F5F Stay Refreshed Power Users Networks VPN Issues

VPN Issues

VPN Issues

D
Devon_playz
Member
Find
131
04-15-2016, 08:27 PM
#1
Hey there, welcome to the team! I just started a job at a local company and I’m still getting familiar with everything. Being an engineer, I’m used to technical details, but I’m also curious about networking basics. That’s why I noticed the IT team talking about an ongoing issue. They’ve been dealing with a network problem for months, and despite their efforts, it hasn’t been resolved.

To simplify: the company’s internal network is fully reachable through its LAN inside the building. The servers and internal resources are also available via a wireless network, but connecting to those from outside the building requires a VPN. The challenge comes when someone tries to access internal resources using a different network—like a personal connection—not the company’s internet. No matter the ISP or connection type, the VPN connection just won’t establish.

In Windows, checking the Event Viewer shows errors like 806 or 807 from the RAAS client. So far, we’ve tried checking the Juniper router for forwarding port 1723, PPTP forwarding, and enabling GRE. Those changes didn’t help. There’s also a security policy that blocks untrusted sources from connecting to trusted ones, and all these rules are active.

I’m not the IT admin, so I don’t have access to any equipment, but I think I understand what’s happening. Could it be related to Verizon’s side? Thanks for your help! The organization’s network diagram is attached if it might be useful. The red box likely points to the VPN issue—connecting from outside the company network works, but not through the wired LAN.
Reply
Reply
D
Devon_playz
04-15-2016, 08:27 PM #1

Hey there, welcome to the team! I just started a job at a local company and I’m still getting familiar with everything. Being an engineer, I’m used to technical details, but I’m also curious about networking basics. That’s why I noticed the IT team talking about an ongoing issue. They’ve been dealing with a network problem for months, and despite their efforts, it hasn’t been resolved.

To simplify: the company’s internal network is fully reachable through its LAN inside the building. The servers and internal resources are also available via a wireless network, but connecting to those from outside the building requires a VPN. The challenge comes when someone tries to access internal resources using a different network—like a personal connection—not the company’s internet. No matter the ISP or connection type, the VPN connection just won’t establish.

In Windows, checking the Event Viewer shows errors like 806 or 807 from the RAAS client. So far, we’ve tried checking the Juniper router for forwarding port 1723, PPTP forwarding, and enabling GRE. Those changes didn’t help. There’s also a security policy that blocks untrusted sources from connecting to trusted ones, and all these rules are active.

I’m not the IT admin, so I don’t have access to any equipment, but I think I understand what’s happening. Could it be related to Verizon’s side? Thanks for your help! The organization’s network diagram is attached if it might be useful. The red box likely points to the VPN issue—connecting from outside the company network works, but not through the wired LAN.

Reply
Reply
F
fury2580
Junior Member
Find
2
04-23-2016, 03:26 PM
#2
It's unclear what triggered the issue, but checking if the VPN connection reaches the Juniper router from outside would be a good start. I'm not sure about their logging details, so I don't know if they're using a separate VPN device.
Reply
Reply
F
fury2580
04-23-2016, 03:26 PM #2

It's unclear what triggered the issue, but checking if the VPN connection reaches the Juniper router from outside would be a good start. I'm not sure about their logging details, so I don't know if they're using a separate VPN device.

Reply
Reply
S
SlimePlaysYT
Junior Member
Find
36
04-24-2016, 07:43 PM
#3
The logging in the juniper router is enabled for trusted to untrusted sources, yet no traffic appears on that. Indeed, they use a separate Microsoft Server 2008 R2 machine as the VPN server. I reviewed the DHCP logs from the VPN server and found no external IP requests, only those from users on the wireless network.
Reply
Reply
S
SlimePlaysYT
04-24-2016, 07:43 PM #3

The logging in the juniper router is enabled for trusted to untrusted sources, yet no traffic appears on that. Indeed, they use a separate Microsoft Server 2008 R2 machine as the VPN server. I reviewed the DHCP logs from the VPN server and found no external IP requests, only those from users on the wireless network.

Reply
Reply
M
Melonen_Chef
Junior Member
Find
42
04-24-2016, 11:12 PM
#4
The scan results showed both successful and unsuccessful network connections. When trying to connect from outside the company network, the behavior matched what was described in the mentioned solution. The recent MS patch affected PPTP handling: packets from a different IP than the TCP connection were ignored by the server, preventing any response. I adjusted the firewall rules on the router to rewrite the source IP for Protocol 47 packets, including the client and firewall address, which resolved the issue. Regarding the firewall, it likely acts as the VPN gateway; if it's off, the Juniper router would need to be enabled for proper VPN operation.
Reply
Reply
M
Melonen_Chef
04-24-2016, 11:12 PM #4

The scan results showed both successful and unsuccessful network connections. When trying to connect from outside the company network, the behavior matched what was described in the mentioned solution. The recent MS patch affected PPTP handling: packets from a different IP than the TCP connection were ignored by the server, preventing any response. I adjusted the firewall rules on the router to rewrite the source IP for Protocol 47 packets, including the client and firewall address, which resolved the issue. Regarding the firewall, it likely acts as the VPN gateway; if it's off, the Juniper router would need to be enabled for proper VPN operation.

Reply
Reply