Network / VPN expert help - anyone ?

[CrossTalk]

OK, having proven to the whole idnetters community in my last post how dumb I can be, perhaps someone with a little more network knowledge than myself can throw some light on this problem:

My employer offers employee access to the corporate network using the Nortel Networks Contivity client software.

At the moment, I can sucessfully establish a VPN connection to the corporate network and can browse internal web servers, connect to VNC servers and a host of other services.  However I cannot connect to any network shares, or the corporate Exchange server.  My system event log is full of warnings about there being no authentication protocol being available and various Kerberos related error messages.

I've been working with my IT department who can't find anything wrong with my PC.
If I use a dialup account, everything works, albeit at a painfully slow speed.
I tried a colleague's laptop at my home and it exhibited exactly the same symptoms, although his works fine at home on his plusnet connection.
I also tried swapping my router (draytek 2600+) for my older Asus AAM6000EV to try to rule out a router issue - the same symptoms were observed - to my mind this rules out the router.

These problems seem to have only started occuring since I switched to IDNet - it used to be OK with Pipex - I don't think anything else changed around the same time, and I seem to have ruled out the particular PC, the router and the corporate infrastructure (by connecting via a dialup ISP).

Can you think of any reason why this might be or anything I should check?    I've spend way too many hours trying to figure this out & too many late nights / early mornings this week.

I'd be grateful for any ideas - however off the wall as my IT dept & I seem to have hit a brick wall on this one.


Regards,

Phil.

[RobMc]

Don't know if I can help much. I vpn into a Windows 2003 SBS server hosted on another adsl line with no trouble, so I don't think it's an IDNet problem as such.

One difference between your Pipex account and your IDNet account is that you will have different IP Address. The fact that you can establish a vpn connection and can access some services on your company network implies to me that the "bit over the internet" is working normally and you have some sort of authentication issues at the company end. This seems to be confirmed with your colleague's laptop experiencing the same problems when connected to your broadband connection.

I'd be inclined to think that somehow, somewhere, your company is filtering your connection based on your idnet ip address. However I would have thought that would have been identified by your company's IT Department.

I don't know if any of this helps, but you have my sympathy. Having something that nearly works is sometimes much more frustrating than something that doesn't work at all.

Rob.

[Rik]

CrossTalk

My immediate thought was do you have UpnP enabled on machine and router. After that, I have to confess the only other idea I had was to suggest you post this over in the Home networking section of ThinkBroadband, http://bbs.adslguide.org.uk/ , where I think you would find some real experts in this area.

Sorry.

[CrossTalk]

Rik, Rob,

Thanks for the ideas.

What I found strange was that I could establish the VPN ok - so it wasn't likely to be IP blocking.  (Some of the main users of the VPN will be sales / marketing who may be in hotels anywhere in the world, so IP addresses would be unknown).

Anyway, as you might be able to tell from my use of the past tense, I've managed to fix the issue.  It appears to be related to the MTU setting on my laptop.  I believe that the default MTU for network adapters on win XP is 1500.   I found a utility by BT over on Zen's support pages that optimises your PCs MTU settings (presumably based on characteristics of your ISPs network).

It changed my MTU settings from "default" to 1457.  I don't really understand why this worked, or why the "default" setting should cause only certain types of operations (UDP Kerberos authentication) to fail.  But I'm not that bothered - it seems to work OK and that's what matters (though if someone can explain, it would be nice to understand)

Phil.

[Rik]

Hi Phil

Miriam recommends 1458 as the optimum MTU on IDNet, and that certainly works for me. I guess these things are all about timing, and fragmented packets slow traffic down. Comms is, and always has been, a black art.

Glad you're sorted though, thanks for posting back, useful for future reference.