none
VPN Client can't access LAN Resources RRS feed

  • Question

  • hi guys.

    need help from this urgently. i have setup as mentioned below.

    UAG Publishing Server - LAN NIC - 192.168.15.5/24 NO GW DNS-192.168.15.8(DC)

                                       External - 172.30.15.172/24 GW 172.30.15.1 NO DNS

    hope this other netowrk configuration for UAG is correct and used some microsoft acrticals and configura it.

    my VPN is working fine . but i have issues with access LAN resource when client(windows XP & windows 7 ) connect to VPN. here are the other details

    SSTP VPN Server(window 7 ) client

    NO Connection: 50 , user thrunk name ( installed commercail certificate)

    protocol - SSTP,

    IP address - 192.168.100.10 - 192.168.100.99 advnace -- 1982.168.15.8 as DNS

    user groups ( hope this is fine )

    Network Connector

    Netowrk segment-- GW - 192.168.15.1 ( only if neotwrk config missing )

    IP provising -- Private Addess pool (192.168.100.100- 192.168.100.255)

    access controll- Split tunneling

    Addional Network - 192.168.15.0( LAN network)

    advnace - default

    TMG ---- firewall rule -- all outbound trafic -- from VPN network(192.168.100.0/24) to intetnal Allow

    networking -- internal - 1982.168.15.0./24

    VPN client --default( no IP address etc.....)

    Routing from TMG

    192.168.15.0/24 GW- 192.168.15.1

    i tested with add , move this ( 192.168.100.0/24 GW 192.168.15.5(UAG LAN NIC )

    when i try to connect VPN, it will connect from both Clinets( window 7 & windows XP ). but

    windows 7 cleint can ping to UAG server-- 192.168.15.5 , windows XP can't ping any Internal Server. clinet will get VPN netowrk IP address ( eg 192.168.100.12/13/14/etc.. for Winodws 7 & 192.168.100.101/102.. fir windows XP ).

    it's seems routing issues. but cound't figure it out. i connect Windows XP machine to UAG LAN Network port and assign 192.168.15.5/24 GW 192.168.15.1 ( add secoudn IP as 192.168.100.234/24 ).

    add statci route 192.168.100.0 255.255.255.0 192.168.15.1

    then from Windoww xp machine can ping to all internal resoruces. so hope UAG LAN nic have all network access from switch level.

    feel only UAG routing issue. can you some one help for me .

    thank you

    indunil

    Tuesday, January 4, 2011 3:56 PM

Answers

  • Hi Amigo.  As you mention, XP and Windows 7 use different VPN mechanisms. XP machines use Network Connector whilst Windows 7 use SSTP. Can you open the TMG admin console and see the traffic in Monitoring? There must be a reason for that traffic being denied.. If TMG is blocking traffic it can be because:

    - there is no Network Relationship defined with origin network connector and destination Internal network. If the problem is Network Relationship try to define a route relationship between "Internal" network" and "Network connector"

    - there is a problem with spoofing. If the problem is spoofing there should be an alert in the Monitoring section. The address range of Network Connector should be excluded from Internal network

    - there should be an automatic access rule in TMG allowing all outbound traffic from "Network Coonector"

    Also take a look at here http://technet.microsoft.com/en-us/library/ee809096.aspx

    Hope it helps


    // Raúl - I love this game
    • Edited by RMoros Tuesday, January 4, 2011 4:30 PM complimentary data
    • Marked as answer by Indunil Wednesday, January 5, 2011 1:57 PM
    Tuesday, January 4, 2011 4:26 PM

All replies

  • Hi Amigo.  As you mention, XP and Windows 7 use different VPN mechanisms. XP machines use Network Connector whilst Windows 7 use SSTP. Can you open the TMG admin console and see the traffic in Monitoring? There must be a reason for that traffic being denied.. If TMG is blocking traffic it can be because:

    - there is no Network Relationship defined with origin network connector and destination Internal network. If the problem is Network Relationship try to define a route relationship between "Internal" network" and "Network connector"

    - there is a problem with spoofing. If the problem is spoofing there should be an alert in the Monitoring section. The address range of Network Connector should be excluded from Internal network

    - there should be an automatic access rule in TMG allowing all outbound traffic from "Network Coonector"

    Also take a look at here http://technet.microsoft.com/en-us/library/ee809096.aspx

    Hope it helps


    // Raúl - I love this game
    • Edited by RMoros Tuesday, January 4, 2011 4:30 PM complimentary data
    • Marked as answer by Indunil Wednesday, January 5, 2011 1:57 PM
    Tuesday, January 4, 2011 4:26 PM
  • hi Rmoros

    thanks for your rely. yes as i said , i configured both SSTP and network connector( windows 7 & window XP ) . when i connect from Windows 7 client, it will connect and can access UAG Server ( can ping , can get remote desktop ). but no other Servers in LAN network. when i connect from Windows XP , it will connect , but no access, even i can't ping to IP address which is assined to UAG server from VPN network.  but if i assing coopeate IP address( not private pool ) for netowrk connector, the XP VPN clinet get LAN IP address and has access to all LAN resources.

    i used  http://technet.microsoft.com/en-us/library/ee809096.aspx that articals to configure. 

    will check firewall logs and try to find some thing,  any thing else i can do

    here i found . hope some one can figureout the issues

    SSTP VPN pool- 192.168.100.201-192.168.100.255(40 users )

    Network connector - 192.168.100.2- 192.168.100.200

    UAG Server - SSTP IP - 192.168.100.201(first IP from pool )

    UAG Server NC - IP - 192.168.100.2 ( first IP from pool )

    Windows XP VPN Client - 192.168.100.4( pool IP addredd )

    Windows 7 VPN Clinet - 192.168.100.202( pool IP )

    from UAG server , i can ping all 192.168.100.2/4/201/202 IP address

    from Winodws 7 VPN clinet , i can ping 192.168.100.4 ( windows XP VPN clinet )- hope i can access fileshare(netbios ).

    from widows XP machine, i can't ping for any IP.

    i belive it's routing issues and hope some one can firgure out this issue . i need to get access from both VPN clinet machine to LAN netowrk resources.

    what i have missied . 

    thank you

    Indunil

    • Edited by Indunil Tuesday, January 4, 2011 8:00 PM Add more
    Tuesday, January 4, 2011 6:46 PM
  • hi

    i did some static routing and changes, then suddently it's started to working . but ping is not there. file access and other access can be used. will check and  post how i couldn able to fix. it will help for others.

    thank you Mr RMoros . hope after trace to TMG traffic only i relaize this.

    Wednesday, January 5, 2011 1:57 PM
  • Glad to help
    // Raúl - I love this game
    Thursday, January 6, 2011 9:42 PM
  • i get vpn from purevpn i really like their service for internet security....
    Tuesday, January 11, 2011 6:26 AM