Re: W2K VPN Setup

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Bill Grant (not.available_at_online)
Date: 01/25/05 

Date: Wed, 26 Jan 2005 09:21:46 +1100

   Just a note concerning ports and protocols.

GRE is as IP protocol, just like TCP or UDP. TCP is protocol 6, UDP is 17
and GRE is 47. So it can be allowed or blocked by a firewall/router. It
cannot be forwarded, because it is not a port.

    When you set up a PPTP connection, PPTP controls the setup and
maintainence of the PPTP tunnel. So if you forward TCP port 1723 from your
router to your server, you extend the tunnel endpoint to the server.

    The actual packet containing the encrypted data has a GRE header with a
public IP on the front. If your router (or anything else in the path) blocks
GRE, no data is transferred, and the connection fails.

"Mark" <not.available@online> wrote in message
news:%23XS6Q$xAFHA.936@TK2MSFTNGP12.phx.gbl...
> Guys,
>
> OK.. I FINALLY found out what I belive the problem is. Seems my router
> doesn't do a very good job with VPN (after at 45 min discussin with
> Linksys) so I will have to start looking arround.
>
> Thanks for all the help!
>
> Mark
>
>
> "Mark" <not.available@online> wrote in message
> news:eJs%23DpuAFHA.2572@tk2msftngp13.phx.gbl...
>> Bill,
>>
>> Thanks for the help.
>>
>> I am able to access the VPN through the LAN with no problems. I have
>> configured the router to forward port (PPTP 1723 correct??) to the server
>> and I get at 721 error. Everything I have read talk about GRE protocol
>> 47. I would suspect that my firewall is causing the problem (Linksys
>> BEFVP41). I can't seem to find out how to configure this on the router
>> anywhere. I understand that this is not a "port protocol". Is this
>> correct? Then how do you allow it?
>>
>> Thanks again,
>> Mark
>>
>> "Bill Grant" <not.available@online> wrote in message
>> news:eB4DBhBAFHA.2540@TK2MSFTNGP09.phx.gbl...
>>> If you only have one NIC in the server, do not try to use any of the
>>> VPN wizards. Simply configure your server as a remote access server.
>>> This will set up the miniports you need for VPN.
>>>
>>> Test your config by making a VPN connection to the server from one of
>>> your LAN clients. (VPN works fine over Ethernet).
>>>
>>> When this works, try forwarding tcp port 1723 from your router to the
>>> server's IP address. Now try making a VPN connection from a remote
>>> machine to the router's public IP. The port forwarding will extend the
>>> connection to the server through its LAN NIC.
>>>
>>> "Mark" <not.available@online> wrote in message
>>> news:OdTLIb9$EHA.600@TK2MSFTNGP09.phx.gbl...
>>>> Hi,
>>>>
>>>> Sorry to repost this to the group, but I thought I was on the right
>>>> tack and
>>>> home free. Seems I am not.
>>>>
>>>> Hello,
>>>>
>>>> I am trying to setup a VPN on my server.
>>>>
>>>> I start to run "Configure and Enable Routing and Remote Access" I run
>>>> into a
>>>> snag. As I go through the screens I come to a place to "Specify the
>>>> Internet Connection that the Server Uses". Here I show my LAN
>>>> connection
>>>> (this is the NIC in the server.. it has two IP addresses) and another
>>>> line
>>>> showing <No Internet Connection>. When I select the LAN card I get
>>>> "You
>>>> have chosen the last available connection as the internet. A VPN Server
>>>> requires one connection to be used as the private network connection"
>>>> I
>>>> can't seem to go any further. If I select "no internet connection" I
>>>> can't
>>>> seem to get anything to work.
>>>>
>>>> I can browse from the server to the net just fine. I also have a
>>>> router in
>>>> place where the gateway is 192.168.0.1...
>>>>
>>>> Thanks for any help of suggestions!
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

Relevant Pages

  • RE: VPN to SBS through Comcast router
    ... The only thing I can find is to open TCP/UDP port 47 ... "What's GRE?". ... >> workaround for the hardware router which is not supporting PPTP connection. ... GRE is a client protocol of IP ...
    (microsoft.public.windows.server.sbs)
  • Re: Windows 2000 - MS Access XP and Sql Server 2005.
    ... The library is the library for the named pipes protocol; ... adding tcp: before the name of the server. ... the right port to use) at the end. ... I can't connect a client computer with windows 2000 to sql server 2005: ...
    (microsoft.public.access.adp.sqlserver)
  • Re: VPN error 721
    ... For PPTP VPN on the client machine 1723 TCP port needs to be opened. ... its a IP protocol and the router/firewall should not block this ... protocol for successful connection. ... Some routers call the GRE protocol as ...
    (microsoft.public.win2000.ras_routing)
  • Re: VPN hanging on verifiying username and password
    ... Port 47 is not required for a PPTP connection. ... GRE is a protocol, not a port. ... to ras it does not work but it did before... ...
    (microsoft.public.win2000.ras_routing)
  • Re: VPN Error 720
    ... The Zywall is configured for passthrough of port 1723 and GRE ... I got other error messages before that was done. ... avoidance of client/server terminology) makes a TCP (IP protocol 6) call to ... TCP Port 1723 on the other endpoint. ...
    (microsoft.public.windows.server.sbs)