Re: VPN Question

From: Sooner Al (SoonerAl_at_somewhere.net.invalid)
Date: 03/23/04 

Date: Tue, 23 Mar 2004 11:31:13 -0600

By the way...on some routers, including my Buffalo WBR-G54, you do manually open port 47...

*******************************

http://www.buffalotech.com/wireless/support/faq/index.php

Q How do I configure the AirStation to support VPN pass-through?

A In the AirStation configuration screen, click Advanced Settings => Network setting =>
Address Translation,

1. Select NAT table settings, click the Manual radio button under Protocol (WAN). Enter 47 in
the Protocol number field.Select Manual setting under IP Address of LAN and enter the destination
LAN side IP address in the Manual setting field. Click Add to NAT table.

2. Select NAT table settings, click the TCP/UDP radio button under Protocol (WAN). Select
Manual setting of TCP port.. Enter 1723 in the Port number field.Select Manual setting of TCP port
under IP Address of LAN and enter the destination LAN side IP address in the Manual setting field.
Click Add to NAT table.

*********************************

...not all routers have a "PPTP Pass Through" or "VPN Pass Through" or other way to enable GRE
Protocol 47 traffic...so in one way the page is correct...just not completely correct... 

-- 
    Al Jarvi (MS-MVP Windows Networking)
Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...
"Sooner Al" <SoonerAl@somewhere.net.invalid> wrote in message news:...
> Yeah, that has been on that page forever...:-(
>
> -- 
>    Al Jarvi (MS-MVP Windows Networking)
>
> Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no rights...
>
> "Bob" <spam@spam.com> wrote in message news:40606651.13540139@news-server.houston.rr.com...
>> On Tue, 23 Mar 2004 08:00:02 -0600, "Sooner Al"
>> <SoonerAl@somewhere.net.invalid> wrote:
>>
>>>http://www.onecomputerguy.com/networking/xp_vpn_server.htm
>>
>> I spotted a common mistake on the vpn_server page. It's at the very
>> bottom: Item 20.
>>
>> +++++
>> If the VPN server is behind a router, Port Mapping will need to be
>> done on the router. Standard port usage is 1723 & 47 for PPTP. Port
>> usage for IPSec is 500, 50-51. These ports will have to be forwarded
>> to the VPN server's IP
>> +++++
>>
>> There is no PORT 47 involved with PPTP. There is PROTOCOL 47, which is
>> called GRE (General Routing Encapsulation) which is used to transmit
>> secure information before the full VPN is implemented.
>>
>> NAT routers are highly restrictive of anything coming in - that's
>> their firewall capability. Most only pass the most common protocols,
>> such as ICMP, TCP, UDP and passive FTP. On the less expensive SOHO
>> routers there is usually no provision for allowing other protocols
>> thru unless the designer explicitly puts them in on a one by one
>> basis. That's what "PPTP Passthru" is all about - the passthru for GRE
>> Protocol 47.
>>
>> I wrote the author of that website.
>>
>> HTH
>>
>> -- 
>>
>> Map Of The Vast Right Wing Conspiracy:
>> http://www.freewebs.com/vrwc/
>>
>> You know you are in Hell when you have to make a
>> distinction between what is moral and what is legal.
>>