VPN Issues

[apurv1595]

Hey, I'm new here and just started a job a local business in my city. I am an engineer here and IT is not what is in my job description but I like to get to know stuff and have some idea about networking in general. So that made me curious when the IT staff here mentioned me an issue they had been having. So this organization has had a problem with their network for months and no matter how much they tried it's still not fixed. The issue can be simply stated like this, the company's internal network is perfectly accessible through the LAN network inside the company building. The internal network and servers are also accessible via a wireless network in the building but for this after connecting to the access point, a VPN connection is required to access internal resources. The problem arises when somebody wants to access the internal network outside the company building, in short not using the company's internet connection. No matter what ISP or network, the VPN connection just simply refuses to connect on any other network. In windows, after checking the event viewer the problem shows up as error 806 or 807 from the Ras Client. Till now the fixes that we've tried are checking the Juniper router for forwarding port 1723, PPTP forwarding and GRE enable. That didn't fix anything. It also has a security policy for untrusted sources to trusted ones which have all of these rules enabled. I'm not the IT admin so I don't have access to any of the equipment and just stating what all I know. Any chance the problem would be on Verizon's side? Thanks for your help people. The organization network diagram is attached if that helps. The check-mark means the VPN is accessible through the wireless network but not through the wired one if from outside the company network. So the issue is got to be in something in the red box right? BTW the VPN server does respond to pings from outside the company network and ISP.

[2FA]

Hard to say what exactly the cause is, I guess the first step would be to see if the VPN connection attempts makes it to the Juniper router from outside. I'm not familiar with Juniper at all so I don't really know how verbose their logging is. Are they using a separate VPN appliance instead of the Juniper?

[apurv1595]

So the logging in the juniper router is turned on for the untrusted to trusted sources but no traffic is seen on that. Yup they do have a seperate Microsoft Server 2008 R2 machine as the VPN server. Did check the DHCP logs from the VPN server and there is no request for IP seen from outside of the organization, only from the people on the wireless network.

[apurv1595]

Did a wireshark scan of the successful and the unsuccessful network and when connecting from outside the company network, the response is similar to what this guy mentions.

 

https://www.pcreview.co.uk/threads/vpn-stopped-functionning-no-ppp-lcp-response-when-connecting-from-remote-lan.1574712/

 

Unfortunately after reading his solution I am more confused as to what he means by it. Can anybody please explain?

 

Here's his solution -

OK, I found the solution. It seems that a recent MS patch has changed
the way PPTP is handled: when the PPTP server receives protocol 47
packets that originate from a different IP as the one used for the TCP
communication (1723), the server simply discard them and do not send
any response packet back.

I simply changed the way the protocol forwarder was configured on the
FW so that it rewrites the source IP of the Protocol 47 packets and
put the client IP (and note the FW IP address) and everything works
fine now.

 

What does the FW mean in my sense as the firewall on the VPN is OFF so probably the Juniper router?