Quick Question

[jaypers]

Team,

I VPN on my laptop into my work network.
I can connect via VPN fine, but cannot RDP to the servers I need to.
Question: Do all connection ports (ie, port 3389 for RDP) go through the VPN tunnel, or does my local router have something to do with it?

FYI, earlier today, I worked with security guy at work, and he had me try with an air card, and I got to my server fine.

 

[eibgrad]

All VPNs are different. VPN is just a generic term, it doesn't define how any specific product will behave. Your VPN may very well drive only traffic within the same network as the VPN, while others may drive ALL traffic through the VPN (including Internet traffic). When using Microsoft's PPTP VPN, for example, this is a configurable option. For other VPN solutions, they probably have similar options.

Could your router play a role? It could if it was acting as the VPN client! Sometimes ppl configure the VPN client on the router (you can do this w/ a dd-wrt router, for example), so the router is responsible for the decision making for all the clients behind it. But most likely you’re using some sort of VPN client on the laptop that’s driving this process. I just wanted to illustrate that LOTS of possibilities exist depending on your VPN solution.

 

[jaypers]

Thanks, eibgrad

Yeah I use the Cisco VPN client. I've got an Ubee router provided by my internet provider. I have checked all the settings and it doesn't look like it's blocking anything.

I would like to go to my firewall team at work and tell them to open the ports, but wanted to make sure that my connections (and ports) were going through the Cisco VPN.

 

[eibgrad]

Again, as long as your RDP request’s IP address is in the same network as the VPN (e.g., 10.0.0.x), there's no reason it wouldn't use the VPN. That's the whole point of the VPN. It establishes you as if you were physically present on the remote network. And as such, a firewall typically doesn't come into play (if one does, it's likely only going to be a local firewall on the target machine itself). The only way you'd typically have a firewall issue is if you were specifying an Internet address (e.g., 123.44.66.12) and such traffic was NOT driven over the VPN. Now the VPN is irrelevant. It's like any other remote access, you need to open a remote firewall to get you on the remote network. But again, the whole point of the VPN is to get you inside that remote network without having to deal w/ firewall issues.

 

[jaypers]

Awesome! Thanks for your reply.
Looks like everything else is working. I can connect to the internet (via VPN) and my outlook and my Lync. The only thing that doesnt work is the servers. You've given me a lot of information, and I appreciate it.

 

[eibgrad]

I should add one other point.

You can have problems if the local and remote networks are using the SAME subnet! For example, if the local and remote networks were both 192.168.1.x, then your client doesn't know whether an IP address on the 192.168.1.x network should use the local or remote network (it will probably default to the local network, making all remote access impossible). So your RDP requests to say, 192.168.1.100, roam around your local network, in vain. That's why you need to make sure your local and remote networks are always DIFFERENT. That may explain why the aircard worked. It's using a network establish by the cellular network and very likely different from the VPN network, so no confusion.

I’m just guessing, but these are common “gotchas” w/ VPNs.

 

[jaypers]

eibgrad, Just wanted to let you know what the root problem was.
My local router. I didn't have IPSec Passthrough enabled, nor PPTP passthrough enabled. Once I did that, it worked.

 

[eibgrad]

Thanks for the feedback, it will help others I'm sure.