VPN Registration Problem

E

Edward Diener

I bought a router which supports VPN Passthrough, set up a static IP
address for myself in order to do port forwarding, and went into the
router's configuration and set up Ipsec and PPTP to forward to my static
IP address.

When I try to connect as a VPN client to a VPN server, it accepts my
username and password with no problems but after a long time saying
"Registering your computer on the network..." I get an error message
which says:

"TCP/IP CP Reported Error 735: The requested address was rejected by the
server."

The further explanation is:

"Your connection is configured to request a specific IP address. Either
the server is not configured to permit clients that request specific IP
addresses, or the specific IP address may already be in use by another
client. If possible use DHCP to avoid addressing conflicts."

Well now I am confused. I thought port forwarding was so that I could
forward my VPN to a static IP address, and not use DHCP which creates a
dynamic IP each time. Does the specific IP address refer to my static IP
address ? What do I tell the person who has the VPN server in order to
get my connection to his machine to work ? Do I have to tell him what my
static IP address is and make sure he configures his VPN server to
accept it ? I am trying to get some idea what specifically has to be
done on either of our ends to connect successfully. Thank you for any
help you can give me.
 
D

Doug Sherman [MVP]

You're confusing two different issues - actually two different IP addresses:

1. You are correct that port forwarding maps your public IP address (or
certain ports directed to that address) to the private IP address of your
VPN or some other server.

2. The message you are receiving relates to the IP address assigned to the
VPN CLIENT. When a VPN client connects to a VPN server, it's virtual
adapter is given an IP address on the Server's internal network. Depending
on how your RRAS/VPN server is configured, this address is assigned to VPN
clients by DHCP or from a static pool. You can also allow clients to
request a specific IP. Evidently, your client is configured to request a
specific IP and your server is not configured to allow this.

3. To configure your VPN client to obtain an address from the server, check
2 things:

a. Right click on the client's VPN connectoid and select properties. Click
the Networking tab and check TCP/IP properties - make sure it is set to
obtain an IP automatically.

b. In AD Users and Computers check the Dial-in tab of the client's user
account and make sure it is not set to request a specific an IP address.

Doug Sherman
MCSE, MCSA, MCP+I, MVP
 
E

Edward Diener

Doug said:
You're confusing two different issues - actually two different IP addresses:

1. You are correct that port forwarding maps your public IP address (or
certain ports directed to that address) to the private IP address of your
VPN or some other server.

2. The message you are receiving relates to the IP address assigned to the
VPN CLIENT. When a VPN client connects to a VPN server, it's virtual
adapter is given an IP address on the Server's internal network. Depending
on how your RRAS/VPN server is configured, this address is assigned to VPN
clients by DHCP or from a static pool. You can also allow clients to
request a specific IP. Evidently, your client is configured to request a
specific IP and your server is not configured to allow this.

OK. As I undertand it, the VPN server assigns my VPN client an address
on their network, and then VPN flows to my router who then passes it on
to my computer via my static IP address known to the router.
3. To configure your VPN client to obtain an address from the server, check
2 things:

a. Right click on the client's VPN connectoid and select properties. Click
the Networking tab and check TCP/IP properties - make sure it is set to
obtain an IP automatically.

OK, I changed this to obtain an IP address automatically. I was able to
connect, thanks ! But when I went to "Add a Network Place" and typed in
the very same address as the one I use in my connection ( ala
\\nn.nn.nn.nn ), in order to see shares I can access, and then click
Next, I received the message "The network path was not found". I I type
in the address with a share name which has been told to me ( ala
\\nn.nn.nn.nn\AShare ), and then click Next, I get the same message. But
if I ping it, the ping is successful.
b. In AD Users and Computers check the Dial-in tab of the client's user
account and make sure it is not set to request a specific an IP address.

What is "AD Users and Computers" ?
 
D

Doug Sherman [MVP]

It's an administrative tool for Active Directory domains. If the server is
not part of a domain, you can ignore this - instead check the local user
account properties on the server.

Doug Sherman
MCSE, MCSA, MCP+I, MVP
 
E

Edward Diener

Doug said:
It's an administrative tool for Active Directory domains. If the server is
not part of a domain, you can ignore this - instead check the local user
account properties on the server.

Thanks for your help.

The VPN server is on someone else's computer. Any idea what I have to
tell that other person to do so that I can access a share on that
computer after my VPN connection has been established ? What does it
mean that I can connect OK using VPN, and ping OK, but I can not either
see any shares or connect using a particular share on the other computer ?
 
D

Doug Sherman [MVP]

Well, if the 735 error is resolved, the remaining problem is name
resolution/browsing. Unfortunately, browsing over VPN connections is often
problematic. Typical solutions are WINS or lmhosts files. However, you
should always be able to connect to shares by using the IP address of the
server on which the share is located:
\\IPof Server\sharename.

Doug Sherman
MCSE, MCSA, MCP+I, MVP
 
E

Edward Diener

Doug said:
Well, if the 735 error is resolved, the remaining problem is name
resolution/browsing. Unfortunately, browsing over VPN connections is often
problematic. Typical solutions are WINS or lmhosts files. However, you
should always be able to connect to shares by using the IP address of the
server on which the share is located:
\\IPof Server\sharename.

The 735 error is resolved and the VPN connection is made. When I try to
connect to a share on the IPof Server, is my VPN connection
username/password passed to the VPN server to see whether or not I can
access that share, or is my Win2k username/password passed to the VPN
server to see whether or not I can access that share, or what is
actually passed ? In other words what to I tell the person running the
VPN server machine to do in order to allow me to access a share on
his/her machine ?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top