jrothatnd Posted December 1, 2004 Report Share Posted December 1, 2004 This only happens with Windows XP computers. Computers with Windows 2000 can be using VPN and get backup without any problem. When my XP users turn on their VPN, Retrospect does not see their computer. I can turn off the XP’s firewall, or I can turn off their VPN session and then Retrospect will see their computer. What is confusing me is the XP Firewall is set with all the default settings. I add Retrospect’s port 497 TCP & UDP in the exceptions tab. Why is XP’s Firewall blocking out Retrospect when VPN is on? Link to comment Share on other sites More sharing options...
natew Posted December 2, 2004 Report Share Posted December 2, 2004 Hi What VPN softare are you using? My cisco VPN software blocks local network access so the client will no longer work when its active. Can you connect to the clients via direct IP address when the VPN is running? Thanks Nate Link to comment Share on other sites More sharing options...
jrothatnd Posted December 3, 2004 Author Report Share Posted December 3, 2004 We are running Microsoft’s VPN client. Retrospect can not connect to the client when I type in the IP address. But when I turn off the XP’s firewall everything works fine. Link to comment Share on other sites More sharing options...
natew Posted December 6, 2004 Report Share Posted December 6, 2004 Hi Check your firewall settings and make sure that port 497 is open for both UDP and TCP. I would guess that UDP is being blocked right now. One time I had to set the firewall to block port 497 completely, reboot then unblock the ports before it would work. Thanks Nate Link to comment Share on other sites More sharing options...
jrothatnd Posted December 7, 2004 Author Report Share Posted December 7, 2004 I tired opening port 497 (TPC & UDP) on the VPN's connection, but Retrospect still does not see the computers. I should point out that the backup is going through the LAN connection and not the VPN. And when the users turn off their VPN, Retrospect see them. Link to comment Share on other sites More sharing options...
natew Posted December 8, 2004 Report Share Posted December 8, 2004 Hi Do you mean you opened port 497 on the firewall? Opening ports on the VPN shouldn't make any difference. Thanks nate Link to comment Share on other sites More sharing options...
gkowalsky6 Posted December 8, 2004 Report Share Posted December 8, 2004 I believe that's how the VPN actually works by design- it creates an encrypted tunnel between the client and your LAN, i.e., the retrospect server is not visible from client's side. However, I thought that the multicast packets should be working. Link to comment Share on other sites More sharing options...
jrothatnd Posted December 8, 2004 Author Report Share Posted December 8, 2004 Port 497 is open on the entire Firewall. Since Retrospect can't see the computer only when the VPN is on, I opened port 497 on the VPN connection just incase the XP's Firewall was doing something strange. Link to comment Share on other sites More sharing options...
jrothatnd Posted December 8, 2004 Author Report Share Posted December 8, 2004 gkowalsky6 that is exactly correct. The computer has two network connections; the LAN and the VPN. I understand Retrospect won't see the user throught the VPN, but it should see the computer through the LAN connection. Link to comment Share on other sites More sharing options...
natew Posted December 9, 2004 Report Share Posted December 9, 2004 Hi VPN connections can cause lots of problems: -They can route all multicast responses to the VPN adapter instead of the local lan. -They can disallow local network access -They can impose other firewall rules etc. In short, VPN connections can cause problems with client connectivity. At this point your best bet is to try to bind the client to the local IP address using the command line Retroclient -ip command. Either that or try adding a separate NIC to the machine. Thanks Nate Link to comment Share on other sites More sharing options...
jrothatnd Posted December 14, 2004 Author Report Share Posted December 14, 2004 Nate, I have several computers with this problem, so adding a second NIC is not an option. I am not familiar with the "Retroclient -ip command". How does it work and how should I use it? Can I use it to bind to an Active Directory name instead of an IP? Thank you for all your help. Link to comment Share on other sites More sharing options...
natew Posted December 16, 2004 Report Share Posted December 16, 2004 Hi It has to be by IP address. Open up an command line terminal and run \%path to client dir%\retroclient --help for a full list of client options. Thanks Nate Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.