How JustAnswer Works:
  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site.
    Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.
Ask IT Miro Your Own Question
IT Miro
IT Miro, Computer Scientist
Category: Networking
Satisfied Customers: 3140
Experience:  Bachelor's Degree in Information Technology, Microsoft Certified Professional
30721786
Type Your Networking Question Here...
IT Miro is online now
A new question is answered every 9 seconds

I need to setup a VPN server at a small business currently

Customer Question

I need to setup a VPN server at a small business currently running windows server 2003. To explain our network setup. We have 7 LAN IP phones and 2 remote IP phones. There is 15 computers mostly running win 7 on the LAN. The DHCP server is currently our
network router (Asus). I need to setup a VPN server to allow remote staff to access only the file server on our LAN in the office. I have setup a VPN from the router side (ASUS) and can get access to the file server. However when the remote staff connects
to the VPN (created in the router) it also directs all of the remote staffs internet usage through our network. We need to only allow file sharing on our LAN to the remote user and Internet usage through the remote staffs internet connection. What is the best
way to accomplish this?
Submitted: 1 year ago.
Category: Networking
Expert:  IT Miro replied 1 year ago.
Hello! My name is***** looks like you have already configured the VPN access correctly, but will need to do one more thing. By default, VPN connection on a remote client computer uses gateway on remote (VPN) network which means the Internet traffic will go through that network. To solve the problem, you will need to un-check the Use default gateway on remote network check-box in the VPN connection settings. To do that, access the Network Connections folder (click the Windows Start button, open the Control Panel and click Network and Internet and then Network and Sharing Center. Click on Change adapter settings located in the upper left corner). Right-click on "VPN Connection" and select Properties. Click on the Networking tab. Select Internet Protocol Version 4 (TCP/IPv4) and then click on Properties. Click on the Advanced... button. Now un-check the Use default gateway on remote network check-box. Click OK several times to save the changes and close the windows. In case you use IPv6 protocol, do the same for Internet Protocol Version 6 (TCP/IPv6). If the VPN connection is active, you will need to disconnect it and re-connect and then all the Internet traffic will go through the client's Internet connection. You will need to make this change (un-check the check-box) for every remote client you are connecting to the VPN server. Let me know if you require further assistance. Regards,IT Miro
Customer: replied 1 year ago.
Thank you for the response. I have already tried this but then I can not get any local access or access to the file server on the work server. It does fix the internet usage problem but then does not allow my to access and of my work files.
Expert:  IT Miro replied 1 year ago.
Oh, I see. In that case, you will need to add a static route to the VPN server leaving the Use default gateway on remote network check-box un-checked. This is a common problem, so Microsoft described how to solve it. Take a look at this web page:https://support.microsoft.com/en-us/kb/317025
Customer: replied 1 year ago.
Alright Yes i have looked at this page. however I dont know what IP addresses to use as I am not sure?
Expert:  IT Miro replied 1 year ago.
Do you know the local IP address of the file server?
Customer: replied 1 year ago.
yes
Expert:  IT Miro replied 1 year ago.
OK. Here is what to do. Re-check the Use default gateway on remote network check-box on one client's computer and then connect it through the VPN connection. Once connected, right-click on "VPN Connection" and select Status. Click on the Details... button. Write down IP addresses for:IPv4 AddressIPv4 Subnet MaskIPv4 Default Gateway Let me know those IP addresses and I will tell you what to do next.
Customer: replied 1 year ago.
Alright here it is.
IPv4: 192.168.10.2
IPv4 Subnet Mask: 255.255.255.255
IPv4 Default Gateway: it is blank.
IPv4 DNS Server is: 192.168.0.1
Expert:  IT Miro replied 1 year ago.
Thanks! What is the IP address of the file server?
Customer: replied 1 year ago.
server LAN 192.168.0.101
Expert:  IT Miro replied 1 year ago.
Thanks! You can now disconnect the VPN connection and un-check the Use default gateway on remote network check-box. Open the Command Prompt as Administrator on a client's computer and type the following command to add a new persistent route: route -p add 192.168.0.0 mask 255.255.255.0 192.168.10.1 Now re-connect the VPN connection and everything should work.
Customer: replied 1 year ago.
Humm. alright so I entered as you said and I received "OK" i closed the cmd and reconnected the VPN connection. it says connected but I still can not get any file access from my work server. Is this because I have the VPN server running through my router at the office??
Expert:  IT Miro replied 1 year ago.
It looks like this route is wrong. Please do the following: Open the Command Prompt window and type: route delete 192.168.0.0 After that, re-check the Use default gateway on remote network check-box. Connect to the VPN. Check if you can access the file server. If you can, open the Command Prompt window and type the following: tracert 192.168.0.101 It will show you the results. Please copy the results and paste them here. To do that, right-click inside the Command Prompt window and select Mark. Now select the tracert results with the mouse cursor. When selected, right-click the mouse cursor to copy the output. After that, paste the output here so that I can be sure what IP route you need to add.
Customer: replied 1 year ago.
Alright Yes I was able to access the file server. Here is the results of the trace.
C:\Users\Bryan>tracert 192.168.0.101Tracing route to SERVER [192.168.0.101]
over a maximum of 30 hops:1 18 ms 18 ms 16 ms router.asus.com [192.168.0.1]
2 26 ms 15 ms 15 ms SERVER [192.168.0.101]Trace complete.
Expert:  IT Miro replied 1 year ago.
Thanks! Disconnect the VPN connection and un-check the Use default gateway on remote network check-box. Open the Command Prompt as Administrator on a client's computer and type the following command route -p add 192.168.0.0 mask 255.255.255.0 192.168.0.1 Now re-connect the VPN connection and check if it working.
Customer: replied 1 year ago.
Humm. Did that and still does not allow file server access. I get "Windows cannot access \\Server\d error code: 0x80070035 network patch was not found.
Expert:  IT Miro replied 1 year ago.
Please run the tracert again. tracert 192.168.0.101
Customer: replied 1 year ago.
This is the trace with the VPN connected and the Use default gateway on remote network UNCHECKED.
C:\Users\Bryan>tracert 192.168.0.101
Tracing route to 192.168.0.101 over a maximum of 30 hops1 <1 ms <1 ms <1 ms local.pandorashope.com [192.168.1.1]
2 24 ms 9 ms 7 ms 10.52.128.1
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.Trace complete.C:\Users\Bryan>
Customer: replied 1 year ago.
this is the correct one
Tracing route to 192.168.0.101 over a maximum of 30 hops1 <1 ms <1 ms <1 ms local.pandorashope.com [192.168.1.1]
2 24 ms 9 ms 7 ms 10.52.128.1
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.Trace complete.C:\Users\Bryan>
Customer: replied 1 year ago.
the first ping is <1ms local.pandorashope.com [192.168.1.1]
Expert:  IT Miro replied 1 year ago.
Thanks! Please disconnect the VPN connection and delete the current route by typing route delete 192.168.0.0 in Command Prompt. After that, add this route: route -p add 192.168.0.101 mask 255.255.255.255 192.168.10.1 Connect to the VPN and check.
Customer: replied 1 year ago.
Still getting the same message that it can not access the file server
Expert:  IT Miro replied 1 year ago.
Hmm. Please re-check the Use default gateway on remote network check-box and reconnect to the VPN. Open the Command Prompt and type: tracert www.google.com Let me know the results.
Customer: replied 1 year ago.
C:\Users\Bryan>tracert www.google.comTracing route to www.google.com [64.233.177.99]
over a maximum of 30 hops:1 16 ms 16 ms 16 ms router.asus.com [192.168.0.1]
2 36 ms 27 ms 27 ms 10.53.128.1
3 23 ms 41 ms 24 ms 172.21.0.196
4 46 ms 47 ms 35 ms 70.169.77.248
5 38 ms 37 ms 44 ms langbprj02-ae6.0.rd.la.cox.net [68.1.5.139]
6 35 ms 38 ms 37 ms 72.14.215.221
7 42 ms 39 ms 39 ms 209.85.248.187
8 46 ms 40 ms 66 ms 209.85.248.125
9 74 ms 74 ms 78 ms 72.14.237.49
10 101 ms 99 ms 101 ms 72.14.234.3
11 101 ms 101 ms 117 ms 209.85.142.153
12 * * * Request timed out.
13 101 ms 102 ms 99 ms yx-in-f99.1e100.net [64.233.177.99]Trace complete.C:\Users\Bryan>
Expert:  IT Miro replied 1 year ago.
OK. Please un-check the Automatic Metric check-box located below the Use default gateway on remote network check-box and type 1 in the Automatic Metric box. Click OK several times to save the changes and then reconnect to the VPN network. Let me know the results.
Customer: replied 1 year ago.
alright tried that and still same message.
Expert:  IT Miro replied 1 year ago.
Strange. I am not sure why the new route is not working. Is it possible for you to set up VPN server on Windows Server 2003?
Customer: replied 1 year ago.
Yes Im just note sure how to do it completely. Right now the router is the DHCP on the network. does the server have to be the DHCP server when running a VPN on the server? also which way is better to setup and run? I am looking for the best way
Expert:  IT Miro replied 1 year ago.
Please disable VPN on your ASUS router and enable it on your Windows Server 2003. You don't need to enable DHCP for VPN since you can assign static IP addresses for each client that are part of the original network the clients are connecting to. You can follow the instructions on this video:https://www.youtube.com/watch?v=dyBOibnl5aQ
Expert:  IT Miro replied 1 year ago.
How is it going?
Customer: replied 1 year ago.
I will have to go to the server. and set it up. I will be able to get to the server in 2 hours. I will update you. thanks
Expert:  IT Miro replied 1 year ago.
OK, take your time.
Customer: replied 1 year ago.
I have followed the video that you provided and I can not connect at all now. I keep getting connection error: 800
I have also forwarded the ports in my router for 1723. still nothing
Expert:  IT Miro replied 1 year ago.
Hi again! If you forwarded TCP Port 1723 and still cannot connect, please do some testing: First, set up VPN Connection on any computer connected to the same network as the Windows Server 2003 computer. See if the VPN will connect. Alternatively, you can set up VPN connection on the Windows Server 2003 computer itself and see if it will connect. That way you can check if you set up VPN service on the Windows Server 2003 computer correctly. If you are able to connect, please open this web page on the Windows Server 2003 computer:http://www.canyouseeme.org Type 1723 in the port box. See if the port is visible or not.
Customer: replied 1 year ago.
Alright I tried setting up a vpn connection from a computer that is on the same LAN as the server 2003. I was not able to connect. I checked the website that you gave and it does show that port 1723 is open.
Expert:  IT Miro replied 1 year ago.
Just to check, did you type the Windows Server 2003 IP address in the VPN Connection as the address you are connecting to, or you left the router's IP address?
Customer: replied 1 year ago.
Yes I tried both and nothing
Expert:  IT Miro replied 1 year ago.
Please right-click the VPN Connection on a client's computer and select Properties. Click on the Security tab. By default, the type of VPN is set to Automatic. Please select PPTP instead. Click OK and try to connect now.
Customer: replied 1 year ago.
Already tried that and nothing