No I have not tried to do a packet capture, To get around it I set up a terminal server and through the vpn I can run the terminal session and do whatever I want graphically, which is nice but still not the answer..... We are using a private address range in the internal network and I am having dhcp pass everything wins dns etc.. I have a relay agent setup and my clients gets all the correct info if I do an ipconfig I have all the correct addresses. Just thought it weird that I can only ping vpn server by name? ..... I did find some documentation about the error I was getting I think was error 67 when I tried to do things by name. where did you add the route on the vpn server, you went into rras and added that Brian Tirch Entre Information Services -----Original Message----- From: Joe Pochedley [mailto:JoePochedley@xxxxxxxxx] Sent: Wednesday, November 28, 2001 9:43 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN Prob http://www.ISAserver.org Brian, What IP addresses are you handing out to your clients? I have had, on a few stubborn boxes, instances where even though I could flawlessly ping by IP address back and forth, services on the boxes didn't know how to communicate back to the VPN clients (seen this most often with web servers / services) though I still can't quite explain why... Our network is arranged as such... 10.1.xx.xx mask 255.255.0.0 for the main network VPN clients on 10.1.50.xx mask 255.255.0.0 VPN server 10.1.1.100 Even though the VPN clients are technically on the same network, as I said, some things just couldn't "find" them sometimes (it was an intermittent problem and very annoying to try and track especially when I could ping everywhere by IP address in both directions without error consistantly)... Adding a route to the 10.1.50.xx "subnet" through the VPN server cleared the problems right up... Don't know if this helps at all, but if you do have everything set up properly, I'm not quite sure what else to offer... Have you tried setting up a packet capture to see if the WINS or DNS server is getting the name lookup requests from the client (VPN) machines, and if it's responding? -----Original Message----- From: Brian Tirch [mailto:btirch@xxxxxxxxxxxx] Sent: Tuesday, November 27, 2001 3:54 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN Prob http://www.ISAserver.org I have the same issue but I have everything setup the way the link states below. I can vpn in but the only system I can resolve by name is the vpn server and I can map to the vpn server. I can ping the network by ip but can not map nor ping by name to the rest of the network. The network is all on the same segment, I have a dhcp relay agent so my clients do get the wins and dns addresses...... So what did I do wrong? -----Original Message----- From: Joe Pochedley [mailto:JoePochedley@xxxxxxxxx] Sent: Tuesday, November 27, 2001 2:02 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN Prob http://www.ISAserver.org Why do I feel like I've answered this question a dozen times... Here some snippits from previous posts... -------------------- The important thing to remember though, is that even though the RRAS (VPN) clients are getting their addresses from "DHCP", they're not getting the name server information from the actual DHCP server... Check out: http://www.isaserver.org/shinder/tutorials/configuring_ISA_for_inbound_VPN.h tm (link may wrap) --------------------- Basically the above link states that DNS and WINS info is handed to the RRAS/VPN clients from the RAS server, not from the DHCP server itself....... Make sure your RRAS server is configured with this information if you want the remote clients to get it... Also make sure that your WINS server can communicate with your VPN clients, otherwise the clients resort to broadcasts for resolving UNC names which is why it takes so long to get a response back when pinging by UNC... Also... ---------------------- Basically since your users aren't authenticating against the domain, only the RAS/VPN server, that's why they can't access domain resources... Instruct your users NOT to put their password into the DUN connection box and just connect... As long as you have CFMN set to log into the domain, the user will then be prompted for Username, Password and Domain... Under Windows 2000/XP Pro this can be avoided by checking the box labeled 'Include Windows Login Domain' under the VPN setup properties, Options tab... ----------------------- Hope that helps (again) JoeP -----Original Message----- From: Thomas Persson [mailto:thomas@xxxxxxxxxx] Sent: Tuesday, November 27, 2001 11:48 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN Prob http://www.ISAserver.org Hi We had a similar problem. VPN Clients (RRAS) dialing in could not browse the network or connect to shares using UNC. The only way to connect to internal shares was to Map it (ex. \\Server\Share to G:\). After a month (or so) while spending time with Microsoft Support they came up with a solution by installing WINS on one of our DC's, then enabling it on the DC holding the WINS Service, on the "Master" DC and on the DC holding the DHCP Service. After that it works just fine... ======================== Med vänlig hälsning / Best Regards Thomas Persson Datatal AB Web: <http://www.datatal.se/> Mail: thomas@xxxxxxxxxx Tel Direct: +46 (0)498-25 30 11 Tel Support: +46 (0)498-25 30 30 Fax: +46 (0)498-25 30 99 -----Original Message----- From: Armando Treviño López [mailto:armando.trevino@xxxxxxxxxxx] Sent: den 27 november 2001 17:23 To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN Prob http://www.ISAserver.org I've got the same problem when configuring a VPN using RRAS. Also It seems that no domain validate the vpn clients or there is a problem with the communication with WINS or DNS, because when i do a ping to an internal host by its name it takes to much time to get the reply, but when I do a ping to the ip address, i get the reply immediately. Anyone know the reason for this? or have the same problem? Thanks. -----Original Message----- From: Shamshad Ahmad [mailto:sahmad@xxxxxxxxx] Sent: Tuesday, November 27, 2001 3:30 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: VPN Prob http://www.ISAserver.org yes i can -----Original Message----- From: Muqeem Syed Sent: Tue 11/27/2001 2:36 PM To: [ISAserver.org Discussion List] Cc: Subject: [isalist] RE: VPN Prob http://www.ISAserver.org but can you access the other computers by using the unc path name.... -----Original Message----- From: Shamshad Ahmad [mailto:sahmad@xxxxxxxxx] Sent: Tuesday, November 27, 2001 11:09 AM To: [ISAserver.org Discussion List] Subject: [isalist] VPN Prob http://www.ISAserver.org HI all i m having a slight problem in VPN. I can connect to VPN right. I can browse intranet and other web sited locally hosted. but i cant browse network thru my network places. i can see only my computer under my domain name. shamshad ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: syed.muqeem@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: sahmad@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: armando.trevino@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: thomas@xxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: JoePochedley@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: btirch@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: JoePochedley@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: btirch@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')