Scanning machines that use VPN clients to attach to thew network

teejayuu · ‎01-12-2011

Hi

We have a Window 2003 AD domain that only (at present) has XP SP3 clients. Some of our laptops are used by folks that work from home and these connect to the network using VPN tunnel to our ISA Server 2006 'firewall'. None of these are scanned unless the physically connect to the network.

I have implemented via Group Policy Windows Firewall settings and ensured that RPC and WMI kb's have been followed.

Is there a way to scan endpoints through a VPN tunnel?

Thanks
Tony

Tony In view of the fact that God limited the intelligence of man, it seems unfair that He did not also limit his stupidity. Konrad Adenauer

Hemoco · ‎01-18-2011

WMI is using random ports after the first connection: http://www.lansweeper.com/kb/used-TCP-ports.aspx

teejayuu · ‎01-18-2011

Quick update - it seems that the Firewall (ISAServer 2006 Std) was blocking port 135. I've created a rule to allow it through from the Internal to VPM Clients.

Am now getting just RPC server is unavailable 0x800706BA (10.1.1.118)

Tony In view of the fact that God limited the intelligence of man, it seems unfair that He did not also limit his stupidity. Konrad Adenauer

Hemoco · ‎01-18-2011

If the windows firewall is off, then something in between must cause the RPC problem.

Can you check the isa server log if it's dropping traffic between the lansweeper server and the vpn client.

Hemoco · ‎01-18-2011

What is the waittime for software in your configuration?
Do you see any rpc errors (or other errors)

teejayuu · ‎01-18-2011

Lansweeper wrote:
What is the waittime for software in your configuration?

2 days, although the previous scan was done on the 7th January

Lansweeper wrote:
Do you see any rpc errors (or other errors)

Yes:
The RPC server is unavailable 0x800706BA(REL2651.domain.org.uk,REL2651,10.1.1.118)
Cannot connect to DCOM port 135:Firewalled? (REL2651)

As per my original post, I have worked through all the KB's around this and it only appears about 3 minutes after I run LSClient - I've even turned Windows firewall off

Tony In view of the fact that God limited the intelligence of man, it seems unfair that He did not also limit his stupidity. Konrad Adenauer

Hemoco · ‎01-18-2011

teejayuu wrote:

The RPC server is unavailable 0x800706BA(REL2651.domain.org.uk,REL2651,10.1.1.118)
Cannot connect to DCOM port 135:Firewalled? (REL2651)

Is 10.1.1.118 the correct IP address of the client?
Do you see a different IP address if you use the lsclient /scanonip option?

teejayuu · ‎01-18-2011

Lansweeper wrote:
Is 10.1.1.118 the correct IP address of the client?
Do you see a different IP address if you use the lsclient /scanonip option?

Sorry, I forgot to mention that 10.1.1.118 is the correct IP address and is the same regardless whether I use /scanonip or not

Cheers

Tony In view of the fact that God limited the intelligence of man, it seems unfair that He did not also limit his stupidity. Konrad Adenauer

teejayuu · ‎01-18-2011

Hi Lansweeper

I now have scanning through the VPN Tunnel using LSClient (with and without the scanonip switch), unfortunately it does not seem to be updating the software tab (which at the moment is my main concern) although it does update the last logon as shown in Config > User info. Is this by design or do I need to use something else?

Cheers
Tony

Tony In view of the fact that God limited the intelligence of man, it seems unfair that He did not also limit his stupidity. Konrad Adenauer

Hemoco · ‎01-12-2011

If the RPC error occurs, please check the IP address that lansweeper tries to scan.
It's possible that your dns server is not updated and lansweeper tries to scan the internal IP address of the client.

You can try lsclient with the "/scanonip" option on the vpn computers.

Scanning machines that use VPN clients to attach to thew network

New to Lansweeper?

Try Lansweeper For Free