Can't access shared folders on NAT network through the VPN
I have set up a VPN from one office to another. The client is a Windows XP computer on a LAN without a firewall. It has a static Class C IP address and is connected by a T1 to the Internet. The other connection is connected to the Internet through a cable connection. The router has a static IP address but the internal network uses Network Address Translation (NAT). The router is a DLink router that supports VPNs. I am using a PPTP VPN. The computer I am trying to log onto is a Windows 2000 server with a static NAT address. The offices are set up on two separate domains. I log onto the other domain when I establish the connection. When I dial the VPN, I get connected and authenticated but I cannot see any of the shares on the NAT network. Any idea why this is? I have enabled the shares to allow access to dial-in clients and have given the Everyone group read access.
Many problems with accessing shares over a VPN are due to IP routing issues. You say that the router supports VPNs, but it sounds like you are using Windows 2000 RRAS. I think we can eliminate XP issues. You say you are successfully logging on and making a connection, and indicate the use of TCP/IP. So here are the possibilities:
- Has the RRAS server been set to not allow external clients access to the rest of the network? Remember that it is possible to restrict remote clients to just the server they are reaching.
- What address is the client getting when you are connected? Make sure it is one on the internal network. If the internal network is using a private address scheme, and NAT to reach the Internet, your client needs to get an address on the internal network. NAT doesn't work in reverse, so it won't give your client an address on the internal network.
- Is IP routing set up? You may need to configure IP routing -- check these settings in RRAS, but also check the routing table on the machine.
This was first published in January 2003