Question about Cyberguard SG300 (00852503000366) Firewall

2 Answers

How to connect my MSSQL server through VPN by using PPTP

I can't connect my MSSQL server in the main office by establish a VPN tunnel over the internet using PPTP.
At main office side, the network IP is 192.168.1.X Net Mask 255.255.255.0.
They use a SG300 as a VPN server with public IP address 60.X.X.X.
At branch side, the network IP is 192.168.10.X Net Mask 255.255.255.0.
A VPN client been successful create and link to the main office. It can ping the MSSQL server by it's IP address but cannot ping it by name. At the VPN client computer, the MSSQL enterprice manager can't register or link the main office MSSQL server. How should i do?

Posted by on

  • 10 more comments 
  • YCNg Jan 22, 2008

    I did try already. If you change the branch network address to 192.168.1.? You can't ping the server address at VPN server site. According to the article that i found, it mention that the network address at VPN server and client site cannot be the same. The situation now is that, with above setup i can connect (ping or see the file by using \\server\c$) to the server. The problem is that the MSSQL enterprice manager cannot see the MSSQL server (by name / by address) that install at the VPN server site. I feel that the problem is not due to the address setting, but related to Port opening. Is that the Port 1433 for MSSQL remote desktop administration was not open? If yes, how to open it inside the SG300?

  • YCNg Jan 22, 2008

    Dear S,

    How do i mark my suggestion as thanks? I am first time using Fiya, i don't know how to make it. Can you teach me?

  • YCNg Jan 22, 2008

    Dear S,

    Thanks!

  • YCNg Jan 22, 2008

    Dear all experts,

    Anyone can help us? Its is very importance to me and have an urgency on this issue.
    Please!

  • YCNg Jan 23, 2008

    1. i have a static IP public address that provide by ISP provider, that is 60.X.X.X as what i mention above. The only thing is that i didn't configure it inside the SG300 device. Will it affected the NAT rounting table? If need to configure it, can you give me a hint how to configure it. Because i am new to this device, i affraid that i configure wrongly.
    2. The second things is that i can access the shared folders at the server side through typing \\ServerIPAddress\sharefoldername in the interner explorer. I can't see the share folder through My Network Places.

  • YCNg Jan 24, 2008

    Dear,

    I already rename my workgoup at VPN Client network, at VPN server network all using the same workgroup name.

    All the VPN server network computer auto receive the IP from the SG300 (DHCP server). The SG300 act as DHCP server and DNS server.

    I configure the SG300 DHCP server as below:
    Gateway address: SG300 IP address
    DNS address: SG300 IP address
    Domain Name: Blank
    WINS Address: MSSQL Server IP address

    The MSSQL server hold the WINS server role.

    At VPN cleint PC, at the dial-up icon , i doube click it and select the properties. At general tab, the Host name or IP address of destination is set to my static public IP address. At Networking Tab, i select the Internet Protocol(TCP/IP) --> Properties --> obtain IP / DNS server automatically --> advance --> DNS tab -->Add the SG300 IP address --> WINS tab --> add the MSSQL server IP address.

  • YCNg Jan 25, 2008

    Dear,

    I did confirm at mssql server(not mysql server) side the firewall is temporary disable during this VPN setup ( i am the administrator for this network).

    Now i can ping the MSSQL server name by IP address and NetBios name. My MSSQL server instant is ServerName\SQL2K (Windows NT).
    But when i click my computer, then my network places, view workgroup computer i can't see the server name or any pc name besides the pc name i use as VPN clieent to connect to the VPN server. I confirm the workgroup name is the same.

    Just a sharing with you and see you have any idea or proposal to me for the next step. Please read the contents of the forum in this UML.
    http://forums.whirlpool.net.au/forum-rep...

  • YCNg Jan 26, 2008

    Dear,

    anny update or proposal?

  • YCNg Jan 26, 2008

    Is that the same cause that i can't browse the server name at the my network place make me cannot see the sql server name in the mssql enterprise manager use?

  • YCNg Jan 27, 2008

    It's ok, not too late. I try your suggestion already, i can search the MSSQL server by name. But not means that i can serach the MSSQL\instance.
    I observe that the MSSQL port 1434 is not listening. Can you teach me how to setting the packect filtering or doing port fowerding inside SG300 for Port 1433 ,1434?

  • YCNg Jan 28, 2008

    Hi,

    I set up another machine as MSSQL server at VPN client site and link it to the VPN server.

    Now i have 2 VPN clients link to VPN server thru PPTP tunnel, one with MSSQL services running (192.168.1.100) and another one only install MSSQL clients tools(Enterprice manager)(192.168.1.101).

    Now at Enterprise manager i can detect the new MSSQL server with 192.168.1.100\instant name, but still cannot detect the MSSQL server services at VPN server site.

    I use microsoft portqueryUI.exe tools to query the MSSQL services port at both MSSQL server. From the data i observe that the TCP port 1433 will not listening at MSSQL server VPN server site. Sorry to inform that, the port query at MSSQL server VPN server is doing by remote desktop connection to the MSSQL server and execute the command locally.

    SG300 dociments state that no port will block under VPN connection. Confirm the SQL Server at the VPN server site is running. I can manage the MSSQL server services by using the Enterprice manager that install at the VPN server site.

    Is it the port 1433 problem?

  • YCNg Jan 28, 2008

    Dear friends,

    Good news, i did it.

    1. MSSQL by itself is Enable the name pipes protocol and TCP protocol. That means you can use NetBIOS name or TCP connect to it.
    The problem is during the MSSQL server setup, the vendor change the Instant port to 1033 not the default 1433. The remote enterprise manager (VPN client) try to seek for the port 1433 MSSQL services and definately the services are not running and the result must fail.
    2. I alter the Port number back to the default port number, then the connection is succesful, but i don't know will it affected my application from running???? I have to test it by tomorrow.
    3. I will let this case open for another 2 days, if nothing to request help from you then i will accept and close the case.

×

Ad

2 Answers

  • Level 3:

    An expert who has achieved level 3 by getting 1000 points

    Superstar:

    An expert that got 20 achievements.

    All-Star:

    An expert that got 10 achievements.

    MVP:

    An expert that got 5 achievements.

  • Master
  • 2,427 Answers

192.168.1.X is a local ip address ,, i trust that thhe vpn is in seperate places and is done with the wan ip over an internet connection?????

OK maybe the problem isnt on your side but the main office building,, when connecting , have someone looked for repeated attemps to connect by observing the fire wall,, if it appears to be blocked byu the firewall simply diasable any and try it out.. If it works then all you need to do is set the firewall correctly..

I was reading the ip address in your original post and those are local address,s are you certin the VPN is correct ???? did you use the correct STATIC IP ADDRESS ASSIGNED BY YOUR ISP??

Posted on Jan 22, 2008

  • 9 more comments 
  • Rishi Roshan Ali Jan 22, 2008

    Ok basically i believe that the problem is with your vpn setup, eighter you side isnt set up correctly or the server side is blocking you.. Verify that your vpn is connected by having the server side administrator look for our connection of see if you can access any shared folders or documents..

  • Rishi Roshan Ali Jan 22, 2008

    Also verify that your workgroup or domain is correct.

  • Rishi Roshan Ali Jan 23, 2008

    Ok i need to know your exact make and model and exactly what you need yo configure(no need for specifics) and i will give you a brief summary on how to go about it.

  • Rishi Roshan Ali Jan 23, 2008

    Your workgroup or you domain is set wrong, you need to change it,, right click my computer , click properties, then click computer name,



    you will see



    To rename this computer or join a domain click change,, CLICK change..



    if your domain isnt correct you will not see the computers in my netwoork places,, YOu may alsoe need to reset up your VPN after doing this.

  • Rishi Roshan Ali Jan 24, 2008

    Ok that seems like you got everything set up correctly..



    Ok lets have a look at the server side system. I'm sure they got firewalls there, let the find your connection and change your privilages, you ight have limited privilages and axcess. Just give them a call and have them verify its correct..

  • Rishi Roshan Ali Jan 24, 2008

    What i also need you to try is to ping the mysql server,

    if it pings then search its ip address and see if it shows up, basically i want to check your permission's on the sql server and see if you got axcess,,



    the next thing i want you to try is

    click my computer , then my network places,, (i know u said it aint showing up) double click on workgroup computer and see if anything shows up.. If not confirm that your workgroup/domian is the the same as sqlserver's workgroup or doman. the clients workgroup must match the vpn servers workgroup or the system's wont show up unless you search the ips/

  • Rishi Roshan Ali Jan 27, 2008

    Sorry for the long awated reply, I terreby apoligise sir. I was doming some extra research and setting up a few virtual systems to try to get a handle on your problem.. The only one i was able to recreate was the system not showing up in my network places, this was because the workgroup was wrong but as you said such isnt your case..



    Lets try a quick hack..



    On a system on the VPN, (not yours the one you are connecting too) share a folder.. now on your network search that pc.. e.g. start/search/computers or people/

    when you find it doulbe click on it,, find the shared folder, right click and then mount it as a virtual drive.. This should show up in mycomputer.. IF this works , you should be able to mount the mysql server as a virtual drive giving you direct axcess to it..



    If this works let me know,, You can also try searching the mysqlserver and see if you can find it, access it and manupilate it from the search tools. in xp its START/searchs/computer's or people,, basicalls you search the ip address

  • Rishi Roshan Ali Jan 27, 2008

    BTW is the MYsqlserver set as the same workgroup member and configuered propperly ?

  • Rishi Roshan Ali Jan 27, 2008

    ok min your settings , there should be port fowarding and port opem.. basically what you need to do is open or foward those ports on your SG300



    Of you can attempt to bypass this by setting your gateway to your vpn ip address((TRY not a guranteed work))



    let me try to get a SG300 so i can walk you through it.. reply in a bit

  • Rishi Roshan Ali Jan 31, 2008

    well ,, that is great news sir,,... the port was the first thing we should have checked sadly it slipped.. well anyway that is great..

  • Rishi Roshan Ali Jan 31, 2008

    just ensure your other apps uste the ports is set to the ports as well and its aviable , Check your server (sql) and see if anything eles is trying to use that port,, alose verify the firewall is port opened.. any way i guess you already know all that, but just thought i'd mention it :)

×

Ad
  • Level 3:

    An expert who has achieved level 3 by getting 1000 points

    Superstar:

    An expert that got 20 achievements.

    All-Star:

    An expert that got 10 achievements.

    MVP:

    An expert that got 5 achievements.

  • Master
  • 1,113 Answers

Change Branch IP to be in range ie 192.168.1.?not 192.168.10.?

Posted on Jan 20, 2008

  • 2 more comments 
  • Soulvisitor
    Soulvisitor Jan 20, 2008

    besides that you are over my head. Cheers

  • Soulvisitor
    Soulvisitor Jan 22, 2008

    I suggest you mark my suggestion as thanks for trying that will make this post, reappear to all experts.



    Sorry I can't be of more help.



    S.

  • Soulvisitor
    Soulvisitor Jan 22, 2008

    I've never been on your side before, but you have a option of getting help from other experts somewhere on your page.



    I think you see a screen that says Accept or Reply, you don't want either of those, look lower is there a link to getting help from other experts click here to repost?










    Cheers


  • Soulvisitor
    Soulvisitor Jan 22, 2008

    Looks like it's over everyones head.. so Go the port..here is the port open instructions LINK


×

Ad

1 Suggested Answer

6ya6ya
  • 2 Answers

SOURCE: I have freestanding Series 8 dishwasher. Lately during the filling cycle water hammer is occurring. How can this be resolved

Hi,
A 6ya expert can help you resolve that issue over the phone in a minute or two.
Best thing about this new service is that you are never placed on hold and get to talk to real repairmen in the US.
The service is completely free and covers almost anything you can think of (from cars to computers, handyman, and even drones).
click here to download the app (for users in the US for now) and get all the help you need.
Good luck!

Posted on Jan 02, 2017

Add Your Answer

Uploading: 0%

my-video-file.mp4

Complete. Click "Add" to insert your video. Add

×

Loading...
Loading...

Related Questions:

1 Answer

What is vpn server


Point-To-Point Tunneling Protocol (PPTP) is another tunneling protocol used to connect a remote client to a private server over the Internet. PPTP is one of the most widely used VPN protocols because of it's straightforward configuration and maintenance and also because it is included with the Windows operating system.
http://electronicshelponline.blogspot.com/ A VPN or Virtual Private Network is a method used to add security and privacy to private and public networks, like WiFi Hotspots and the Internet. VPNs are most often used by corporations to protect sensitive data.

Oct 25, 2016 | Computers & Internet

Tip

VPN in Microsoft Server 2003


The full form of VPN is Virtual Private Network. VPN gives extremely secure connections between private networks linked through the Internet. It allows remote computers to act as though they were on the same secure, local network. Allows you to be at home and access your company's computers in the same way as if you were sitting at work.

Almost impossible for someone to tap or interfere with data in the VPN tunnel. If you have VPN client software on a laptop, you can connect to your company from anywhere in the world. VPN goes between a computer and a network (client-to-server), or a LAN and a network using two routers (server-to-server). Each end of the connection is a VPN "endpoint", the connection between them is a "VPN tunnel".

When one end is a client, it means that computer is running VPN client software. You can use a virtual private network (VPN) to connect components to one network by using another network. VPN do this by "tunneling" through the Internet or another public network. With a VPN, connections across the public network can transfer data by using the routing infrastructure of the Internet, but to the user, the data seems to travel over a dedicated private link.

A VPN gives you the benefit of a dial-up connection to a dial-up server, plus the flexibility of an Internet connection. Using an Internet connection you can connect to resources all over the world. If you have a high-speed Internet connection at your computer and at your office, you can communicate with your office at full Internet speed. This is much faster than any dial-up connection that uses an analog modem.

VPNs use authenticated links to make sure that only authorized users can connect to your network, and they use encryption to make sure that others cannot intercept and cannot use data over the Internet. A Tunneling Protocol is a technology that helps make the transfer of information over the Internet more secure from one computer to another.

VPN technology also permits a corporation to connect to its branch offices or to other companies over a public network, such as the Internet, while helping to maintain secure communications. The VPN connection across the Internet logically operates as a dedicated wide area network (WAN) link.

VPN in Windows 2003 Server: You need a high speed Internet connection to configure and run VPN server. Two individual lan card must be present in a single system where you want to configure a VPN Server. The lan cards should ping each other. Also need a User which's Dial in allow access should be enable. Microsoft 2003 server two tunnelling protocols for a secure VPN connection, one is PPTP (Point-to-Point Tunnelling Protocol) which Provides data encryption using Microsoft Point-to-Point Encryption. The other is L2TP (Layer Two Tunnelling Protocol) which Provides data encryption, authentication, and integrity using IPSec.

Steps to create VPN Server in 2003 Server: At first I go to Start and point to Administrative Tools, then click Routing and Remote Access. Then I click the server icon that matches the local server name in the left panel of the console. If the Routing and Remote Access service was previously turn on, you may want to reconfigure the server.

To reconfigure the server Right-click the server object, and then click Disable Routing and Remote Access. Click yes to continue when you are prompted with an informational message. Then Right-click the server icon and then click configure and Enable Routing and Remote Access to start the Routing and Remote Access Server Setup Wizard. After that click Remote access (dial-up or VPN) to turn on remote computers to dial in or connect to this network through the Internet. Then I have Click to select VPN. In the VPN Connection window I click the network interface (Lan) which is connected to the Internet and go the IP Address Assignment window, then I click Automatically because there was present a DHCP server in network. However, if DHCP is not available, you must specify a range of static addresses.

If you use from a specified range of addresses, open the Address Range Assignment dialog box and Type the first IP address in the range of addresses that you want to use in the Start IP address box. Type the last IP address in the range in the End IP address box. Windows calculates the number of addresses automatically. After that I have accept the default setting of No, use Routing and Remote Access to authenticate connection request and finally Click Finish to turn on the Routing and Remote Access service and to configure the server as a Remote Access server.
For the remote access server to forward traffic properly inside your network, you must configure it as a router with either static routes or routing protocols, so that all of the locations in the intranet are reachable from the remote access server. It also need for security purpose.<SPAN style="LINE-HEIGHT: 115%; FONT-FAMILY: 'Verdana','sans-serif

on Mar 22, 2011 | Microsoft Windows Server 2003 Enterprise...

2 Answers

How to setup VPN on iPod?


connect to WiFi.
Tap General>Network>VPN>

you can try these settings I've used before:
Add VPN Connection. chose PPTP.
Give it a name under description.
Encryption Level:Auto
Send all traffic: ON
Proxy: Off
RSA SecurID: OFF

Here's the part that differs from the VPN I personally set up.
Server: enter the IP address of the VPN Server. this is specific to you, as to what server you want.

Account: Enter username and password to log in. If this VPN is for school, it would be your school username and school password you normally use.

The VPN at my school worked when I connected to their wifi and then turned on the VPN. for added information.

Jan 21, 2015 | Apple iPod Audio Players & Recorders

1 Answer

Trying to set up a vpn server on windows XP using


Did you already forward port 1723? I guess you have done that. To isolate it, try to bypass the router and setup or establish the VPN session there. If it doesn't work, maybe your ISP doesn't allow port 1723 or it's just the modem.

Oct 22, 2009 | Belkin F5D7230-4 Kit (F5D7230V4SNPDQ)

1 Answer

How to connect to my PIX 501 and use Windows Remote Desktop?


Here's a real simple problem to your remote access problems.
Go to: http://www.logmein.com
Sign up for a free acct, download/install their free software on your Server.
Now go over to your laptop, login to your new logmein acct.
In the next page, you'll see your Server listed. Click on it - follow instructions to connect.
This will tunnel through whatever stuff you have on your network!
Trust me - esp. in your scenario, this is *by far* the *simplest remote connect you'll ever perform! And it just .... works! Everytime.

gurutim

Mar 16, 2009 | Cisco PIX 501 Firewall

1 Answer

VPN Access does not work


Hi,
Use should add arp proxy setting as the following:
Go to Interfaces and then click on PPTP/L2TP server from the PPTP/L2TP Page go to the Add ROute Tab.
Allowed Networks should be : All Nets
under Proxy Arp you have 2 Boxes:
One is: Available and the other is Selected.
Under Available click on LAN and move it to Selected.
now save and activate and it should work.

Dec 18, 2008 | D-Link Netdefend DFL-210 (DFL210)...

2 Answers

VPN Using XP Servers and D-Link WBR-2310


I had exactly the same problem. The solution is to set up pptp as a virtual server pointing to the lan ip of the server. Port forwarding only forwards the port but not the GRE protocol (pptp passthrough)

Jul 26, 2008 | D-Link RangeBooster G WBR-2310 Wireless...

1 Answer

Can't ping or see anything on remote LAN


They are defective i have gone through like 5 or 6 of them before sending them all back i would sacrifice the gigabit and go with the RV042

May 21, 2008 | Linksys RVS4000 Router

1 Answer

BEFSX41 and Microsoft PPTP


Microsoft uses IP Protocol 47 [GRE] for this secure tunnel. Provided that the PPTP Pass Through is set to Enable on the Router's Filters page and port 1723 is forwarded to the VPN Server, the Router will allow authentication and remote access into your network. The router will also allow you access remote PPtP networks from behind the router providing the PPtP Passthrough is enabled on the router.

Feb 16, 2006 | Linksys BEFSX41 Router (DHBEFSX41)

Not finding what you are looking for?
Cyberguard SG300 (00852503000366) Firewall Logo

Related Topics:

1,911 people viewed this question

Ask a Question

Usually answered in minutes!

Top Cyberguard Computers & Internet Experts

Les Dickinson
Les Dickinson

Level 3 Expert

18424 Answers

Doctor PC
Doctor PC

Level 3 Expert

7733 Answers

David Payne
David Payne

Level 3 Expert

14162 Answers

Are you a Cyberguard Computer and Internet Expert? Answer questions, earn points and help others

Answer questions

Manuals & User Guides

Loading...