 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Pocket PC Forum / End Users / SmartPhones / February 2006XV6700 VPN setup
After searching and examining many posts regarding Pocket PC and VPN configuration, I am still unable to get a workable VPN configuration. Although, it appears I can establish a VPN connection, I am unable to ping IPs on the VPN subnet with the exception of my own as set through DHCP during VPN session initiation. Before continuing, I have installed the vxUtils from Cambridge (http://www.cam.com/vxutil_pers.html) to aid in troubleshooting (ping, tracert, dns lookup, ipconfig). This app has proven most valuable during troubleshooting. Now to begin, under Start->Settings->Connections I added a modem connection using the same setup as the Verizon Wireless modem connection (#777), and added a single VPN entry specifying the public IP of the VPN server. Finally, I added a single entry to Start->Settings->Connections->Advanced (tab)->Exceptions of *.*. To establish the connection, I tap Start->Settings->Connections->My Work Network->Manage Existing Connections->VPN (tab), press my connection name for a moment, and tap Connect. All indications appear to connect successfully, and if I perform an IP config I can see RAS VPN Line 0 has the normal IP attributes for a valid connection on the VPN (IP, DNS, gateway, etc.). Yet when I ping an IP on the VPN subnet I receive "Request time out". I am also unable to resolve the IP address I am pinging using DNS lookup. Thank you for your help in resolving this matter Jim Ok try this, delete the modem connection that you created. Leave the entry that says "programs that automatically connect to the internet should connect using" set to verizon's default. Next under "programs that automatically connect to a private netowrk should connect using" tap "new", under the "general" tab name the connection then goto the "vpn" tab and tap "new" and enter you r vpn information. You may want to delete *.* entry for the exceptions unless you wish for all traffic to go through the vpn. Note that messenger traffic will still cause the vpn tunnel to drop even if you have *.* defined in the exceptions list. The final thing which I should've asked first is what type of vpn enpoint are you connecting to? At the moment I'm researching a problem that I'm having connecting to a watchguard vpn where I can't ping anything on the vpn yet I'm connected. I believe the problem I'm having is a configuration issue on the watchguard side but since I have to go through another person to get that configured things are progressing slowly.  Signature-- Eric Hicks [That_Kid] (MS-MVP Mobile Devices) The MS-MVP Program - http://mvp.support.microsoft.com This posting is provided "AS IS" with no warranties, and confers no rights... > After searching and examining many posts regarding Pocket PC and VPN > configuration, I am still unable to get a workable VPN configuration. [quoted text clipped - 24 lines] > > Jim I have the same exact problem. I'm using a Sprint PPC6700. When I connect to my company VPN I cannot ping any devices on the company LAN. I'm connecting to a Watchguard Firebox III 700 running v7.21 software. I administer the firewall so I can log in and verify that I'm connecting to it. When I try to ping a device on the company LAN I just get a request timed out message. Watching the firebox log in real time, I see that the packet never gets to the Firebox however. I can help you out with the Watchguard stuff if you need it. Chris McFarling > Ok try this, delete the modem connection that you created. Leave the entry > that says "programs that automatically connect to the internet should [quoted text clipped - 40 lines] > > > > Jim Well I just found this thread on the Watchguard forum. Doesn't sound to promising... Conf: PPTP Date: Monday, August 01, 2005 07:40 PM I am having numerous problems getting a pocketpc running windows mobile 2003se to connect via pptp over gprs to our firebox x700. My findings include: -ability to authenticate at the firewall successfully. If i disconnect and try to reconnect within 5 minutes, it will not work. This is not a security policy and i have tried this accross different hardware and software based firewalls with similar results -ability to authenticate at the firewall successfully but not ping or connect to any machines within our LAN. This could be related to the issue where the ip address assigned by our gsm operator(optus in australia) is in the same subnet as our internal machines. The gprs uses 10.1.x and our internal ip address range is 10.1.222.x I havent had the opportunity to the the process with a different operator (i.e. telstra or vodaphone). It does look the packets are trying to go through the vpn by using the pocketpc exception list. -I have successfully used the terminal services client after authenticating against an isa server to a machine with a different internal subnet to the gprs one. When it worked, it worked excellent, but it was painful. Is the windows mobile 2003 pptp implementation not compatible with watchguard firewalls or is it something else? Any help would be greatly appreciated as i cannot find many posts regarding this issue. ------------------------------------------------------------ Conf: PPTP Date: Tuesday, August 02, 2005 01:32 PM Brendan, The PPTP code in pocket devices has not shown to be compatible. Standard MS components from 98/2000/XP are the only types tested and supported to the Firebox PPTP. Many have tried to make this work, but I don't recall anyone being successful yet. But the PPTP code in the Firebox has not changed in a very long time. Best Regards, Scott Carlson WG Moderator ------------------------------------------------------------ Conf: PPTP Date: Wednesday, September 07, 2005 01:14 AM Gary, Brendan, Scott, Forum. Going back to the original question (kind of). What is the recommended Watchguard method for connecting mobile devices (Windows Mobile 2003) to the LAN using VPN? Regards, Liam ------------------------------------------------------------ Conf: PPTP Date: Wednesday, September 07, 2005 08:14 AM Liam, Currently there isn't one. The only way I can think of is if you have a RRAS server behind the Firebox and are forwarding to it. MS servers can accept PPTP from mobile devices. Best Regards, Scott Carlson WG Moderator Thanks for that information Chris, yeah that doesn't sound too good. I'm having problems with the watchgaurd 1000 but I'm sure they use the same thing across the board. I've tried connecting with both windows mobile 2003 and windows mobile 5. I do notice that when I connect using the devices my default gateway is always the device itself. It's really strange and I may replace the watchguard with a sonicwall to get around this issue. Signature-- Eric Hicks [That_Kid] (MS-MVP Mobile Devices) The MS-MVP Program - http://mvp.support.microsoft.com This posting is provided "AS IS" with no warranties, and confers no rights... > Well I just found this thread on the Watchguard forum. Doesn't sound to > promising... [quoted text clipped - 80 lines] > Scott Carlson > WG Moderator > I do notice that when I connect using the devices my > default gateway is always the device itself I think that's normal behavior. You get the same result connecting with a laptop/desktop (which works fine) I found several more posts on Watchguard's site about this. It's for certain that WM PPTP VPN client does not work properly with Watchguard. The only solution is to put a Windows RRAS server behind the firewall to act as your VPN endpoint and set up PPTP passthrough on the firewall. sigh..... Chris McFarling Well the site that has the watchgaurd will have a site to site vpn connection to my isa server and I'll setup a rule in isa which will allow me to vpn into my network and access the servers I need across the site to site link. That's of course if I can get the site to site link to work. I have problems with that as well yet site to site from a cisco pix to the isa works fine. I'm still thinking of adding the sonicwall. I'll have things mapped out later this week. Signature-- Eric Hicks [That_Kid] (MS-MVP Mobile Devices) The MS-MVP Program - http://mvp.support.microsoft.com This posting is provided "AS IS" with no warranties, and confers no rights... >> I do notice that when I connect using the devices my >> default gateway is always the device itself [quoted text clipped - 10 lines] > > Chris McFarling |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.