Re: VPN Problem

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Lanwench [MVP - Exchange] (lanwench_at_heybuddy.donotsendme.unsolicitedmail.atyahoo.com)
Date: 10/04/04 

Date: Mon, 4 Oct 2004 16:25:38 -0400

Roger wrote:
> "Lanwench [MVP - Exchange]"
> <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in
> message news:u8J8d0MqEHA.3800@TK2MSFTNGP14.phx.gbl...
>>> Home Network: Consists of a desktop and a laptop, both running XP
>>> Home, cable broadband access and a wireless router. The laptop has a
>>> wireless connection. The workgroup name is "Workgroup". The router's
>>> firewall is disabled.
>>
>> Why? I'd leave it enabled....you can initiate a VPN connection
>> behind a router with no inbound ports open at all. Of course, since
>> you're using wireless, you also need to secure that - even 128-bit
>> WEP is better than nothing. But I digress...
>
> I use a Belkin router at home and its firewall interferes with email
> and even sometimes disconnects from the internet if I enable it.

Have you tried updating the firmware on the router?

> Therefore, I disabled it and installed and enabled NIS 2004 on both
> the home desktop and laptop.

> As for wireless, yes, WEP 128-bit is
> configured and enabled.
>
>>>
>>> Office Network: Consists of 4 desktops - 2 running ME, 1 XP home and
>>> 1 XP Professional, DSL broadband access and all computers connected
>>> via wired ethernet. The DSL modem cum access point is connected to a
>>> ethernet switch as are all the computers. The workgroup name is
>>> again "Workgroup". The firewall of the DSL modem cum access point
>>> is set to allow PPTP connections to the computer with XP
>>> Professional.
>>
>> Meaning:
>> TCP port 1723
>> Protocol 47 ( GRE )
>> ?
> I honestly don't know which port. The office router's interface
> provides a selection (from a listing of items to allow) for "PPTP
> Server" and associates the selection to a specified computer on the
> LAN. That is how I set it.
>>>
>>
>> What did you open up in NIS for inbound ports?
>
> In NIS 2004 on computer B, I set up a rule to open port 1723-this
> port was in the preset list of ports. I could not find any entry for
> Protocol 47 and not knowing what to do about it, I left it alone. The
> rule did not work, so I disabled NIS completely just to see if the
> connection worked without the firewall. It did.

So there's something going on in there - I don't know NIS (am not a huge fan
of local software firewalls unless absolutely necessary) but you'll need to
look up PPTP in NIS help, I suspect.
>
>>
>> What IP networks are you on at home and at work? For VPN to work,
>> you need to have two different networks - can't connect if you are
>> using, for example say, 192.168.0.0 in both places.
>
> Home network: IP addresses behind the router are 192.168.x.x. Cable
> ISP is Adelphia
> Office network: IP addresses behind the router are 172.16.1.38. DSL
> ISP is SBC.
> The outgoing connection is set to connect to the Internet IP address
> of the office network which in my case comes from SBC.

OK....
>
>>
>> Presuming that isn't the issue, can you ping the LAN IP of the
>> computer you want to connect to, once you're connected as in case#1
>> above?
>
> Yes, I can.
>
>> If so, but you can't ping by name, you'll need an LMHOSTS file to do
>> name resolution. See
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;150800
>
> I can also ping the connected computer by name. Note however that I
> can only ping the other computers on the office LAN by IP address and
> not by name.

This is a name resolution isssue & if you don't have WINS, you'll need an
LMHOSTS file.
>
> Thank you and best regards,
> Roger
>>
>> Again, I'm not an expert on PPTP as I usually use IPSec with a
>> proprietary client through a firewall.

Relevant Pages

  • Re: Do I need these services listening?
    ... > receives its internet connection via the first computer. ... wrote both computers are connected to the router and the router is ... The router does provide the internet connection. ... all the ports are supposed to be closed ...
    (comp.security.firewalls)
  • Re: Cant Ping My Own IP Address
    ... >machines are connected to the same D-Link router and the router is ... >a "connection refused by server" message. ... >The good computer can ping it's own IP address with no problems and ... I've even resorted to disabling the firewall/ICS service ...
    (microsoft.public.windowsxp.network_web)
  • Re: Losing Packets!
    ... line entry point) and router have been eliminated. ... Ping shows IP packet loss. ... You cannot be getting bad ADSL or you would likely be droppig the line. ... This show the connection speeds, ...
    (uk.telecom.broadband)
  • Re: Net Meeting and Ports
    ... >> for that sort of thing. ... which other Ports & Protocols to use. ... With TCP, when your PC Connects (makes an Outbound, TCP Connection) ... >>> I opened up a range of ports on the router and tried calling Aries ...
    (uk.people.silversurfers)
  • Cant Ping My Own IP Address
    ... machines are connected to the same D-Link router and the router is ... a "connection refused by server" message. ... The good computer can ping it's own IP address with no problems and ... I've even resorted to disabling the firewall/ICS service ...
    (microsoft.public.windowsxp.network_web)