Weird VPN issue

[pollardhimself]

Here's what happening certain clients from difference service provides can get a vpn connections "pptp or L2TP/ipsec w/ preshared key" here to the office. However once it connects they cannot access anything whether its RDP, DNS, or access to files or browsing files by ip. They cannont even ping the server

Office service provider is cox
Server is 2008 r2
and I have done the registry fix for ipsec w/preshared key and confirmed it works
http://support.microsoft.com/kb/240262

Firewall is pfsense and I have all the correct firewall opening's

example:
Client 1 (XP x32)at home service provider (charter) can pptp or L2TP/ipsec
unable to connect to anything
Same client 1 same laptop uses his air card service provider (verizon) can pptp or L2TP/ipsec
Can connect to everything

Client 2 (WIN 7 x64) at home service provider (charter)
Can connect to everything


Client 3 (vista x64) at home service provider (charter) can pptp or L2TP/ipsec
unable to connect to anything
Same Client 3 same laptop to to my home service provider (cox)
Can connect to everything

From My home (WIN 7 x64) service provider (cox)
Can pptp or L2TP/ipsec
Can connect to everything with either vpn protocol

Thoughts: first i was thinking router for client 1 but he was able to get pptp connections here to the office before I upgraded the server. and i checked he has a RANGEMAX WPN824 which supports ipsec and pptp passthrough.

Need some ideas !!!

 

[pollardhimself]

I believe I found the answer client 1 home ip address range is the same as the work ip address range. So I probably got to figure out how to change the remote vpn clients ip range to something else and still get them network access without actually changing my work network ip address range




http://support.draytek.net.au/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=97

 

[Jamsan]

What IP range are you using at work?

 

[airdata]

I believe I found the answer client 1 home ip address range is the same as the work ip address range.

AHHH....

I had a similar issue w\ a user who had moved out of state. She could connect to the vpn but then couldn't RDP. Not sure exactly what type of internet service she had, but the way they had her ip address set up was on a 10.X.X.X network...

I never thought about that... I just thought the isp could have been filtering rdp traffic or something.

 

[RebateMonger]

Don't use an address range for a work network that is commonly used by home routers. That's why Windows SBS 2003, for instance, will suggest an IP range of 192.168.16.xxx as a starting point.

The problem is that if local and the VPN networks are in the same subnet, Windows doesn't know which direction to go (local or VPN) to access a particular IP address. If it needs to talk to 192.168.1.4, does it try the local network or the VPN network? Windows has to make a choice and if the choice is wrong, the network traffic will go the wrong direction.