Bridging two LAN's via VPN

Similar Messages

• Transparent Tunneling and Local Lan Access via VPN Client

  Remote users using Cisco VPN 4.2 connect successfully to a Cisco Pix 515 (ver. 6.3). The client is configured to allow Transparent Tunneling and Local Lan access, but once connected to the Pix, these two options are disabled. What configuration changes are required on the Pix to enable these options? Any assistance will be greatly appreciated.
  Mike Bowyer

  Hi Mike,
  "Transparent Tunneling" and "Local Lan Access" are two different things. "Transparent Tunneling" is dealing with establishing an IPSec Tunnel even if a NAT device is between your client and the VPN-Headend-Device. "Local LAN Access" is dealing with access to devices in the LAN your VPN-Client-Device is connected to.
  What do you mean exactly with "disabled once the connection is made" ?
  You can check the local LAN Access by having a look at the Route-Table of the VPN-Client:
  Right Click the yellow VPN-lock Icon in System-Tray while the VPN-Connection is active and select "Statistics ...". Have a look at the second register page "route details".
  Are any local LAN routes displayed when your are connected ?
  And - always remember two important restrictions the Online Help of the VPN-Client is mentioning:
  1: This feature works only on one NIC card, the same NIC card as the tunnel.
  2: While connected, you cannot print or browse the local LAN by name; when disconnected, you can print and browse by name.
  Carsten
  PS: Removing Split Tunnel won't enable local LAN access as all traffic would be sent into the IPSec tunnel.

• Connecting two EA6500 routers via wireless bridge

  Hi, I want to know how can we bridge two EA6500 routers via wireless. I do not want to use the lan cable. Please help.
  Thanks,
  anandp

  This setup is not possible. You can only cascade the routers via wired connection. The access points on these routers are mainly transmitters, they're not receivers so you can't associate them wirelessly. You can, however, get a wireless bridge to do the job. Check out the Dual Band N Entertainment Bridge WET610N and Wireless N Universal Media Connector WES610N.

• Connecting two LANs

  Please,
  I plan on connecting two LANs together via. the internet (public resource). The LANs are across town.
  The computers on each LAN will be able to access other(some) computers on the other LAN (and vice-versa), they will still be able to connect to the internet. Basically, they will be able to share resources (files, application etc.)
  Undergone some research regarding this, was able to find out that having a VPN connection will be a good way to go. But I have no full knowledge on what hardware I will need. How to start exactly.
  If VPN is actually a good way to go, please let me know (maybe some other alternatives).
  If I can get a good picture of what to do, will be very happy.
  Please, can someone lead me in a good direction. Thank you.

  Hi
  First of all lets focus on the end points connectivity part.What is the internet terminating onto?Say if its a leased line or a Ethernet or ADSL, then you can directly terminate it onto a cisco router.If its a ethernet connectivity, then I would recommend PIX or ASA.
  Secondary we come to the tunnels,i.e, the link between both the offices which should be encrypted.This tunnel will be your pipe.Though a PIX/ASA by default support VPN tunnels and encryptions,you need to have that K9 IOS into the router.
  Pls eleborate on the connectivity medium, then it will be easier to suggest you something.
  Pls read the text at following link...it will give you a better picture...
  http://www.cisco.com/en/US/products/ps5743/Products_Sub_Category_Home.html
  Pls rate helpful posts.
  Regards
  JD

• Connecting two remote LANs through a VPN connection

  1)   
  I am trying to interconnect
  two LANs as you see below.
  2)   
  The scenario is to interconnecting two LANs with a
  single domain “domain.local” in order to have
  two domain controllers backing up each other. We already have a Domain Controller “SRVDC1.domain.local” in our local network “LAN1” and another Server which is going to be as both our
  secondary domain controller and VPN Server “SRVDC3.domain.local” in our remote network “LAN2” where is the
  Netelligent Network. I am trying to make these two servers (our two LANs)
  visible to each other by a MikroTik Cloud Router Switch solution.
  3)   
  I am using a
  MikroTik Router as a PPTP Client to VPN to our
  Remote Server SRVDC3 (87.75.45.66/29).
  4)   
  All the computers in
  LAN1, including Server SRVDC1, have a gateway set on “192.168.10.1” which is a
  Asus WiFi Router as a core switch which is connected to our Fiber Optic Translator. <o:p></o:p>
  5)   
  To prevent and minimize any down-time risk during the configuration, I have isolated one computer “table2pc5.domain.local” as sample of the
  whole network; by changing its gateway set to 192.168.10.6 (the
  Ether3-Slave-Lacal-interface on the MikroTikRouter).
  I am going to replace the “Asus WiFi Router” shown in the map, by the
  MikroTik Router later, after making sure that everything would work properly, so, everything is going to be naturalized after.
  6)   
  My
  solution simply can be explained as below:
  a.   
  Providing
  another interface in addition to “Netelligent Network” adapter.
  b.   
  To
  assign a LAN-based IP (in network range 192.168.10.0/24) to the added adapter (Microsoft Virtual Adapter)
  c.   
  Configuring
  SRVDC3 in Netelligent network “LAN2” as
  a Remote Access Server (VPN Server).
  d.   
  To provide a
  MikroTik Router/Firewall on the Edge of the
  LAN1 as VPN Client.
  e.   
  Configure
  MikroTik Router VPN PPTP connection to
  SRVDC3 via the Internet.
  f.     
  To have
  two LANs connected through a permanent VPN connection.
  7)   
  IP Addresses for the three EDGE-Devices (SRVDC1
  ßàMikroTik
  Router ßàSRVDC3)
  are as below:
  a.   
  SRVDC1:
  Interface:          
  Local Area Connection
  IP Address:          
  192.168.10.2/24
  Gateway:          
  192.168.10.1/24         
  (Asus WiFi Router)
  DHCP Server Pool:          
  192.168.10.1 – 192.168.10.254 (exclusions 10.1-10.50 , 10.50-10.99 , 10.200-10.254)
  b.   
  MikroTikRouter:
  Interface:          
  Local IP          
  IP Address:     192.168.88.1/24
  Interface:          
  Ether1-gateway-master         
  IP Address:     192.168.0.1/24
  Interface:          
  Ether2-master-local               
  IP Address:     192.168.88.1/24
  Interface:          
  ether3-slave-local                  
  IP Address:     192.168.10.6/24
  DHCP Server Pool:          
  192.168.10.1 – 192.168.102.254
  c.   
  SRVDC3:
  Interface:          
  Netelligent Network                
  IP Address:     87.75.45.66/29
  Gateway: 87.75.45.65/29
  Interface:          
  Microsoft Network Adapter     
  IP Address:     192.168.10.50/24
  Gateway: 192.168.11.1
  Interface:          
  PPP Adapter RAS                  
  IP Address:     192.168.11.1/24                      
  gateway:
  8)   
  The node “table7pc2.domain.local” is not able to see<o:p></o:p>
  Now, I would ask you to help me to realise this solution by helping me to find the Bad-Routing problem, and letting me know how to fix it.
  What NAT / Rout Paths or any configuration do I need to make this two LANs visible and recognizable to each other?
  I would introduce you critical nodes which play important roles in this configuration. I have tried to colour-mark them in order to have a better recognition once you take a look at the “Ping Result” table.
  The “Ping Result” table would give you an idea which nodes are able to see which others and where does problem hide itself?

  I got my own answer :D
  1) I have to right-click on my "Routing and Remote Access" Server.
  2) on IPv4 tab, I should define a static IP Pool. I had it done before; but since that I had chosen a wide range as 192.168.11.0/24, every time the router was taking a different IP address; so I should define a very small pool with two 2
  nodes as 192.168.11.1 and 192.168.11.2. In this way, I'll have the local address (router) as 192.168.11.2 and the remote address (my remote server) as 192.168.11.1
  3) After establishment of the PPTP connection successfully, I should add an static route to the "Netelligent Network" adapter. I had it done but in the RRAS routes, so that's why it didn't work. so:
  C:\SRVDC3>_ route -p add 192.168.10.0 mask 255.255.255.0 192.168.11.2
  [Enter]
  Now, I would be able to ping all of the computers whose their gateways are set on 192.168.10 (router)
  and If I wand to see all of the computers  at the first LAN, I have to put my router at the edge of the network, instead of the ASUS WiFi Router, then change it's IP address to 192.168.10.1 or alternatively set all of the computers gateways on 192.168.10.6.

• Slow finder Browsing when accessing LAN via VPN connexion

  I am running ML Server, latest upadte on a 2010 Mac Mini Server machine.
  When I am connected to my network from a remote location via VPN, and I try to browse my LAN structure with Finder, it takes ages for the list of folders/files to appear and refresh.
  I have checked my VPN configuration and tried different type (L2TP, PPTP) but nothing significantly differ in term of browsing speed.
  I also appreciate that the network connection at the remote location, as well as the upload speed on my local network can influence the overwal browsing speed... but after several test, I confirm I have more than 3 Mbps bandwith for upload on the local network, and 20 Mbps minimum on the remote location.
  I also tried AFP / SMB, but does not seem to change anything.
  So, I guess I hope the Community has already experienced the issue and some of you guys may have found a workaround to this issue.
  Many thanks.

  why not try cisco ipsec
  Input the following settings:
  Interface: VPN
  VPN Type: Cisco IPSec
  Service Name: This can be anything, I left the default.
  Edit the new interface details as follows:
  Server Address: cisco.vpntraffic.com or other country vpn such as Portugal VPN
  Account Name: Your vpn account
  Password: Your vpn password
  How to setup Mac OS X Built-In Cisco VPN

• Can I have two LANs with the same IP route to each other

  Hi there,
  I have a customer who has a televantage voip network on a private 192.68.0.0/24 network but has two sites connected via a wireless tower that wants to enable QOS over between the two sites by using a 2621XM router at each end. I've enabled QOS on both routers for voice and video but haven't deployed this yet since I'm not sure if I need to change one of the sites networks to a different network number since I'll have the routes in place with a 192.168.1.0 on the WAN side. If both remote networks stay with the same number scheme of 192.168.0.0/24 will they be able to find each other when requesting where a remote 192.168.0.0 host is or do I need to change of the offices networks to a 192.168.2.0 network to make this work? Sounds kind of basic but before deploying I wanted to get some input...thanks.

  Routers cannot route unless the address blocks for each interface are different.
  If you have two sites connected by any kind of link, and you'll use one site as a gateay to the Internet, then you'll need at least four different addresses/ blocks:
  The 'b' site LAN, i.e., fa/0/0:192.168.0.0/24
  The 'b' site WAN (interconnecting link), i.e., fa0/1: 192.168.1.1/30
  The 'a' site WAN (interconnecting link), i.e., fa0/1:192.168.1.2/30
  The 'a' side LAN, i.e., fa0/0:192.168.2.0/24
  (assumes that your wireless link is acting as a bridge or non-routing link) - the fa0/1 device connects to the wireless devices).
  If you use the same router on the 'a' side for the interconnecting link for both the 'a' LAN and the Internet gateway, then the third interface would be your Internet WAN address.
  The 'b' side LAN interface is your 'b' side default gateway for you clients
  The 'a' side LAN interface is the 'a' side default gateway for your clients
  Set a default gateway on the 'a' router to the ISPs Default gateway / next hop address.
  If you're using a third router for an Internet gateway, then the LAN interface address becomes the default gateway for the clients on that LAN, and you'll need to set up a static route pointing to the other LAN in the routers that connect the two LANs..
  A routing protocol may be useful but, depending on your actual bandwidth available, it's probably better to just set up static routes (no routing protocol bandwidth utilization).
  The /30 for the WAN link gives some economy of address usage, but it may also secure the link better, since there are no additional addresses for the intruder to use; they'd have to spoof one of the two valid addresses (.1 & .2) as well as crack your encryption (and / or other security).
  There's an armload of other possible configurations / topologies / address schemes, I believe this one would be reasonably common.
  The bottom line is that a router can only route from one address block to another. In order to pass traffic between two segments with the same address block, you need a bridge / switch, or some other layer one/two device (like a wireless transceiver pair).
  Good Luck
  Scott

• Can connect via VPN, but can't access AFP server on same Xserve

  Hi:
  I've set up our XServe with MacOS X Server 10.5.2 to do AFP and VPN (L2TP only; PPTP is disabled). The XServe is a standalone server, not connected to any other direstory server.
  I can connect to the XServe's AFP server from my Mac over our wired and wireless network. The AFP server shows up in the sidebar of Finder windows. So far, so good.
  I am able to successfully connect to our network via the VPN with Mac OS X 10.5.2 client (on two different machines) using L2TP through our network's firewall (on a Netopia T1 router; UDF ports 500 and 4500 and IP Protocol 50 and 51 are open) using a shared secret.
  But I cannot connect to the XServe itself to use Server Admin or AFP (using afp://server.company.com or afp://xxx.xxx.xxx.xxx via the Go > Connect to Server command).
  The error I get while connecting to the 10.5.2 AFP server is Some data in apf://server.mycompany.com could not be read or written (Error Code -36 ). I saw this error associated with a SMB problem in 10.4.x, but SMB is not running.
  Other iChat users in my office also do not automatically show up in the Bonjour list when I connect to the network. Other computers on our network do not appear in the sidebar of a Finder window. (I'm told these are to be expected, as Bonjour isn't supported (in the "local area Bonjour" over a WAN link - it's purely a multicast feature on the network in the office, and won't be routed across the VPN link. True?)
  Now, here's the odd part. There is a second server (v10.4.11) on our network running AFP. I can connect to it (using afp://server.company.com via the Go > Connect to Server command) and mount its various sharepoints via the VPN.
  The only thing I see in the VPN log that seems amiss is this (but I have no idea what it means):
  Tue Mar 11 23:09:27 2008 : Unsupported protocol 0x8057 received
  --Both the 10.5.2 and the 10.4.11 servers have DNS properly configured (though our ISP; we're not running our own DNS).
  --Both servers and the client have public IP addresses and have the same subnet mask. Network Utility confirms this while connected to the VPN.
  --NAT is not running. The ISP is responding with public IPs for the servers.
  --The firewall for the 10.5.2 server is not running (but will be once I get this all working).
  --The IP address range for the VPN server doesn't overlap our DHCP pool (which also currently uses public IP addresses).
  --Any user can access any service.
  --No network routing definitions have been set up.
  --In essence, I've followed the steps on Pages 141-142 of the Network Services Admin Guide.
  One other note: After I connect, the Network Preferences > VPN > Advanced > TCP/IP window shows the IP address for the client just fine (assigned from the VPN pool), but lists the router as having the IP address of the XServe (rather than the router on the network). Is that normal?
  I'm hoping I don't need to have the XServe run DNS as an internal LAN DNS server.... And I'm not sure why I would have to if I can already successfully connect to the 10.4.11 AFP server .
  What simple step am I missing?
  TIA,
  mm

  "I am able to successfully connect to our network via the VPN with Mac OS X 10.5.2 client (on two different machines) using L2TP through our network's firewall (on a Netopia T1 router; UDF ports 500 and 4500 and IP Protocol 50 and 51 are open) using a shared secret."
  I suspect you mean UDP ports and you might need UDP port 1701 open too.
  You only need IP protocol 50 (ESP), protocol 51 (AH) isn't used. And ESP is only used when client and server isn't behind NAT (when NAT is used only the UDP ports are used).
  "Unsupported protocol 0x8057 received"
  This is usually seen when you can't get GRE through but since you don't use PPTP I can't be sure why this is registered in the logs. Sometimes when connecting using PPTP you have to disconnect and then reconnect for everything to work - you might try this for L2TP too.
  But if you already can reach services on any LAN nodes through the VPN I wouldn't bother with it.
  As you have a firewall in front of the server you need a second alias IP on the server that you can use to get at the services running on the server through the VPN. The firewall blocks all ports protocols not opened - that's why you can't use the server main IP even if the VPN is up.
  The netmask is used by all nodes to determine how big your subnet is: what part of the IP number is the network number and what range the node number is in => really: should traffic be directed to a node on the same LAN or sent directly to the gw/router for forwarding.
  What you can't do is connect from a NATed network to another NATed network that both are using the same network number. (That's why people should stay away from using the "default" 192.168.0.0/24 and 192.168.1.0/24 networks for VPN server LANs).
  Try your settings at http://www.jodies.de/ipcalc to see what I mean.
  "...lists the router as having the IP address of the XServe (rather than the router on the network). Is that normal?"
  Yes. The VPN server is the VPN gw/router.
  "The firewall for the 10.5.2 server is not running (but will be once I get this all working)."
  If you already have a firewall in front of your servers that is a bit redundant.
  "--No network routing definitions have been set up."
  "I'm hoping I don't need to have the XServe run DNS as an internal LAN DNS server"
  You need routing definitions if you want to setup a split tunnel VPN or all traffic is routed through the VPN when connected. The VPN becomes the default gw.
  Without ipforwarding ON in the server you can only reach nodes on the server LAN - not Internet.
  DNS is needed for your servers forward and reverse names/IPs for advanced services but doesn't need to run in any of your own servers.
  If you decide to do a split tunnel VPN config (adding public and private routing definitions) a reachable DNS IP for VPN clients (in VPN config on server) is needed for VPN clients or they can't use names to find anything. To reach this DNS IP if public/not on your server LAN, you need your server to forward IP DNS lookups and have a routing definition for it.
  A split tunnel VPN only send traffic for your server LAN through the VPN and all other traffic directly to the local gw/router (Internet).

• Connecting two distant servers via a common WAN Internet connection.

  Hi all,
  I have two servers located in two different countries. For example Server A (Windows 2003 with Active directory) is located in Singapore. Another Server B (also Windows 2003 Server with Active Directory) is located in Kuala Lumpur. Both computers are connected to Internet via local ISP (WAN connection with dynamic IP) to respective countries.  There is few local users at each places which are connected to local servers at both places with LAN.
  I would like to connect these two servers togather via WAN (Internet- may be tunnelling, VPN, I don't know much what are other technologies) My objective is to connect both Server A and Server B so that I can keep track of active directory information, user management and authentication. Please let me know how can I achieve that? What are needed and what configuration and addition device, server needed. Please give me simple, detailed cost effective methods.
  Thanks.

  First you want to get static IP's and then you can setup an IPSEC tunnel or site to site VPN.  Then you will want to creat a trust between the 2 domains if they are in different forests.  Then you can add your user account to a universal group (forest functional level must be at Server 2003 level) for enterprise management.
  James Goodwin - Senior Technical Instructor & Network Infrastructure Expert
  MCT, MCP+ I, MCTS:Server 2008, MCTS: SCCM, MCTS:Vista
  MCSA:S, MCSE:S, MCITP:SA, MCITP:EA , MCITP:ES, CCNA,
  CCSI(# 32018),C|EH, C|HFI, C|EI, HDSA, A+, Network+, i-Net+, Server+, Security+
  My Blog:http://thattrainerguy.blogspot.com/

• Controling iOS Ports and URLs Via VPN and UTM

  I'm new to actual Network Security. My dad's worked network security, I've taken Security and programing classes. But in short, I have no real money and I'm too busy living the college life (Homework tell you're hired 3 years from now.) My goal this winter is to set up a UTM in the house. I'll probably go with Astaro. If not, WS2008 is my next choice. It's a bit harder on resources, to my experience, but I'm still new, so studying is required.
  my ultimate goal is to lock down my network. No uncleared Ports or URLs. I've learned with ZoneAlarm how much I love manual control of my network and thus the applications within it. I'm not a pirate, but I don't like programs validating. It seems insulting for my computer not to trust it's creater. so I block that. My goal is to lock down my more portable systems and reroute them back into the LAN via VPN and block outgoing and incoming ports and URLs from the UTM here.
  I realized that I can apply this technique to the iOSs as well, in theory. I'm here to ask for help with this.
  My questions:
  1. Can you forward ALL networked data to and through the VPNed Network without a single leek?
  2. Has anyone tried this and what problems have you had? (Exp: some apps might not like this. I can't imagine them wasting the processor power to check for his, but it's happened with countless PC programs)
  3. In regards to question number two's tangent, I'm making a special goal to block the new iAd Urls. I'm assuming they use the commonly open port 80. they don't want people to be without ads at school.
  Has anyone seen a problem with this?
  thank you in advance. I want to publish my findings in an easy How To Manual later. Sharing is caring. haha.

  Smith Comma John wrote:
  I was asking if anyone had actually tested the IOS for leaks. either Apple making a backdoor for their sake, or one of the apps exploiting a fault somewhere.
  Given the intense scrutiny that Apple is under, I doubt either scenario is a possibility.
  What I really ment to ask was "has anyone had problems with the apps not liking URL/Port limitations forced upon them". With ZoneAlarm, you can do exactly this and all of the programs I've used cannot access the internet without concent from the user. If blocked, the end up thinking that they're off line, but Crysis, for example will not intstall unless it get's an authentication check from crytec's server. You cannot install it without internet access (Assuming no workarounds/spoofing is used). Has anyone had problems with the applications after firewalling their ipad with in a similar fashion.
  On a Mac, people use Little Snitch for this. It is very handy to make sure SPAM in your inbox doesn't phone home if you accidentally open it.
  Because all such tools are system-level, you aren't going to run the on iOS. What you can do is run DD-WRT on your router. You could control and log all inbound and outbound traffic. It is essentially a port of Linux for your router. I used it for many years until I got a Time Capsule. As far as routers go, my ancient Buffalo router with DD-WRT was significantly better than the Apple Time Capsule. My iPad works great with it. I expect DD-WRT would be able to keep you suitably entertained.
  Frankly I'm not too happy with apple right now. Tryrony comes to mind.
  Don't believe what you read on the internet, especially if Apple is the subject.

• Server Admin not connecting to Leopard Server when accessing via VPN

  Hi everyone,
  Recently, as the title suggests, Server Admin (or Server Preferences, for that matter) would not connect to my remote server via VPN. I'm quite sure that the server is working nicely, as the users (both of them lovely young ladies with considerable charms, which makes on-site support quite interesting, if distracting) didn't call me to complain, and I can login via SSH with no problems.
  The server is a Mac Mini, connected to an Airport Extreme (gigabit N), which in turn connects to our ADSL modem, if that helps any.
  Now, I did tinker around a bit with the settings before this happened, so I think it's probably my fault (well, I started my "career" of administering this server a week ago, what do you expect), so I suppose I may have inadvertently limited access to a service required for Server Admin and Server Preferences to function.
  If anyone could tell me which services are absolutely necessary for Server Admin to function, or at least where to start looking, I'd be immensely grateful. I didn't yet go on site to try and wrestle the whole thing from there, as the travel costs are non-trivial, so I'd rather do it remotely, if at all possible.

  This is exactly the difficulty I am having with a 10.5.4 Intel xserve. I have established a VPN connection that connects me to my business LAN, and I know it has carried out the connection because there are a number of things I can access properly that are not available on the public internet. For instance, my LOM ports are restricted to my business LAN, and when I connect to the server via VPN I can access teh LOM ports and using server monitor. However, when I try to use Server Admin, nothing works. It won't connect. I too am confused. All traffic to the xserve is allowed via the business LAN. I thought all traffic was supposed to be routed to the VPN server when connected via a VPN. If this is the case, shouldn't Server Admin work? When I go on site and connect my computer directly to the business LAN, I have no difficulty using Server Admin.

• How to share internet if the server connects to it via VPN?

  Hi, mac brothers! Need your help.
  I have a server with 2 ethernet cards (en0, en1). It connects to internet via VPN on en0. LAN clients connect to the server using en1. I can't share VPN internet connection to LAN %(. (tried to find the answer in the 10.4 server documentation, but there is nothing about it).
  I know how to share internet connection when there is no VPN - direct connection via DSL modem...
  Can you help me?
  PS; 0S X Server 10.4.11

  You need to use NAT and have the firewall running.
  And then you need to use the VPN connection (PPTP?) "interface" (when connected), probably ppp0 - not en0, in your NAT config. This can be achieved by dragging the config (small symbol in lower right corner in NAT config in Server Admin) to the desktop, edit it (look for en0 and change it to ppp0), save it, and then drag it back into the NAT config window and save.
  I think the VPN tunnel must be up before turning on NAT/firewall so if you reboot the server you might need to turn NAT/firewall off -> on to make it work again.
  If the WAN/ppp0 IP is not static (so you can enter it in your server DNS) you probably will have trouble with many of OS X services running in the server.
  Most OS X server installations using an Internet connection with a shifting public IP is better off by putting a NAT router which can do the in initial connection (by DHCP, PPTP, PPPoE, whatever), between it and the Internet.

• Is symbian or windows mobile better to access mac shares via vpn?

  I am considering a smart phone purchase in the next few months, and I would like to be able to browse my server via vpn from the phone the same way I can with my Palm LifeDrive. I think Symbian or Windows Mobile are my best OS choices for a phone, and I was wondering if anyone has actual experience with this. Do they use PPTP or L2TP? At this point, the iPhone cannot edit documents, so it is not a consideration, but I am also curious if it allows for this type of remote browsing through a VPN.
  Thank you for any help that you can offer.
  Michael

  I have done some more testing and oddly enough I can map a drive if I use the IPaddress, but not the computer name, when checking the check box "connect using different credentials"and providing they users domain credentials.
  This seems to point to a DNS issue, one would think, but I can hit the file share server by name \\fileserver.dev.lan
  I can see all the shares, so dns seems to be fine right?
  So I don't understand why I can map a drive using do the IPaddress and not the machine name, but yet I can see and ping the server by name?
  When I try to create a mapped drive by machine name I receive the following message:
  Windows cannot access \\fileserver.dev.lan\all
  You do not have permissions to access \\fileserver.dev.lan. contact your network administrator  to request access.
  But if I use the \\x.x.x.x\all using the very same user and password I get connected with no problem.
  This only seems to happen on windows 8.1, which leads me to think that has something to do with OS. 
  I am thinking about upgrading to windows 8.1 pro, but I don't want to go though the hassle and expanse is the OS is not the problem.

• Kerberos issue when connecting via VPN

  Hi,
  I am have some issues when connecting via VPN.
  The following kdc log is issued when I log via VPN
  May 02 12:12:21 ATHENA.MYDOMAIN.LAN krb5kdc[163](info): DISPATCH: repeated (retransmitted?) request from 192.168.2.5, resending previous response
  May 02 12:12:21 ATHENA.MYDOMAIN.LAN krb5kdc[163](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.2.5: UNKNOWN_SERVER: authtime 1146535939, [email protected] for ldap/[email protected], Server not found in Kerberos database
  I also have a system log May 2 12:12:21 ATHENA DirectoryService[41]: GSSAPI Error: Miscellaneous failure (Server not found in Kerberos database)
  This logs only happen while logging through VPN.
  Any idea?
  Cheers
  Ben

  Hi,
  When using your VPN are yo using Terminal LIcense or Remote Desktop Connection?
  Please do the following to save form settings:
  1. Only 1 module should be open when using form settings.
      Close other modules that doesn't need.
  2. Close the module after changed. To make sure the settings are saved.
  3. Always close all the module before exiting SBO program, use the click FIle and Exit habit.
  4. Terminal Licensing should be use when connecting remotely.
  Thanks.
  Clint

• Can I use domain name to access local web (& other) services via VPN?

  I've just set up a VPN service for our office but, when connected via VPN, I can't seem to access our Wiki Server via our domain (http://example.private/groups/). Instead it will only let me access it via IP (http://192.168.1.2/groups/)
  Is it possible to access it via http://example.private/groups/ and if so what do I need to do?
  EDIT: actually, same goes with the local iChat and iCal services too.
  Message was edited by: Christiaan

  Okay, it's sorted. I phone Apple Support.
  The solution is to open Server Admin. Go to VPN Settings, then click on the Client Information tab, then add your local DNS server to the DNS Servers list (in our case 192.168.1.2).
  I would have expected the Standard configuration of Leopard Server setup to have added this by default, so I'll submit a bug report when I get a chance.