I've just set up a small wireless network at home through which I intend to use several devices to connect to the internet through my LAN!
The LAN gateway is running ISA 2004 and my home computer is running the necessary Firewall client (a completely secure connection with username and password)!
Now everything's working fine... the pocket pc hooks up just right and i can browse the network and do what I could probably do using my own personal computer BUT the internet doesn't work!
It keeps asking me for a username and password (which like i usually provide in internet explorer on my personal computer) which i do supply... three times in a row after which it gives me an error saying that ISA cannot authenticate me!
The home computer doesn;t run the internet without the firewall client, and i'm supposing the pocket pc is facing the same dilemma! is there any way to circumvent this issue? perhaps a mobile version of the isa firewall client?
Please help. Thanks!
afaik there isn't a mobile version of the firewall client.
I set my ISA server to allow anonymous internet access ,and set all my machines up as secure nat clients (set isa servers ip as default gateway, I use a dhcp scope to do this). There is lots of info on this on microsofts ISA server website, I'd suggest a look there first, or try a google for secure nat.
Good luck, works well for me but ymmv.
Related
HI guys,
Does anyone know how to get a static IP address when using the GPRS connection to the internet. The reason being is because our corporate firewall has to recognise the device through it's IP. Is there any other possible methods for recognising the user?
Also does a VPN work well over GPRS and is there any extra configuration involved on the VPN server
Cheers
Any answers would be great.
Unfortunately there is no simple answer to your question. AFAIK you cant get a fixed ip on gprs, but if your using the right firewall and the right vpn host you dont need to.
I use and supply windows sbs 2003 servers and vpn into them regularly. I have also used citrix to achieve similar results. Might be a bit difficult to persuade your firms it dept to set up something like that for 1 person though.
PM me if youd like any advice.
BillyB said:
HI guys,
Does anyone know how to get a static IP address when using the GPRS connection to the internet. The reason being is because our corporate firewall has to recognise the device through it's IP. Is there any other possible methods for recognising the user?
Also does a VPN work well over GPRS and is there any extra configuration involved on the VPN server
Cheers
Any answers would be great.
Click to expand...
Click to collapse
Hello Billy,
You ask a good question, but the answer isn't simple. Most carriers do have two types of APN (Access Point Name) provision for your SIM: "private" APN (which provides a non-routable IP assignment from behind a NAT, for basic browsing and e-mail functionality) and "public" APN (that provides a routable IP assignment, which is the Minimum Requirement for a more sophisticated connection type, such as VPN, etc). However, both of them are assigned by a DHCP (Dynamic Host Configuration Protocol) Server on a GGSN (Gateway GPRS Support Node) of your particular GPRS network operator. In either case, the end result will obviously be a DYNAMIC IP address on your GPRS terminal (be it a laptop PC, a PDA, or phone)
Some carriers do offer what is called a "dedicated APN" provision, which gives the subscriber their own IP range to choose from (almost like a small subnet), but it is only available to corporate giants like Pepsi (for example).
Now, to sum it up, you must have the proper APN provisioned on your Mobile SIM account (which the provider will normally call something like a "VPN data package" in billing terms). Then, you must obviously establish a GPRS session before you can connect your VPN client (but remember that most basic VPN clients work the best). It is pretty sad to say, but Microsoft Windows-embedded VPN client on Win2k/XP Pro so far has performed the best with no quirks whatsoever. It has to be via PPTP...L2TP has also worked for me..otherwise, the fancier (and more secure) the VPN tunneling protocol, the more its likely to fail. Normally all you need for a basic MS WIndows VPN client config is the Server name (or IP address), the user name, and the password.
Hope this helps,
Let me know how it goes,
Alex
PS. PM me if you have further questions.
VPN and TS Its like pulling teeth
hi all this has got to be the most anoying problem ever. i can connect to O2 vpn access point and hence i can connect to my work vpn server. however as soon as i try to open a TS connection to my desktop (through the vpn) the VPN connection is dropped and i never connect. Can anybody tell me why? if i have a vpn connection to my work server why does TS try to make another connection and bomb out the original. Is there a fix or another way of doing this i.e. does a external IP have to be nat'd to my desktop IP on port 3389? all help greatly appreciated. Ian
I am trying to set up a vpn connection and can connect to our firewall but I cannot connect to the network. If I try to pin the network it just times out.
The firewall is configured to allow the device through.
Can abyone help with this??
Thanks
Sorry I'm no expert on VPN or much else.
I use Remote Desktop through a router, firewall enabled.
Took a while to get through the firewall until I had set everything up properly.
You have to enable a virtual server port on the router to allow the traffic in, have you set one up and if so the right port number for VPN. From what I have seen its 1723.
Not much help I know, but seach on the internet for help on setting it up correctly, check your settings and double check.
Hi quest,
let me answer some questions to see things more clearly:
1. Do you use built-in (Microsoft) VPN-Client or 3rd party product
2. If Microsoft, what type of VPN did you set up? L2TP or PPTP?
3. If L2TP, how do you authenticate: Preshared Key or Certificate?
4. How do you know that the device connects to your firewall?
5. How do you know that the device doesn't connect to the network?
6. What exactly is the rule permitting your device passing the firewall?
The answers to your questions are:-
We are using the built in MS VPN client of Win Mobile v5.0 (5.1.1700 build 14352.0.1.0)
I have tried both PPTP and L2PT
When L2TP, I was authenticating with a preshared key
Firewall logs show PPTP negotiation successful, and issues a VPN IP address to the device
It can ping the firewall external interface, but times-out trying to reach an internal address
The VPN session is established, but the firewall logs don't register either deny or allow traffic for each internal ping request, rather the firewall packet error count increments for each failed attempt.
Any help is greatly appreciated.
The answers to your questions are:-
We are using the built in MS VPN client of Win Mobile v5.0 (5.1.1700 build 14352.0.1.0)
I have tried both PPTP and L2PT
When L2TP, I was authenticating with a preshared key
Firewall logs show PPTP negotiation successful, and issues a VPN IP address to the device
It can ping the firewall external interface, but times-out trying to reach an internal address
The VPN session is established, but the firewall logs don't register either deny or allow traffic for each internal ping request, rather the firewall packet error count increments for each failed attempt.
Any help is greatly appreciated.
I would like to use the built-in terminal services client to connect to one of our servers using the GPRS/VPN connection I am able to establish.
The problem is as follows:
I can establish the GPRS/EDGE connection to the internet. I then connect to the VPN and it shows that both connections are connected and data is running over the connection. I can ping the servers IP address, but as soon as I try to connect through the TS Client, it disconnects the VPN.
Has anyone been able to get this to work?
Be sure that your terminal server name does not has dots in the name. WM5 thinks that any name with dots is from Internet, and any name without is the Intranet ("my work network"). So, if you try to connect, for example, to the server named trm.company.com, WM% decides it is on the Internet and drops МЗТ connection.
To fix it: go to "Settings" -> "Connections" -> "Advanced" tab -> "Exceptions..." button, and add the server name with dots to the "Work URL" list.
If it helps, please, let us know here.
Thanks.
I have tried you recommendations and now the VPN does not disconnect. I think their must be some security enabled on the terminal server as I still can't connect. I think it must be something to do with Citrix or the encryption level on the server. I will investigate further.
Can you explain me waht is Terminal Services Client? (Any screenshot?)
Can I use it with my Jamin and laptop with USB cable or WiFi?
Many thanks!
The terminal services client is an application which is included in the ROM of most PDA phones. It allows you to connect to a terminal server from you PDA much like you would normally do it from you workstation using Remote Desktop. Remote Desktop Client = Terminal Services Client
If you go to Start, Programs on your PDA you should see the application listed there.
You can either do one of the following to use the client.
1. Connect you Jamin to you PC using the USB. You will need to activate the Modem Link application. Dial the GPRS connection from the PC and then connect to the terminal server using Remote Desktop on you machine.
2. Open a GPRS connection on the PDA (Not Connected to the PC). Open the terminal services client on the PDA and connect to the terminal server.
Great!
The connection must be always GPRS? I'll pay for do this?
Have you some screenshot?
Markino said:
Great!
The connection must be always GPRS? I'll pay for do this?
Have you some screenshot?
Click to expand...
Click to collapse
Relaxxx! If you don't know what is it - it means that you don't need it at all
To access aremote desktop you need any IP connectivity: GPRS, EDGE, WiFi, but the desktop you connect to is not a service It can be your home PC or your business server, but it is not a thing you can use as, for example, any web site.
You need to establish a server by yourself or got an account for your company IT guys. You will pay for IP traffic, of course...
irgavin said:
Thanks.
I have tried you recommendations and now the VPN does not disconnect. I think their must be some security enabled on the terminal server as I still can't connect. I think it must be something to do with Citrix or the encryption level on the server. I will investigate further.
Click to expand...
Click to collapse
I've checked out the remote desktop with Win2000 server, but without VPN, on the Active Sync connection, it is OK. Ensure that your server uses RDP protocol (Microsoft), not Citrix propiertary protocol.
hello all,
gots me a problem . im going to japan november, want to remote desktop back to here when necessary and be able to access a hdd here for dumping pictures. i have a lan here, wifi, it has a connection surfs the net etc.
it has an ip address from my router. is there a program or command that will get me the kind of command functionality of a dos/command prompt? ping, ipconfig, etc?
then if i can get them to talk, what steps do i need to take to remote in. do i need software? i enabled remote here, setup a user (vista BTW).
i cant access here from the laptop with xp either that one can ping. its also wifi currently. im obviously missing something and would appreciate any help, or web site links etc to show me what ive missed.
thanks in advance.
hi, a lot of admin utilities is in program called vxUtil. try to find it, if you are interrested. this is list of few features -
DNS Audit
DNS Lookup
Finger
Get HTML
Info
IP Subnet Calculator
Password Generator
Ping
Ping Sweep
Port Scanner
Quote
Time Service
Trace Route
Wake On LAN - magic packet
Whois
or look at HERE
so this was for PDA, and this is for full connection via SSH VPN encrypted connection. I work for Infineon/Qimonda company, and there is strict security policy in here. So we have not permitted to ping, or created FTP connection with outside and many other services (like sending files through ICQ and etc.). There is one way, use your own SSH tunell ;-) on my home PC I have installed WinSSHD Bitvise server liseninng on port 443 (which cannot be blocked, because all our lotus notes databases is secured with HTPPS) and from work I can connect easily to home. Then is easy to create FTP connection, or terminal, or full GUI terminal (mstsc.exe e.g.) Link to this server (not free) and also to very good client (free) is HERE
I also have few routers connected to stable IP´s adress, which also have VPN features. Then is easy for me to connect to my home lan from everywhere.
thanks so much, i knew someone would point me the right way.
since last post, i have managed to remote desktop from my phone on the LAN just using built in remote desktop. tomorrow i will attempt an internet connection probably not configured something yet!
im checking out those web pages now. thanks again
Hello,
I want to connect to my Company's VPN and read my e-mails.
My Company uses a Nortel Contivity switch to which I successfully connected with Bluefire Mobile Security VPN v2.7.5, Build 706 (IKE=DES+MD5+DH1; IPsec=3DES+MD5+LZH+PFS; NAT traversal active), using a cellular HSDPA connection. Now comes the bad part: I cannot configure Outlook to use the Exchange server nor the IMAP or POP servers (I tried with Flexmail 4 but with the same results) - it always say that the servers are not accessible. As far as I could figure it out, it seems that after the tunneling is operational, Outlook or any other software still tries to access the internet through the cellular connection (I tried to traceroot some addresses and it ALWAYS goes through the cellular line (not the tunneled connection).
What would be the correct settings in my connection manager so I could access the my Company's Exchange / POP / IMAP servers after I setup the VPN manually with Bluefire?
Thanks a lot!
DO you work for VZ ?? i too would like to connect to my vpn network ... I spoke to our techsupport and advised that wasnt possible ...just for bllackberry ... which i found odd ... i would be interested tofind out how to also
TheAlphonso said:
Hello,
I want to connect to my Company's VPN and read my e-mails.
My Company uses a Nortel Contivity switch to which I successfully connected with Bluefire Mobile Security VPN v2.7.5, Build 706 (IKE=DES+MD5+DH1; IPsec=3DES+MD5+LZH+PFS; NAT traversal active), using a cellular HSDPA connection. Now comes the bad part: I cannot configure Outlook to use the Exchange server nor the IMAP or POP servers (I tried with Flexmail 4 but with the same results) - it always say that the servers are not accessible. As far as I could figure it out, it seems that after the tunneling is operational, Outlook or any other software still tries to access the internet through the cellular connection (I tried to traceroot some addresses and it ALWAYS goes through the cellular line (not the tunneled connection).
What would be the correct settings in my connection manager so I could access the my Company's Exchange / POP / IMAP servers after I setup the VPN manually with Bluefire?
Thanks a lot!
Click to expand...
Click to collapse
!!!up!!!!!
when you configure your email account dont you specify which internet connection it should try to use? so shouldnt youspecify that your work conection is he connection that it should use to check mail.?