Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > IP address blocked

Reply
Thread Tools

IP address blocked

 
 
Gib Bogle
Guest
Posts: n/a
 
      01-08-2012
On 7/01/2012 1:36 a.m., Dave Doe wrote:

>> More info: I use Cisco VPN client to use my work computer from home
>> (Remote Desktop). I have now determined that when this error condition
>> exists, it is being connected to the host via VPN that makes the host
>> network unreachable (Remote Desktop doesn't connect, ping fails, tracert
>> doesn't get to my DSL modem). If I disconnect from VPN then I can ping
>> the host again. In other words, the VPN client is somehow causing the
>> host IP to be blocked for other processes. Does this make sense?

>
> That is normal behavious for most VPN connections - it is a security
> risk otherwise - in that your local internet connection and computer
> could provide a path to your work (VPN connection).
>
> You can workaround it, IIRC, but I'd ask your work first, as it's likely
> to be against their security policy.


I'm rather confused by what you say. My REASON for using VPN is to be
able to work remotely on my work machine, using Windows Remote Desktop.
In fact this is what VPN enables me to do, most of the time. Since
the VPN software was supplied and is supported by our IT people, it's
highly unlikely that they don't approve of it.

As I said initially, most of the time the VPN connection enables me to
use Remote Desktop to access my work machine from home, and also to
access the work domain just like any other web site. When something odd
happens, an error condition is created in which I can still connect to
the work VPN, but all accesses to the work domain, including Remote
Desktop, web browsing, ping, are disabled while the VPN connection is
up. If I disconnect from the VPN normal domain access is restored.

Have I not explained the situation clearly? I'm not very familiar with
the terminology and the technology.
 
Reply With Quote
 
 
 
 
Gib Bogle
Guest
Posts: n/a
 
      01-08-2012
On 8/01/2012 12:52 p.m., JohnO wrote:

>>> More info: I use Cisco VPN client to use my work computer from home
>>> (Remote Desktop). I have now determined that when this error condition
>>> exists, it is being connected to the host via VPN that makes the host
>>> network unreachable (Remote Desktop doesn't connect, ping fails, tracert
>>> doesn't get to my DSL modem). If I disconnect from VPN then I can ping
>>> the host again. In other words, the VPN client is somehow causing the
>>> host IP to be blocked for other processes. Does this make sense?

>>
>> That is normal behavious for most VPN connections - it is a security
>> risk otherwise - in that your local internet connection and computer
>> could provide a path to your work (VPN connection).
>>
>> You can workaround it, IIRC, but I'd ask your work first, as it's likely
>> to be against their security policy.
>>
>> --
>> Duncan.

>
> I get around that by running the VPN on a virtual PC.


Maybe I didn't make it clear that it's the public web site at work that
I lose access to, specifically auckland.ac.nz. I don't believe this is
generally considered to present a security risk. Disconnecting from the
VPN restores normal browser access. This problem occurs only
intermittently, about once a week.
 
Reply With Quote
 
 
 
 
victor
Guest
Posts: n/a
 
      01-09-2012
On 9/01/2012 12:09 p.m., Gib Bogle wrote:
> On 7/01/2012 1:36 a.m., Dave Doe wrote:
>
>>> More info: I use Cisco VPN client to use my work computer from home
>>> (Remote Desktop). I have now determined that when this error condition
>>> exists, it is being connected to the host via VPN that makes the host
>>> network unreachable (Remote Desktop doesn't connect, ping fails, tracert
>>> doesn't get to my DSL modem). If I disconnect from VPN then I can ping
>>> the host again. In other words, the VPN client is somehow causing the
>>> host IP to be blocked for other processes. Does this make sense?

>>
>> That is normal behavious for most VPN connections - it is a security
>> risk otherwise - in that your local internet connection and computer
>> could provide a path to your work (VPN connection).
>>
>> You can workaround it, IIRC, but I'd ask your work first, as it's likely
>> to be against their security policy.

>
> I'm rather confused by what you say. My REASON for using VPN is to be
> able to work remotely on my work machine, using Windows Remote Desktop.
> In fact this is what VPN enables me to do, most of the time. Since the
> VPN software was supplied and is supported by our IT people, it's highly
> unlikely that they don't approve of it.
>
> As I said initially, most of the time the VPN connection enables me to
> use Remote Desktop to access my work machine from home, and also to
> access the work domain just like any other web site. When something odd
> happens, an error condition is created in which I can still connect to
> the work VPN, but all accesses to the work domain, including Remote
> Desktop, web browsing, ping, are disabled while the VPN connection is
> up. If I disconnect from the VPN normal domain access is restored.
>
> Have I not explained the situation clearly? I'm not very familiar with
> the terminology and the technology.



Might this be of use ?

http://support.microsoft.com/kb/317025
 
Reply With Quote
 
Gib Bogle
Guest
Posts: n/a
 
      01-09-2012
On 9/01/2012 1:04 p.m., victor wrote:

> Might this be of use ?
>
> http://support.microsoft.com/kb/317025


Thanks. That article is for Windows NT and 2000, not Windows 7. In any
case, I can connect to the internet normally when this error exists, all
the internet except for the auckland.ac.nz domain.

Gib
 
Reply With Quote
 
victor
Guest
Posts: n/a
 
      01-09-2012
On 9/01/2012 1:17 p.m., Gib Bogle wrote:
> On 9/01/2012 1:04 p.m., victor wrote:
>
>> Might this be of use ?
>>
>> http://support.microsoft.com/kb/317025

>
> Thanks. That article is for Windows NT and 2000, not Windows 7. In any
> case, I can connect to the internet normally when this error exists, all
> the internet except for the auckland.ac.nz domain.
>
> Gib


Maybe it is to do with the dns lookup when both are connected then. Can
you connect to the auckland.ac.nz sites by ip number ?
 
Reply With Quote
 
Gib Bogle
Guest
Posts: n/a
 
      01-09-2012
On 9/01/2012 1:35 p.m., victor wrote:
> On 9/01/2012 1:17 p.m., Gib Bogle wrote:
>> On 9/01/2012 1:04 p.m., victor wrote:
>>
>>> Might this be of use ?
>>>
>>> http://support.microsoft.com/kb/317025

>>
>> Thanks. That article is for Windows NT and 2000, not Windows 7. In any
>> case, I can connect to the internet normally when this error exists, all
>> the internet except for the auckland.ac.nz domain.
>>
>> Gib

>
> Maybe it is to do with the dns lookup when both are connected then. Can
> you connect to the auckland.ac.nz sites by ip number ?


It's not a dns issue - the IP number is correctly determined. tracert
shows that the packet fails to reach my ADSL modem.
 
Reply With Quote
 
Dave Doe
Guest
Posts: n/a
 
      01-09-2012
In article <jed7n8$mei$(E-Mail Removed)>, http://www.velocityreviews.com/forums/(E-Mail Removed), Gib
Bogle says...
>
> On 7/01/2012 1:36 a.m., Dave Doe wrote:
>
> >> More info: I use Cisco VPN client to use my work computer from home
> >> (Remote Desktop). I have now determined that when this error condition
> >> exists, it is being connected to the host via VPN that makes the host
> >> network unreachable (Remote Desktop doesn't connect, ping fails, tracert
> >> doesn't get to my DSL modem). If I disconnect from VPN then I can ping
> >> the host again. In other words, the VPN client is somehow causing the
> >> host IP to be blocked for other processes. Does this make sense?

> >
> > That is normal behavious for most VPN connections - it is a security
> > risk otherwise - in that your local internet connection and computer
> > could provide a path to your work (VPN connection).
> >
> > You can workaround it, IIRC, but I'd ask your work first, as it's likely
> > to be against their security policy.

>
> I'm rather confused by what you say. My REASON for using VPN is to be
> able to work remotely on my work machine, using Windows Remote Desktop.
> In fact this is what VPN enables me to do, most of the time. Since
> the VPN software was supplied and is supported by our IT people, it's
> highly unlikely that they don't approve of it.


It's not the VPN s/w itself the IT folk will be worried about, but the
subsequent internet connection once the VPN link is up.

>
> As I said initially, most of the time the VPN connection enables me to
> use Remote Desktop to access my work machine from home, and also to
> access the work domain just like any other web site. When something odd
> happens, an error condition is created in which I can still connect to
> the work VPN, but all accesses to the work domain, including Remote
> Desktop, web browsing, ping, are disabled while the VPN connection is
> up. If I disconnect from the VPN normal domain access is restored.
>
> Have I not explained the situation clearly? I'm not very familiar with
> the terminology and the technology.


I'd be talking to the work IT folk to resolve the problem. It does
sound like things aren't working at times - sometimes these are local
and remote IP conflicts. All in all, your IT support folk should be
able to help, given they provide and setup the VPN s/w and link. Maybe
it's at the VPN server end?, hence talk to the IT folk. The usual VPN
secure link provides access to domain shares etc, just as if you are at
work. Most VPN setups will lock out local internet access while up for
security, but it doesn't sound like this is your problem as I originally
guessed sorry.


--
Duncan.
 
Reply With Quote
 
Dave Doe
Guest
Posts: n/a
 
      01-09-2012
In article <(E-Mail Removed)-september.org>,
(E-Mail Removed), Dave Doe says...
>
> In article <jed7n8$mei$(E-Mail Removed)>, (E-Mail Removed), Gib
> Bogle says...
> >
> > On 7/01/2012 1:36 a.m., Dave Doe wrote:
> >
> > >> More info: I use Cisco VPN client to use my work computer from home
> > >> (Remote Desktop). I have now determined that when this error condition
> > >> exists, it is being connected to the host via VPN that makes the host
> > >> network unreachable (Remote Desktop doesn't connect, ping fails, tracert
> > >> doesn't get to my DSL modem). If I disconnect from VPN then I can ping
> > >> the host again. In other words, the VPN client is somehow causing the
> > >> host IP to be blocked for other processes. Does this make sense?
> > >
> > > That is normal behavious for most VPN connections - it is a security
> > > risk otherwise - in that your local internet connection and computer
> > > could provide a path to your work (VPN connection).
> > >
> > > You can workaround it, IIRC, but I'd ask your work first, as it's likely
> > > to be against their security policy.

> >
> > I'm rather confused by what you say. My REASON for using VPN is to be
> > able to work remotely on my work machine, using Windows Remote Desktop.
> > In fact this is what VPN enables me to do, most of the time. Since
> > the VPN software was supplied and is supported by our IT people, it's
> > highly unlikely that they don't approve of it.

>
> It's not the VPN s/w itself the IT folk will be worried about, but the
> subsequent internet connection once the VPN link is up.
>
> >
> > As I said initially, most of the time the VPN connection enables me to
> > use Remote Desktop to access my work machine from home, and also to
> > access the work domain just like any other web site. When something odd
> > happens, an error condition is created in which I can still connect to
> > the work VPN, but all accesses to the work domain, including Remote
> > Desktop, web browsing, ping, are disabled while the VPN connection is
> > up. If I disconnect from the VPN normal domain access is restored.
> >
> > Have I not explained the situation clearly? I'm not very familiar with
> > the terminology and the technology.

>
> I'd be talking to the work IT folk to resolve the problem. It does
> sound like things aren't working at times - sometimes these are local
> and remote IP conflicts. All in all, your IT support folk should be
> able to help, given they provide and setup the VPN s/w and link. Maybe
> it's at the VPN server end?, hence talk to the IT folk. The usual VPN
> secure link provides access to domain shares etc, just as if you are at
> work. Most VPN setups will lock out local internet access while up for
> security, but it doesn't sound like this is your problem as I originally
> guessed sorry.


Here's an article by Thomas Shinder on Windows Server 2008 and VPN setup
- dunno if it'll help you though...

http://www.windowsecurity.com/articl...s-Server-2008-
Remote-Access-SSL-VPN-Server-Part1.html

http://www.windowsecurity.com/articl...s-Server-2008-
Remote-Access-SSL-VPN-Server-Part2.html

--
Duncan.
 
Reply With Quote
 
Gib Bogle
Guest
Posts: n/a
 
      01-09-2012
On 10/01/2012 11:12 a.m., Dave Doe wrote:

> I'd be talking to the work IT folk to resolve the problem. It does
> sound like things aren't working at times - sometimes these are local
> and remote IP conflicts. All in all, your IT support folk should be
> able to help, given they provide and setup the VPN s/w and link. Maybe
> it's at the VPN server end?, hence talk to the IT folk. The usual VPN
> secure link provides access to domain shares etc, just as if you are at
> work. Most VPN setups will lock out local internet access while up for
> security, but it doesn't sound like this is your problem as I originally
> guessed sorry.
>


The problem is clearly at my end, i.e. Win7, since tracert shows that
the packet does not make the first hop, to my DSL modem. As soon as I
disconnect from the VPN the packet gets through.

The IT people have not been able to make any useful suggestions.

 
Reply With Quote
 
Dave Doe
Guest
Posts: n/a
 
      01-10-2012
In article <jefu5i$n1h$(E-Mail Removed)>, (E-Mail Removed), Gib
Bogle says...
>
> On 10/01/2012 11:12 a.m., Dave Doe wrote:
>
> > I'd be talking to the work IT folk to resolve the problem. It does
> > sound like things aren't working at times - sometimes these are local
> > and remote IP conflicts. All in all, your IT support folk should be
> > able to help, given they provide and setup the VPN s/w and link. Maybe
> > it's at the VPN server end?, hence talk to the IT folk. The usual VPN
> > secure link provides access to domain shares etc, just as if you are at
> > work. Most VPN setups will lock out local internet access while up for
> > security, but it doesn't sound like this is your problem as I originally
> > guessed sorry.
> >

>
> The problem is clearly at my end, i.e. Win7, since tracert shows that
> the packet does not make the first hop, to my DSL modem. As soon as I
> disconnect from the VPN the packet gets through.
>
> The IT people have not been able to make any useful suggestions.


You've sorta lost me, again You said previously that you lose
internet access on your *work* PC?

There's usually not much to do on the client side of a VPN connection -
what VPN s/w are you using?... Win 7 or third party?

And on your above reply, what sort of packet doesn't make it to your
modem? Is this an internet destined packet? This is normal behaviour
if you have a VPN connection up (you lose local internet (and network)
access).

I'm also wondering if you have a VPN credentials problem ??? If you
have a Windows Live a/c, then check this article out (Vista, but
probably the same for W7)...
http://social.technet.microsoft.com/forums/en-
US/itprovistanetworking/thread/275599f0-6239-46a5-8245-50a5c13a2713/

Otherwise, I think you should install a packet sniffer such Wireshark or
Microsoft Network Monitor on your PC and hopefully find out exactly
what's happening...
http://www.microsoft.com/download/en...ang=en&id=4865
http://www.wireshark.org/

And one other question, what server OS?

--
Duncan.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Site to open the blocked sites and blocked and encoded alagmy2030 Javascript 0 02-11-2011 11:54 PM
obtaining the IP ADDRESS of an IP POHNE by its MAC ADDRESS ProgDario Cisco 17 05-06-2005 02:32 PM
Routing to public IP of NAT address from internal NAT address Andrew Albert Cisco 1 02-08-2005 07:05 PM
blocked address John Computer Security 4 02-26-2004 04:28 AM
question about a blocked attack including other's IP address yellow submarine Computer Support 14 10-01-2003 04:21 PM



Advertisments