It’s very frustrating to see a user that tries to connect from home to the company’s network but he can’t.
Let’s find out what went wrong with this user who has been living in Westchester for a while then he brought the corporate equipment with him in a country located outside of the US.
The help desk in Westchester set up his desktop and laptop in the office, installed the corporate software and tested all the connectivity after having installed all the Windows and Office updates.
The user went back home in the US and had no issue in connectig to the Internet and accessing the corporate resources. His Internet speed in the US was 200 Mega download and upload which was enough to let him have a steady connection and work with no issues.
1- The user cannot connect to the corporate network after he moved outside the US.
2- The company's firewall did not block the country where the user went to live
3- The help desk can remote in into his machine with no issues and can access other websites but cannot connect to the website of the company he works for.
If You Need Network Support Contact Sandanotech
In general terms, even if a user moves out of the country where he works, it does not mean that the network he connects from is different from the ones his company uses in the US. Home routers are almost the same in every part of the world. Every home router has a DHCP server that assigns IP addresses to the devices connected to it. Furthermore, all home routers translate the private IP addresses which usually are 192.168.X.X into a public IP address through a feature called NAT (Network Address Translation). NAT converts the private addresses into one unique public IP address that changes periodically because ISP setup home connections to have a dynamic public IP. On the other hand, companies prefer to pay for a static public IP addresses because they have servers and other resources employees remote into that allow to use always the same static public IP.
So what happened to this person who all of a sudden he could not connect from home is that his ISP removed the NAT feature from the router he was using and his private address was not allowed to connect to the company network because the company does not allow private addresses to access its resources. He called his Internet Service Provider to find out why that happened bu he will get a response one day or another.
We had to explain to him in plain English and without too many technical terms that his IP belonged to a private class of IP that cannot be converted to a public IP and that, as per company policy, cannot be whitelisted in the firewall.
For the sake of informing our readers, private IP ranges are the following:
Class A. Ranging from 10.0.0.0 to 10.255.255.255, it is for large networks and has 8 bits for the network and 24 for hosts.
Class B. Ranging from 172.16.0.0 to 172.31.255.255, it is used for medium networks and has 16 bits for the network and 16 for hosts.
Class C. Ranging from 192.168.0.0 to 192.168.255.255, it is for smaller networks and has 24 bits for the network and 8 for hosts.
Therefore, because the user had one of these private IPs, he was unable to access the company resources although he could access the Internet and other websites. I guess the ISP removed the NAT feature believing that home users just use the Internet and do not access VPN or other resources remotely. In any event, after having analyzed the event logs on his computer, we saw that the connection to the corporate network was refused because his private IP address was not allowed by the company’s policy.