VPN doesn't allow access to server

We used to keep two different addresses for the server and our IT folks wanted to consolidate them. There was no reason that the server and the vpn server addresses should be separate. However now if I have VPN connection I cannot connect to the server.
My DNS has reverse lookup set correctly (AFAICT)
% host vpnserver.TLD
vpnserver.TLD is an alias for opsxserve.TLD.
opsxserve.magnet.fsu.edu has address NNN.NNN.NNN.60
% host NNN.NNN.NNN.60
60.NNN.NNN.NNN.in-addr.arpa domain name pointer opsxserve.TLD.
% host opsxserve.TLD
opsxserve.TLD has address NNN.NNN.NNN.60
But when using VPN I cannot connect to the opsxserve.TLD for calendar, mail, admin, etc. This only happens when I am outside the firewall. When inside and use VPN it all works, I have set the option to send all data over VPN.

Let me try to clarify things. The server is back to the two IP configuration.
Server has 2 IP addresses and 2 dns entries one for services and one only for VPN, those would be
vpnserver @ IP 59
opsxserve @ IP 60 (where I deleted the top level domain and the first 3 sections of the ip address)
then when using VPN I have access to calendar, ldap mail, VNC, and server admin on the server.
But if use the following DNS set up to reduce IP address usage there is a problem
vpnserver alias to opsxserve
opsxserve @ IP 60
Then when using VPN from outside the firewall I cannot access iCal server, server admin etc. The server does not have its firewall turned on. All the VPN addresses assigned are on the same subnet as the server.
All the services have always run on the same box which is an early intel XServe.

Similar Messages

  • I'm trying to connect to my work's VPN.  I am connected to the VPN, but I cannot access the server. I keep getting a message that says the server may not exist or is unavailable.  I know that's not the case because my coworkers are connected. Can someone

    I'm trying to connect to my work's VPN.  I am connected to the VPN, but I cannot access the server. I keep getting a message that says the server may not exist or is unavailable.  I know that’s not the case because my coworkers are connected. Can someone please help me? 

    I have the same problem. It is only with tv shows and only with programs I have downloaded after the software update.
    Apple support sent me the above link too....but it doesn't solve the problem...my computer is authorized and the content is in my library and will play on my Mac air, but it will not sync the tv shows, it keeps saying my computer isn't authorized for it.
    No answers here, but you are definitely not alone with this issue.

  • Can connect via VPN, but can't access AFP server on same Xserve

    Hi:
    I've set up our XServe with MacOS X Server 10.5.2 to do AFP and VPN (L2TP only; PPTP is disabled). The XServe is a standalone server, not connected to any other direstory server.
    I can connect to the XServe's AFP server from my Mac over our wired and wireless network. The AFP server shows up in the sidebar of Finder windows. So far, so good.
    I am able to successfully connect to our network via the VPN with Mac OS X 10.5.2 client (on two different machines) using L2TP through our network's firewall (on a Netopia T1 router; UDF ports 500 and 4500 and IP Protocol 50 and 51 are open) using a shared secret.
    But I cannot connect to the XServe itself to use Server Admin or AFP (using afp://server.company.com or afp://xxx.xxx.xxx.xxx via the Go > Connect to Server command).
    The error I get while connecting to the 10.5.2 AFP server is Some data in apf://server.mycompany.com could not be read or written (Error Code -36 ). I saw this error associated with a SMB problem in 10.4.x, but SMB is not running.
    Other iChat users in my office also do not automatically show up in the Bonjour list when I connect to the network. Other computers on our network do not appear in the sidebar of a Finder window. (I'm told these are to be expected, as Bonjour isn't supported (in the "local area Bonjour" over a WAN link - it's purely a multicast feature on the network in the office, and won't be routed across the VPN link. True?)
    Now, here's the odd part. There is a second server (v10.4.11) on our network running AFP. I can connect to it (using afp://server.company.com via the Go > Connect to Server command) and mount its various sharepoints via the VPN.
    The only thing I see in the VPN log that seems amiss is this (but I have no idea what it means):
    Tue Mar 11 23:09:27 2008 : Unsupported protocol 0x8057 received
    --Both the 10.5.2 and the 10.4.11 servers have DNS properly configured (though our ISP; we're not running our own DNS).
    --Both servers and the client have public IP addresses and have the same subnet mask. Network Utility confirms this while connected to the VPN.
    --NAT is not running. The ISP is responding with public IPs for the servers.
    --The firewall for the 10.5.2 server is not running (but will be once I get this all working).
    --The IP address range for the VPN server doesn't overlap our DHCP pool (which also currently uses public IP addresses).
    --Any user can access any service.
    --No network routing definitions have been set up.
    --In essence, I've followed the steps on Pages 141-142 of the Network Services Admin Guide.
    One other note: After I connect, the Network Preferences > VPN > Advanced > TCP/IP window shows the IP address for the client just fine (assigned from the VPN pool), but lists the router as having the IP address of the XServe (rather than the router on the network). Is that normal?
    I'm hoping I don't need to have the XServe run DNS as an internal LAN DNS server.... And I'm not sure why I would have to if I can already successfully connect to the 10.4.11 AFP server .
    What simple step am I missing?
    TIA,
    mm

    "I am able to successfully connect to our network via the VPN with Mac OS X 10.5.2 client (on two different machines) using L2TP through our network's firewall (on a Netopia T1 router; UDF ports 500 and 4500 and IP Protocol 50 and 51 are open) using a shared secret."
    I suspect you mean UDP ports and you might need UDP port 1701 open too.
    You only need IP protocol 50 (ESP), protocol 51 (AH) isn't used. And ESP is only used when client and server isn't behind NAT (when NAT is used only the UDP ports are used).
    "Unsupported protocol 0x8057 received"
    This is usually seen when you can't get GRE through but since you don't use PPTP I can't be sure why this is registered in the logs. Sometimes when connecting using PPTP you have to disconnect and then reconnect for everything to work - you might try this for L2TP too.
    But if you already can reach services on any LAN nodes through the VPN I wouldn't bother with it.
    As you have a firewall in front of the server you need a second alias IP on the server that you can use to get at the services running on the server through the VPN. The firewall blocks all ports protocols not opened - that's why you can't use the server main IP even if the VPN is up.
    The netmask is used by all nodes to determine how big your subnet is: what part of the IP number is the network number and what range the node number is in => really: should traffic be directed to a node on the same LAN or sent directly to the gw/router for forwarding.
    What you can't do is connect from a NATed network to another NATed network that both are using the same network number. (That's why people should stay away from using the "default" 192.168.0.0/24 and 192.168.1.0/24 networks for VPN server LANs).
    Try your settings at http://www.jodies.de/ipcalc to see what I mean.
    "...lists the router as having the IP address of the XServe (rather than the router on the network). Is that normal?"
    Yes. The VPN server is the VPN gw/router.
    "The firewall for the 10.5.2 server is not running (but will be once I get this all working)."
    If you already have a firewall in front of your servers that is a bit redundant.
    "--No network routing definitions have been set up."
    "I'm hoping I don't need to have the XServe run DNS as an internal LAN DNS server"
    You need routing definitions if you want to setup a split tunnel VPN or all traffic is routed through the VPN when connected. The VPN becomes the default gw.
    Without ipforwarding ON in the server you can only reach nodes on the server LAN - not Internet.
    DNS is needed for your servers forward and reverse names/IPs for advanced services but doesn't need to run in any of your own servers.
    If you decide to do a split tunnel VPN config (adding public and private routing definitions) a reachable DNS IP for VPN clients (in VPN config on server) is needed for VPN clients or they can't use names to find anything. To reach this DNS IP if public/not on your server LAN, you need your server to forward IP DNS lookups and have a routing definition for it.
    A split tunnel VPN only send traffic for your server LAN through the VPN and all other traffic directly to the local gw/router (Internet).

  • Lumia 800 - Tethering doesn't allow access to Inte...

    Hello All,
    I've just updated my Lumia 800 to Tango. I now see the Internet sharing option. I can switch it on, other clients can see and connect to the WiFi hotspot.
    I tried to tether my Windows 7 laptop to the phone, but no luck - I cannot actually use the tethered connection to browse the Internet.
    I don't have any restrictions on my Internet usage plan.I can confirm this because with the same data plan (and SIM), my E6 (with Joiku hotspot) can share its Internet connection without any hassles.
    Any help would be appreciated.
    -Thanks!
    Present: Lumia-820
    Past: E6, L-800, N8, N900, 5800 XM, 6500 Slider, 6303c
    Solved!
    Go to Solution.

    Hi all,
    Thanks again for your feedback. Could you try to do the following;
    Disable Wi-Fi on the Lumia so it only has a Mobile data connection.
    Disable Wi-Fi access on the laptop
    Enable Internet sharing on the Lumia
    Enable Wi-Fi access on the laptop then find and connect to the Lumia access point.
    If you do not get internet access on the laptop please send me a personal mail with the following data:
    Phone carrier and country
    Laptop brand and model
    Used operating system (including any service packs!)
    The speed of the connection from Wireless Network Connection Status on the PC
    The following settings for the Interface on the PC (Wireless Network Connection Status>Details)
    IPv4 address
    IPv4 Default Gateway
    IPv4 DHCP server
    IPv4 DNS Server
    I will forward these toward the investigation.
    Kosh
    Press the 'Accept As Solution' icon if I have solved your problem, click on the Star Icon below if my advice has helped you!

  • Bridge CS6 doesn't allow access to many of my folders on iMac

    iMac with OS X 10.8.2 and Photoshop & Bridge CS6 and Lightroom 4.
    When try and access photos via Bridge most of my folders have a little red circle with a minus inside, denying me access to the folders.
    However, if I use mini Bridge in PS I can access all of my folders.

    moved from sharing and storage forum to photoshop

  • InDesign 2014 doesn't allow access to the Text tool

    I installed the 2014 update for InDesign and started work on an existing book project (about 70 pages in extent), replacing some of the graphics on the cover with eps files from Bridge. I can select the title and subtitle on the cover page too. But when I moved to the next page that I had not yet touched since installing ID 2014, I found the Text toll was not working. All it does is draw a box, but I can no longer click on text and work on it.
    I copied all the content on the cover page, quit ID 2014, opened ID 9.2.2.103 using an older version of the document, and pasted the changes into the old document. ID 9.2.2 works just fine, but each time I try using ID 2014 (v. 10.0.0.70), the same problem happens again.
    I have tried re-starting, starting in Safe Boot mode, exporting the file as .idml and re-opening it in ID 2014, but it is the same old bug all over.
    Any others have the same or similar experience, and any explanations and solutions to offer?

    I'll answer my own question now that it is solved:
    Deleting ~/library/Preferences and /Caches didn't solve the problem. In fact none of the suggestions helped. What really helped was to go to find the locked layer for all the pages and unlock it!
    ID 2014 set up a new view for my layout, and the layers tab was in a new place, and not it's full length anymore, so the locked layer wasn't visible like I was used to, but it was there nevertheless.
    What's the old saying about the source of the problem (and the solution) usually being found not too far from the front of the screen...

  • The search suggestion drop box doesn't allow you to go on the web when you click on the suggestion.

    When I type in a search word in the search box, the dropdown menu of suggestions doesn't allow access onto the web.

    Try Enter Selects: https://addons.mozilla.org/en-US/firefox/addon/7423/
    You can just start typing in the Location Bar, and press Enter to go straight to the first match.
    '''Other issues:'''
    Your are running an out of date Firefox that is potentially vulnerable to malware. Please consider upgrading using Tools -> Check For Updates or downloading and installing from http://www.mozilla.com/en-US/firefox/all-older.html
    Your plugins are out of date and also potentially vulnerable to attacks from malicious web sites. Consider getting them all updated with Plugin Check: http://www.mozilla.com/en-US/plugincheck/

  • PLEASE HELP, NEED VPN TO ACCESS EXCHANGE SERVER!!!

    Please can someone suggest an e-mail solution for me. Our exchange server is behind a corporate intranet that can only be accessed by establishing a VPN connection to it first. Is there any e-mail solution for E series that would allow access in such a set up.
    I would really really appreciate it if someone could reply as I growing very desperate.
    Cheers,
    Rob

    Try Nokia site & look for Nokia VPN client program.
    Knowledge not shared is knowledge wasted!
    If you find it helpfull, it's not hard to click the STAR..

  • How do I configure snow leopard server to allow local client to access the server using its public domain name

    I have SLS 10.6 running on my local network with DNS configured.
    I can access the server from a client on the lan using server.local or server.domain  where domain name is my publically registered domain,
    From the internet I can access my server using the registered domain name i.e. www.domain.com. 
    Is it possible to set my server up so that www.domain.com  also reaches the server when used by a client locally?   At present I get a page not found error.

    The configuration you're aiming for is called split-horizon or split-brain DNS, and it's quite possible.  It can get slightly hairy when you have different stuff using the same host name for different purposes, for instance, and you'll need to track all external DNS entries in your internal DNS server when you're running "split". 
    Here is how to set up DNS services.   Split-horizon is one of the options listed there.
    My preference is to use a different domain or subdomain within the network, and to avoid using split-horizon where I can reasonably manage it.  One domain name is configured for and reachable outside and is effectively public, and the other domain (or a subdomain) is inside and private and only reachable directly or via VPN, for instance.

  • If remote access is allowed on the server, Then can my users on the local network access this server by ie

    Dear all,
    If my server is enabled for the remote desktop connection, then the users on the local network can access my server IIS services by entering the IP address of my server in the IE (http/https) on the local network only.
    I went to control panel>>system>>Allow Remote desktop Connection>>with network level authentication.
    Now If my team wants to access this server not by opening the Remote Desktop Connection, rather by entering the IP address of my server on the IE and access the resources offered.
    Is it possible by this way,
    Or is there any other method to do so.
    Regards,
    Ahmed

    3. My web Developer is installing an application on the server for our department team. To test this application running, he wants to access this application through the local machine from browser (rather than logging in through the remote desktop connection).
    4. He wants this application to run on the local network only.
    5. He wants me to do some setup, that he must be able to enter the IP address of the server in the browsers address bar on his local machine and test the functionality of his application on the local network.
    If this is the requirements of the developer, I guess he wants you to configure IIS.
    You can do a test, whether IIS is working properly.
    Log on to server, enter https://localhost or http://IP_address_of_the_server don't know whether some ports are configured in order for your IIS to work.
    check out this youtube video:
    https://www.youtube.com/watch?v=tNAdv1EPj-I
    Every second counts..make use of it. Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
    IT Stuff Quick Bytes

  • HT1694 My hotmail access disappeared from my iPad. When I go to settings and click 'mail, contacts, calendars' the page freezes. It doesn't allow me to the account setting. Anyone have suggestions?

    My hotmail access disappeared from my iPad. When I go to settings and click 'mail, contacts, calendars' the page freezes. It doesn't allow me to the account setting. Anyone have suggestions?

    Your Settings app is crashing. Sometimes, the only way to fix this is by restoring the iOS software but hopefully it will not come to that.
    1. Quit the app completely and restart the iPad. Go to the home screen first by tapping the home button. Double tap the home button and the task bar will appear with all of your recent/open apps displayed at the bottom. Tap and hold down on any app icon until it begins to wiggle. Tap the minus sign in the upper left corner of the app that you want to close. Tap the home button or anywhere above the task bar. Restart the iPad.
    Restart the iPad by holding down on the sleep button until the red slider appears and then slide to shut off. To power up hold the sleep button until the Apple logo appears and let go of the button.
    2. Reset the iPad by holding down on the sleep and home buttons at the same time for about 10-15 seconds until the Apple Logo appears - ignore the red slider - let go of the buttons.
    3. You can try resetting all settings. Settings>General>Reset>Reset All Settings. You will have to enter all of your app preferences and device settings again.

  • My iphone shows a red circle alert but doesn't allow me to access it.  How do I get around this?

    My iphone shows a red circle alert but doesn't allow me to access it.  How do I get around this?

    Red circle alert to what?  Maybe post a screen shot of your issue.

  • The client connection is not allowed on the internal edge of the Access Edge Server

    We are trying to setup Lync 2013 Edge Server, we have a setup as described below
    Real IPs for Lync Edge/WebConf/AV
    NAT of real IPs through Firewall Juniper to FE IP
    Topology with NAT (Firewall IP) IP enabled
    Certificates for with SAN for sip.acme.com etc (Both certs are Client Server Auth Templates from Internal MS CA)(Trusted) on Edge
    Route  192.215.0.0 255.255.255.0 gateway (=firewall internal ip address)
    But when external user connects and we are tracing the connection we are getting below error and lync client is 
    not able to connect.
    TL_INFO(TF_CONNECTION) [1]0AD8.0C30::09/07/2014-08:11:13.091.0000000f
    (SIPStack,SIPAdminLog::WriteConnectionEvent:SIPAdminLog.cpp(454))[4150361027] $$begin_recordSeverity: information
    Text: TLS negotiation started
    Local-IP: 192.215.0.xxx:5061 (Edge IP)
    Peer-IP: 192.215.0.xxx:1835 (Firewall IP)
    Connection-ID: 0x1100
    Transport: TLS 
    $$end_record
    TL_ERROR(TF_CONNECTION) [0]0AD8.0638::09/07/2014-08:12:45.279.0000005d (SIPStack,SIPAdminLog::WriteConnectionEvent:SIPAdminLog.cpp(389))[4150360514] $$begin_record
    Severity: error
    Text: The client connection is not allowed on the internal edge of the Access Edge Server
    Peer-IP: 192.xxx.0.xxx:1322 (firewall ip)
    Transport: TLS
    Result-Code: 0xc3e93d6b SIPPROXY_E_CONNECTION_INTERNAL_FROM_CLIENT
    $$end_record

    Hi pshetty,
    Check the following blog to deploy your Edge Server:
    http://jsilverdrake.blogspot.se/2012/04/publishing-lync-with-forefront-tmg-part_25.html
    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
    sure that you completely understand the risk before retrieving any suggestions from the above link.
    You need to create persistent static routes on the internal interface to all internal networks.
    Regards,
    Lisa Zheng
    Lisa Zheng
    TechNet Community Support

  • I keep trying to send emails and it says its rejected by the server because it doesn't allow relaying... Any ideas how to fix?

    I keep trying to send emails and it says its rejected by the server because it doesn't allow relaying... Any ideas how to fix?

    There is something else that can cause this issue. Check the outgoing mail server setting. Make sure that your username and password are in there.
    Settings>Mail, Contacts, Calendars>Your email account>Account>Outgoing mail server - tap the server name next to SMTP and check in the primary server and make sure your username and password are entered and correct - even if it says that the password is optional.

  • HT1430 Email was rejected by the server because it doesn't allow relaying?

    Why would my email that I am trying to send be rejected by the server because it doesn't allow relaying? What does that mean in English?

    It means your email account doesn't have an authenticated SMTP server, which means it does not require a user name and password to send email with the account.
    Most, if not all internet service providers block the use of SMTP servers that are outside of their network or not provied by the ISP being used at the time unless the SMTP server is authenticated.
    Who is the email account provider?

Maybe you are looking for

  • Yoga 2 Pro microphone not working

    Hi all! I am now owning my Yoga 2 for a week and since yesterday I tried Dragon and Skype, but had to realize that the internal microphone(s) are not working! I reinstalled the drivers automatically as well as manually, deactivated the device, deacti

  • Can't reinstall Officejet Pro 8000 A809N driver on wired network

    Computer is running Windows XP with service pack 3 and all updates installed.  When I tried to print two days ago, I received an error message that no printer was installed.  I had printed earlier in the week without problems.  I checked the Printer

  • Can you change the look of the list in Itunes ?

    Hello, I am pretty new to Itunes and was wondering if you can change the way Itunes lists the songs etc you have in the library. For instance, if you have say 100 artists each with a few albums each with about 10 songs in each, your list will be rath

  • Convert Chinese on the fly

    Dear all, I have a DB which the NLS_CHARACTERSET is UTF8. In a table, we have a column which set as varchar2 data type. Users will put content into it (which some times are traditional chinese, and sometimes are simplified chinese). Based on the new

  • Little icon not showing up...

    i don't know how to load on music to my ipod... i checked the manual thing and my itunes should apparently have the little ipod nano icon in the source on the left and i just drag all the music there.. but i don't have that icon and i'm starting to g