VPN partially works

Hello,

Hardware Firewall
-has external ip
-has internal ip #1
-port 25 forwards to internal IP #2 (domain controller)
-port 443 forwards to internal IP #2 (domain controller)
-port 1723 forwards to internal IP #2 (domain controller)
-port 81 forwards to internal IP #3 (member server)

Domain Controller
-has internal ip #2
-W2K Standard with Exchange 2K on it
-Remote Access Server
-Certificate services

Member Server
-has internal ip #3
-W2K Standard
-intranet documents

The branch office use a dialup network connection to
establish a PPTP VPN connection, and then open their
Outlook XP to access their email that is stored on the
domain controller.

With the VPN up, the branch office can't see the member
server to access the intranet documents. I have had to
create an Internet icon on each computer with the
URL "http://external ip:81/directory name" in order for
the branch office to access the intranet documents.

I can't figure out how to get the VPN connection to see
both the domain controller and the member server.

Does anyone know how I can fix this problem?

Thanks for your help,
Millie

Can remote clients ping IP (not name!) of member server? What does tracert
from client to member server show?

How is routing configured on member server? How are your IP filters
configured on RRAS server?. Can member server ping client's IP address? What
does tracert from member server to client show?

Mike

"Millie" <(E-Mail Removed)> wrote in message
news:2db8b01c46a17$8b7577e0$(E-Mail Removed)...
> Hello,
>
> Hardware Firewall
> -has external ip
> -has internal ip #1
> -port 25 forwards to internal IP #2 (domain controller)
> -port 443 forwards to internal IP #2 (domain controller)
> -port 1723 forwards to internal IP #2 (domain controller)
> -port 81 forwards to internal IP #3 (member server)
>
> Domain Controller
> -has internal ip #2
> -W2K Standard with Exchange 2K on it
> -Remote Access Server
> -Certificate services
>
> Member Server
> -has internal ip #3
> -W2K Standard
> -intranet documents
>
> The branch office use a dialup network connection to
> establish a PPTP VPN connection, and then open their
> Outlook XP to access their email that is stored on the
> domain controller.
>
> With the VPN up, the branch office can't see the member
> server to access the intranet documents. I have had to
> create an Internet icon on each computer with the
> URL "http://external ip:81/directory name" in order for
> the branch office to access the intranet documents.
>
> I can't figure out how to get the VPN connection to see
> both the domain controller and the member server.
>
> Does anyone know how I can fix this problem?
>
> Thanks for your help,
> Millie

"Millie" <(E-Mail Removed)> wrote in message
news:2db8b01c46a17$8b7577e0$(E-Mail Removed)...

> -port 25 forwards to internal IP #2 (domain controller)
> -port 443 forwards to internal IP #2 (domain controller)
> -port 1723 forwards to internal IP #2 (domain controller)
> -port 81 forwards to internal IP #3 (member server)

I know it can be annoying,...but we need to clarify termiology to make sure
we are on the "same page" together.

Above, the "ports" aren't being forwarded. The IP# are being forwarded. Port
forwarding is when the ports on IP#1 and IP#2 are not the same port#.

> The branch office use a dialup network connection to
> establish a PPTP VPN connection, and then open their
> Outlook XP to access their email that is stored on the
> domain controller.

I assume you mean that this part works?

> With the VPN up, the branch office can't see the member
> server to access the intranet documents. I have had to
> create an Internet icon on each computer with the
> URL "http://external ip:81/directory name" in order for
> the branch office to access the intranet documents.

Let's use accuart terminology or we will never know what each other means.
What do you actually mean by "branch office can't see the member server"?
How are they attempting to do it? Network browsing? Internet Explorer
combined with a intranet website? Are they using machine names?, FQDNs?,
IP#s? Your example is a HTTP URL using the IP# on a non-standard port, this
would imply the use of an internal website to gather these "intranet
documents".

> I can't figure out how to get the VPN connection to see
> both the domain controller and the member server.

Well VPN is just a encapsulated TCP/IP link,.... it doesn't "see" anything.
Can you explain what you mean by that?

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

1. When remote clients ping the IP of member server,
they get error message "request timed out".

2. Tracert from remote client to member server gets
error message "tracing route to IP address over a
maximum of 30 hops" and the "request timed out".

3. Ping from member server to remote client gets error
message "request timed out".

4. Tracert from member server to remote client gets
error message:

tracing route to client IP over a maximum of 30 hops
1 <10 ms <10 ms <10 ms gateway IP
2 78 ms 16 ms 10 ms head office's ISP IP #1
3 <10 ms 16 ms 10 ms head office's ISP IP #1

4 <10 ms 16 ms <10 ms head office's ISP IP #2
5 * * * request timed out.

5. I don't think there is any routing configured on
the member server (Routing and Remote Access Server
does exists in Administrative Tools though).

6. I don't know how the IP filters are configured on
the RAS.

As you can tell, I'm not very experienced with this
subject matter.

Thank you,
Millie


>-----Original Message-----
>Can remote clients ping IP (not name!) of member server?
What does tracert
>from client to member server show?
>
>How is routing configured on member server? How are your
IP filters
>configured on RRAS server?. Can member server ping
client's IP address? What
>does tracert from member server to client show?
>
>Mike
>
>"Millie" <(E-Mail Removed)> wrote in
message
>news:2db8b01c46a17$8b7577e0$(E-Mail Removed)...
>> Hello,
>>
>> Hardware Firewall
>> -has external ip
>> -has internal ip #1
>> -port 25 forwards to internal IP #2 (domain controller)
>> -port 443 forwards to internal IP #2 (domain controller)
>> -port 1723 forwards to internal IP #2 (domain
controller)
>> -port 81 forwards to internal IP #3 (member server)
>>
>> Domain Controller
>> -has internal ip #2
>> -W2K Standard with Exchange 2K on it
>> -Remote Access Server
>> -Certificate services
>>
>> Member Server
>> -has internal ip #3
>> -W2K Standard
>> -intranet documents
>>
>> The branch office use a dialup network connection to
>> establish a PPTP VPN connection, and then open their
>> Outlook XP to access their email that is stored on the
>> domain controller.
>>
>> With the VPN up, the branch office can't see the member
>> server to access the intranet documents. I have had to
>> create an Internet icon on each computer with the
>> URL "http://external ip:81/directory name" in order for
>> the branch office to access the intranet documents.
>>
>> I can't figure out how to get the VPN connection to see
>> both the domain controller and the member server.
>>
>> Does anyone know how I can fix this problem?
>>
>> Thanks for your help,
>> Millie
>
>
>.
>

I'm not very experienced with VPNs and have a limited
knowledge of the subject matter and terminology.

Our hardware firewall has an external IP address. The
firewall ports are mapped as follows: port 25 for smtp is
mapped to internal IP #2 (domain controller), port 1723
for vpn is mapped to internal IP #2 (domain controller),
etc.

Yes, the branch office can successfully access their email.

The branch office can't use Windows Explorer to map a
drive to the member server.

My understanding is that if VPN is configured correctly,
once the VPN session is established that the remote client
will be able to access email on the domain controller and
data (spreadsheets, word documents, etc) on the member
server. But in our case, the remote client can only access
email on the domain controller and not access data on the
member server.

Thank you,
Millie

>-----Original Message-----
>"Millie" <(E-Mail Removed)> wrote in
message
>news:2db8b01c46a17$8b7577e0$(E-Mail Removed)...
>
>> -port 25 forwards to internal IP #2 (domain controller)
>> -port 443 forwards to internal IP #2 (domain controller)
>> -port 1723 forwards to internal IP #2 (domain
controller)
>> -port 81 forwards to internal IP #3 (member server)
>
>I know it can be annoying,...but we need to clarify
termiology to make sure
>we are on the "same page" together.
>
>Above, the "ports" aren't being forwarded. The IP# are
being forwarded. Port
>forwarding is when the ports on IP#1 and IP#2 are not the
same port#.
>
>> The branch office use a dialup network connection to
>> establish a PPTP VPN connection, and then open their
>> Outlook XP to access their email that is stored on the
>> domain controller.
>
>I assume you mean that this part works?
>
>> With the VPN up, the branch office can't see the member
>> server to access the intranet documents. I have had to
>> create an Internet icon on each computer with the
>> URL "http://external ip:81/directory name" in order for
>> the branch office to access the intranet documents.
>
>Let's use accuart terminology or we will never know what
each other means.
>What do you actually mean by "branch office can't see the
member server"?
>How are they attempting to do it? Network browsing?
Internet Explorer
>combined with a intranet website? Are they using machine
names?, FQDNs?,
>IP#s? Your example is a HTTP URL using the IP# on a non-
standard port, this
>would imply the use of an internal website to gather
these "intranet
>documents".
>
>> I can't figure out how to get the VPN connection to see
>> both the domain controller and the member server.
>
>Well VPN is just a encapsulated TCP/IP link,.... it
doesn't "see" anything.
>Can you explain what you mean by that?
>
>--
>
>Phillip Windell [MCP, MVP, CCNA]
>www.wandtv.com
>
>
>.
>

Hi,

when remote client connects to RRAS it gets new private IP from RRAS. Are
these IPs from same subnet or different subnet then IPs on remote office.
Can you ping and perform tracert from member server to this private IP of
remote client.

Mike

"Millie" <(E-Mail Removed)> wrote in message
news:2e1fb01c46a7f$06225280$(E-Mail Removed)...
> 1. When remote clients ping the IP of member server,
> they get error message "request timed out".
>
> 2. Tracert from remote client to member server gets
> error message "tracing route to IP address over a
> maximum of 30 hops" and the "request timed out".
>
> 3. Ping from member server to remote client gets error
> message "request timed out".
>
> 4. Tracert from member server to remote client gets
> error message:
>
> tracing route to client IP over a maximum of 30 hops
> 1 <10 ms <10 ms <10 ms gateway IP
> 2 78 ms 16 ms 10 ms head office's ISP IP #1
> 3 <10 ms 16 ms 10 ms head office's ISP IP #1
>
> 4 <10 ms 16 ms <10 ms head office's ISP IP #2
> 5 * * * request timed out.
>
> 5. I don't think there is any routing configured on
> the member server (Routing and Remote Access Server
> does exists in Administrative Tools though).
>
> 6. I don't know how the IP filters are configured on
> the RAS.
>
> As you can tell, I'm not very experienced with this
> subject matter.
>
> Thank you,
> Millie
>
>
> >-----Original Message-----
> >Can remote clients ping IP (not name!) of member server?
> What does tracert
> >from client to member server show?
> >
> >How is routing configured on member server? How are your
> IP filters
> >configured on RRAS server?. Can member server ping
> client's IP address? What
> >does tracert from member server to client show?
> >
> >Mike
> >
> >"Millie" <(E-Mail Removed)> wrote in
> message
> >news:2db8b01c46a17$8b7577e0$(E-Mail Removed)...
> >> Hello,
> >>
> >> Hardware Firewall
> >> -has external ip
> >> -has internal ip #1
> >> -port 25 forwards to internal IP #2 (domain controller)
> >> -port 443 forwards to internal IP #2 (domain controller)
> >> -port 1723 forwards to internal IP #2 (domain
> controller)
> >> -port 81 forwards to internal IP #3 (member server)
> >>
> >> Domain Controller
> >> -has internal ip #2
> >> -W2K Standard with Exchange 2K on it
> >> -Remote Access Server
> >> -Certificate services
> >>
> >> Member Server
> >> -has internal ip #3
> >> -W2K Standard
> >> -intranet documents
> >>
> >> The branch office use a dialup network connection to
> >> establish a PPTP VPN connection, and then open their
> >> Outlook XP to access their email that is stored on the
> >> domain controller.
> >>
> >> With the VPN up, the branch office can't see the member
> >> server to access the intranet documents. I have had to
> >> create an Internet icon on each computer with the
> >> URL "http://external ip:81/directory name" in order for
> >> the branch office to access the intranet documents.
> >>
> >> I can't figure out how to get the VPN connection to see
> >> both the domain controller and the member server.
> >>
> >> Does anyone know how I can fix this problem?
> >>
> >> Thanks for your help,
> >> Millie
> >
> >
> >.
> >

The RAS has a range of 10 IPs: 172.16.0.x with subnet
255.255.255.255 which is assigned to the remote clients
when they connect. The remote office computers have IPs:
192.168.0.x with subnet 255.255.255.0. The head office
computers have IPs: 192.168.1.x with subnet 255.255.255.0.

When I ping 172.16.0.x from the member server, the request
times out.

When I tracert 172.16.0.x from the member server, the
following is displayed:

tracing route to client IP over a maximum of 30 hops
1 <10 ms <10 ms <10 ms gateway IP
2 78 ms 16 ms 10 ms head office's ISP IP #1
3 <10 ms 16 ms 10 ms head office's ISP IP #1

4 <10 ms 16 ms <10 ms head office's ISP IP #2
5 * * * request timed out.

Thanks,
Millie

>-----Original Message-----
>Hi,
>
>when remote client connects to RRAS it gets new private
IP from RRAS. Are
>these IPs from same subnet or different subnet then IPs
on remote office.
>Can you ping and perform tracert from member server to
this private IP of
>remote client.
>
>Mike
>
>"Millie" <(E-Mail Removed)> wrote in
message
>news:2e1fb01c46a7f$06225280$(E-Mail Removed)...
>> 1. When remote clients ping the IP of member server,
>> they get error message "request timed out".
>>
>> 2. Tracert from remote client to member server gets
>> error message "tracing route to IP address over a
>> maximum of 30 hops" and the "request timed out".
>>
>> 3. Ping from member server to remote client gets error
>> message "request timed out".
>>
>> 4. Tracert from member server to remote client gets
>> error message:
>>
>> tracing route to client IP over a maximum of 30 hops
>> 1 <10 ms <10 ms <10 ms gateway IP
>> 2 78 ms 16 ms 10 ms head office's ISP IP #1
>> 3 <10 ms 16 ms 10 ms head office's ISP IP #1
>>
>> 4 <10 ms 16 ms <10 ms head office's ISP IP #2
>> 5 * * * request timed out.
>>
>> 5. I don't think there is any routing configured on
>> the member server (Routing and Remote Access Server
>> does exists in Administrative Tools though).
>>
>> 6. I don't know how the IP filters are configured on
>> the RAS.
>>
>> As you can tell, I'm not very experienced with this
>> subject matter.
>>
>> Thank you,
>> Millie
>>
>>
>> >-----Original Message-----
>> >Can remote clients ping IP (not name!) of member
server?
>> What does tracert
>> >from client to member server show?
>> >
>> >How is routing configured on member server? How are
your
>> IP filters
>> >configured on RRAS server?. Can member server ping
>> client's IP address? What
>> >does tracert from member server to client show?
>> >
>> >Mike
>> >
>> >"Millie" <(E-Mail Removed)> wrote in
>> message
>> >news:2db8b01c46a17$8b7577e0$(E-Mail Removed)...
>> >> Hello,
>> >>
>> >> Hardware Firewall
>> >> -has external ip
>> >> -has internal ip #1
>> >> -port 25 forwards to internal IP #2 (domain
controller)
>> >> -port 443 forwards to internal IP #2 (domain
controller)
>> >> -port 1723 forwards to internal IP #2 (domain
>> controller)
>> >> -port 81 forwards to internal IP #3 (member server)
>> >>
>> >> Domain Controller
>> >> -has internal ip #2
>> >> -W2K Standard with Exchange 2K on it
>> >> -Remote Access Server
>> >> -Certificate services
>> >>
>> >> Member Server
>> >> -has internal ip #3
>> >> -W2K Standard
>> >> -intranet documents
>> >>
>> >> The branch office use a dialup network connection to
>> >> establish a PPTP VPN connection, and then open their
>> >> Outlook XP to access their email that is stored on
the
>> >> domain controller.
>> >>
>> >> With the VPN up, the branch office can't see the
member
>> >> server to access the intranet documents. I have had
to
>> >> create an Internet icon on each computer with the
>> >> URL "http://external ip:81/directory name" in order
for
>> >> the branch office to access the intranet documents.
>> >>
>> >> I can't figure out how to get the VPN connection to
see
>> >> both the domain controller and the member server.
>> >>
>> >> Does anyone know how I can fix this problem?
>> >>
>> >> Thanks for your help,
>> >> Millie
>> >
>> >
>> >.
>> >
>
>
>.
>

Hi,

Did you write down wrong subnet mask for the 172.16.0.x subnet? You wrote
255.255.255.255, but that means specific IP address. What is real subnet
mask? It should be 255.255.0.0 but what are you using?

To run successful tracert you actually have to have a client connected from
remote office to RRAS and then ping the client's private IP (172.16.0.?). If
there are no clients connected to RRAS there is nothing to answer your ping.

Mike


"Millie" <(E-Mail Removed)> wrote in message
news:2e4d701c46aa3$d0bbd240$(E-Mail Removed)...
> The RAS has a range of 10 IPs: 172.16.0.x with subnet
> 255.255.255.255 which is assigned to the remote clients
> when they connect. The remote office computers have IPs:
> 192.168.0.x with subnet 255.255.255.0. The head office
> computers have IPs: 192.168.1.x with subnet 255.255.255.0.
>
> When I ping 172.16.0.x from the member server, the request
> times out.
>
> When I tracert 172.16.0.x from the member server, the
> following is displayed:
>
> tracing route to client IP over a maximum of 30 hops
> 1 <10 ms <10 ms <10 ms gateway IP
> 2 78 ms 16 ms 10 ms head office's ISP IP #1
> 3 <10 ms 16 ms 10 ms head office's ISP IP #1
>
> 4 <10 ms 16 ms <10 ms head office's ISP IP #2
> 5 * * * request timed out.
>
> Thanks,
> Millie
>
> >-----Original Message-----
> >Hi,
> >
> >when remote client connects to RRAS it gets new private
> IP from RRAS. Are
> >these IPs from same subnet or different subnet then IPs
> on remote office.
> >Can you ping and perform tracert from member server to
> this private IP of
> >remote client.
> >
> >Mike
> >
> >"Millie" <(E-Mail Removed)> wrote in
> message
> >news:2e1fb01c46a7f$06225280$(E-Mail Removed)...
> >> 1. When remote clients ping the IP of member server,
> >> they get error message "request timed out".
> >>
> >> 2. Tracert from remote client to member server gets
> >> error message "tracing route to IP address over a
> >> maximum of 30 hops" and the "request timed out".
> >>
> >> 3. Ping from member server to remote client gets error
> >> message "request timed out".
> >>
> >> 4. Tracert from member server to remote client gets
> >> error message:
> >>
> >> tracing route to client IP over a maximum of 30 hops
> >> 1 <10 ms <10 ms <10 ms gateway IP
> >> 2 78 ms 16 ms 10 ms head office's ISP IP #1
> >> 3 <10 ms 16 ms 10 ms head office's ISP IP #1
> >>
> >> 4 <10 ms 16 ms <10 ms head office's ISP IP #2
> >> 5 * * * request timed out.
> >>
> >> 5. I don't think there is any routing configured on
> >> the member server (Routing and Remote Access Server
> >> does exists in Administrative Tools though).
> >>
> >> 6. I don't know how the IP filters are configured on
> >> the RAS.
> >>
> >> As you can tell, I'm not very experienced with this
> >> subject matter.
> >>
> >> Thank you,
> >> Millie
> >>
> >>
> >> >-----Original Message-----
> >> >Can remote clients ping IP (not name!) of member
> server?
> >> What does tracert
> >> >from client to member server show?
> >> >
> >> >How is routing configured on member server? How are
> your
> >> IP filters
> >> >configured on RRAS server?. Can member server ping
> >> client's IP address? What
> >> >does tracert from member server to client show?
> >> >
> >> >Mike
> >> >
> >> >"Millie" <(E-Mail Removed)> wrote in
> >> message
> >> >news:2db8b01c46a17$8b7577e0$(E-Mail Removed)...
> >> >> Hello,
> >> >>
> >> >> Hardware Firewall
> >> >> -has external ip
> >> >> -has internal ip #1
> >> >> -port 25 forwards to internal IP #2 (domain
> controller)
> >> >> -port 443 forwards to internal IP #2 (domain
> controller)
> >> >> -port 1723 forwards to internal IP #2 (domain
> >> controller)
> >> >> -port 81 forwards to internal IP #3 (member server)
> >> >>
> >> >> Domain Controller
> >> >> -has internal ip #2
> >> >> -W2K Standard with Exchange 2K on it
> >> >> -Remote Access Server
> >> >> -Certificate services
> >> >>
> >> >> Member Server
> >> >> -has internal ip #3
> >> >> -W2K Standard
> >> >> -intranet documents
> >> >>
> >> >> The branch office use a dialup network connection to
> >> >> establish a PPTP VPN connection, and then open their
> >> >> Outlook XP to access their email that is stored on
> the
> >> >> domain controller.
> >> >>
> >> >> With the VPN up, the branch office can't see the
> member
> >> >> server to access the intranet documents. I have had
> to
> >> >> create an Internet icon on each computer with the
> >> >> URL "http://external ip:81/directory name" in order
> for
> >> >> the branch office to access the intranet documents.
> >> >>
> >> >> I can't figure out how to get the VPN connection to
> see
> >> >> both the domain controller and the member server.
> >> >>
> >> >> Does anyone know how I can fix this problem?
> >> >>
> >> >> Thanks for your help,
> >> >> Millie
> >> >
> >> >
> >> >.
> >> >
> >
> >
> >.
> >

"Millie" <(E-Mail Removed)> wrote in message
news:2e22101c46a80$a3637960$(E-Mail Removed)...
> I'm not very experienced with VPNs and have a limited
> knowledge of the subject matter and terminology.

No problem.

> Our hardware firewall has an external IP address. The
> firewall ports are mapped as follows: port 25 for smtp is
> mapped to internal IP #2 (domain controller), port 1723
> for vpn is mapped to internal IP #2 (domain controller),
> etc.

Yes. That is "Static NAT" although the term may vary by firewall
manufacturer.

> Yes, the branch office can successfully access their email.
>
> The branch office can't use Windows Explorer to map a
> drive to the member server.

But what happens when they try? What does it do? What does it say?

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Microsoft Technical Support helped me to set up the RAS
some time ago. They told me to enter the 172.16.0.x IP
range for remote clients.

I used VNC Connect to obtain remote control of a computer
in the branch office, did an IPCONFIG /ALL and it said
255.255.255.255 for the subnet mask for 172.16.0.x. If
this is wrong, I don't know how to correct it and don't
understand why the VPN works for accessing email on the
Exchange Server here at head office.

Yes, I took remote control of a branch office computer to
establish a VPN connection before I tried pinging the
172.16.0.x IP from the member server.

Thank you,
Millie


>-----Original Message-----
>Hi,
>
>Did you write down wrong subnet mask for the 172.16.0.x
subnet? You wrote
>255.255.255.255, but that means specific IP address. What
is real subnet
>mask? It should be 255.255.0.0 but what are you using?
>
>To run successful tracert you actually have to have a
client connected from
>remote office to RRAS and then ping the client's private
IP (172.16.0.?). If
>there are no clients connected to RRAS there is nothing
to answer your ping.
>
>Mike
>
>
>"Millie" <(E-Mail Removed)> wrote in
message
>news:2e4d701c46aa3$d0bbd240$(E-Mail Removed)...
>> The RAS has a range of 10 IPs: 172.16.0.x with subnet
>> 255.255.255.255 which is assigned to the remote clients
>> when they connect. The remote office computers have IPs:
>> 192.168.0.x with subnet 255.255.255.0. The head office
>> computers have IPs: 192.168.1.x with subnet
255.255.255.0.
>>
>> When I ping 172.16.0.x from the member server, the
request
>> times out.
>>
>> When I tracert 172.16.0.x from the member server, the
>> following is displayed:
>>
>> tracing route to client IP over a maximum of 30 hops
>> 1 <10 ms <10 ms <10 ms gateway IP
>> 2 78 ms 16 ms 10 ms head office's ISP IP #1
>> 3 <10 ms 16 ms 10 ms head office's ISP IP #1
>>
>> 4 <10 ms 16 ms <10 ms head office's ISP IP #2
>> 5 * * * request timed out.
>>
>> Thanks,
>> Millie
>>
>> >-----Original Message-----
>> >Hi,
>> >
>> >when remote client connects to RRAS it gets new private
>> IP from RRAS. Are
>> >these IPs from same subnet or different subnet then IPs
>> on remote office.
>> >Can you ping and perform tracert from member server to
>> this private IP of
>> >remote client.
>> >
>> >Mike
>> >
>> >"Millie" <(E-Mail Removed)> wrote in
>> message
>> >news:2e1fb01c46a7f$06225280$(E-Mail Removed)...
>> >> 1. When remote clients ping the IP of member server,
>> >> they get error message "request timed out".
>> >>
>> >> 2. Tracert from remote client to member server gets
>> >> error message "tracing route to IP address over a
>> >> maximum of 30 hops" and the "request timed out".
>> >>
>> >> 3. Ping from member server to remote client gets
error
>> >> message "request timed out".
>> >>
>> >> 4. Tracert from member server to remote client gets
>> >> error message:
>> >>
>> >> tracing route to client IP over a maximum of 30
hops
>> >> 1 <10 ms <10 ms <10 ms gateway IP
>> >> 2 78 ms 16 ms 10 ms head office's ISP IP #1
>> >> 3 <10 ms 16 ms 10 ms head office's ISP IP #1
>> >>
>> >> 4 <10 ms 16 ms <10 ms head office's ISP IP #2
>> >> 5 * * * request timed out.
>> >>
>> >> 5. I don't think there is any routing configured on
>> >> the member server (Routing and Remote Access
Server
>> >> does exists in Administrative Tools though).
>> >>
>> >> 6. I don't know how the IP filters are configured on
>> >> the RAS.
>> >>
>> >> As you can tell, I'm not very experienced with this
>> >> subject matter.
>> >>
>> >> Thank you,
>> >> Millie
>> >>
>> >>
>> >> >-----Original Message-----
>> >> >Can remote clients ping IP (not name!) of member
>> server?
>> >> What does tracert
>> >> >from client to member server show?
>> >> >
>> >> >How is routing configured on member server? How are
>> your
>> >> IP filters
>> >> >configured on RRAS server?. Can member server ping
>> >> client's IP address? What
>> >> >does tracert from member server to client show?
>> >> >
>> >> >Mike
>> >> >
>> >> >"Millie" <(E-Mail Removed)>
wrote in
>> >> message
>> >> >news:2db8b01c46a17$8b7577e0$(E-Mail Removed)...
>> >> >> Hello,
>> >> >>
>> >> >> Hardware Firewall
>> >> >> -has external ip
>> >> >> -has internal ip #1
>> >> >> -port 25 forwards to internal IP #2 (domain
>> controller)
>> >> >> -port 443 forwards to internal IP #2 (domain
>> controller)
>> >> >> -port 1723 forwards to internal IP #2 (domain
>> >> controller)
>> >> >> -port 81 forwards to internal IP #3 (member
server)
>> >> >>
>> >> >> Domain Controller
>> >> >> -has internal ip #2
>> >> >> -W2K Standard with Exchange 2K on it
>> >> >> -Remote Access Server
>> >> >> -Certificate services
>> >> >>
>> >> >> Member Server
>> >> >> -has internal ip #3
>> >> >> -W2K Standard
>> >> >> -intranet documents
>> >> >>
>> >> >> The branch office use a dialup network connection
to
>> >> >> establish a PPTP VPN connection, and then open
their
>> >> >> Outlook XP to access their email that is stored on
>> the
>> >> >> domain controller.
>> >> >>
>> >> >> With the VPN up, the branch office can't see the
>> member
>> >> >> server to access the intranet documents. I have
had
>> to
>> >> >> create an Internet icon on each computer with the
>> >> >> URL "http://external ip:81/directory name" in
order
>> for
>> >> >> the branch office to access the intranet
documents.
>> >> >>
>> >> >> I can't figure out how to get the VPN connection
to
>> see
>> >> >> both the domain controller and the member server.
>> >> >>
>> >> >> Does anyone know how I can fix this problem?
>> >> >>
>> >> >> Thanks for your help,
>> >> >> Millie
>> >> >
>> >> >
>> >> >.
>> >> >
>> >
>> >
>> >.
>> >
>
>
>.
>