picking up an IP address in the network it's trying to connect to.

    Try getting your client pc to change to dhcp.
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  6. guess who

    guess who Bit Poster

    49
    0
    19

    You mean client PC on "Bambi" ?
     
    Certifications: MCP, MCSA
    WIP: MCSE
  7. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,205
    136
    199
    Arrggghhh! Work firewall is blocking the images, so I can''t really help, but it definately sounds like it is an IP issue to me.

    What is the IP Address, Subnet mask, and gateway address of the client PC attempting to make the connection?

    What is the IP Address, Subnet mask, and gateway address of the server attempting to receive the connection?
     
  8. onoski

    onoski Terabyte Poster

    3,120
    51
    154
    It seems like the remote desk connection issue judging from the information that you have provided. Make sure that he has remote connection enabled or allowed on he's computer with appropriate connections. Let us know how you get on.
     
    Certifications: MCSE: 2003, MCSA: 2003 Messaging, MCP, HNC BIT, ITIL Fdn V3, SDI Fdn, VCP 4 & VCP 5
    WIP: MCTS:70-236, PowerShell
  9. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    If he's the one trying to connect to the server on 192.168.0.25, yes.
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  10. guess who

    guess who Bit Poster

    49
    0
    19

    I dont think thats na issue because other company's also connect to that server and they are all succesfull, exept mine company.. :(
     
    Certifications: MCP, MCSA
    WIP: MCSE
  11. guess who

    guess who Bit Poster

    49
    0
    19
    Here it is in words and numbers..

    connected with VPN to "Bambi":

    Client

    IP address: 192.168.0.108
    Subnet: 255.255.255.0
    Gateway: 192.168.0.2
    DNS: 192.168.0.10
    (all assigned by DHCP)


    PPP adapter company Bambi

    IP address: 10.10.159.154
    Subnet: 255.255.255.255
    Gateway: 10.10.159.154
    (DHCP disabled)

    VPN Status (when connected)

    Server IP address: 192.252.114.135
    Client IP address: 10.10.159.154


    Trying to ping 192.168.0.25

    Request timed out
     
    Certifications: MCP, MCSA
    WIP: MCSE
  12. guess who

    guess who Bit Poster

    49
    0
    19
    The client that is trying to access server has DHCP enabled..:blink
     
    Certifications: MCP, MCSA
    WIP: MCSE
  13. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    Okay, I can see several confusing situations here.

    It seems that you have 2 networks, your local network where you are (192.168.0.1-254) and the Bambi company network (10.10.159.xx). Yes?

    Where is the SQL server situated? Your local network or the Bambi network?

    From which network are you trying to connect to the SQL server?

    From how it looks you are trying to connect to the SQL server (192.168.0.25) on your local network from a client (192.168.0.10 ) on your local network. Why are you then trying to go over a vpn connection to the Bambi network?

    Another point, I see that the vpn connection is configured with a subnet mask reserved for a class E network (255.255.255.255) when it should read 255.0.0.0
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  14. onoski

    onoski Terabyte Poster

    3,120
    51
    154
    Make sure this users computer is not configured to use windows firewall. In other words make sure in control panel that the firewall options is set to off not recommended. Lets know if this is the case.
     
    Certifications: MCSE: 2003, MCSA: 2003 Messaging, MCP, HNC BIT, ITIL Fdn V3, SDI Fdn, VCP 4 & VCP 5
    WIP: MCTS:70-236, PowerShell
  15. guess who

    guess who Bit Poster

    49
    0
    19
    Yes, we have 2 networks.

    SQL is situated on Bambi network.

    I am trying to access it from my network.

    I am trying to acces it from my network (IP address 192.168.0.x) to their network (IP192.168.0.25). :eek:

    I will check that VPN subnet. :blink
     
    Certifications: MCP, MCSA
    WIP: MCSE
  16. BrizoH

    BrizoH Byte Poster

    243
    6
    25
    Sounds like an IP addressing issue.

    I've set up my fair share of IPSec VPN tunnels (using Watchguard Firewalls) and the first thing I see is that both networks seem to be using the same internal IP range.

    In my experience both sites should have different IP ranges, for example 192.168.1.x > 192.168.2.x

    That way on the 192.168.1.x gateway you can set up a routing policy to forward any traffic for 192.168.2.x over the tunnel, and vice versa

    There are ways around this using NAT, but it can get a bit tricky (for example if both sites use 192.168.0.x you can set up NAT so that site A appears to Site B as using 192.168.1.x etc)
     
    Certifications: CCNA, CCNA Security
    WIP: CCNP
  17. guess who

    guess who Bit Poster

    49
    0
    19

    Yeah..IT admin in Bambi company told me that also..:D How can I configure that ?
     
    Certifications: MCP, MCSA
    WIP: MCSE
  18. kat731
    Honorary Member

    kat731 Megabyte Poster

    826
    9
    74
    Just showed my IT Manager and he agrees with Brizo!!
    A routing issue due to 2 identical subnets.

    Kat
     
    Certifications: BA (Hons), A+
    WIP: 70-685 77-884
  19. BrizoH

    BrizoH Byte Poster

    243
    6
    25
    What does your company use as a firewall/vpn gateway?

    I could talk you through it if it's Watchguard, but if it's something else like Cisco then I'm not sure. No doubt someone will know though so post as much details as you can.
     
    Certifications: CCNA, CCNA Security
    WIP: CCNP
  20. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    What firewall are you using just now? You may be able to configure a new subnet in the DMZ and connect a PC in that range as a test.

    Oh, 192.168.0.x looks very 'default', expect some problems like this in the future.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.