Re: xp vpn connection problem

From: Sooner Al [MVP] (SoonerAl_at_somewhere.net.invalid)
Date: 03/01/05 

Date: Tue, 1 Mar 2005 05:30:30 -0600

Well it boils down to whether or not you can forward TCP Port 1723 and pass GRE Protocol 47 traffic
through the modem/router to the VPN server PC. I just looked at the DSL-500 FAQ...

http://www.dlink.com.au/tech/drivers/files/routers/dsl500.htm

...and D-Link claims that the latest firmware does this. Now, I have found that with these consumer
grade routers firmware version support for GRE Protocol 47 traffic is kind of spotty...So...

The good news is you can test this...

1. Make sure your running the latest firmware in the device.
2. Make sure you have TCP Port 1723 forwarded to the local private *STATIC* LAN IP of the PPTP VPN
server machine. Look at Page 28, ie. the "IP Masquerade Pass Through" section, of the User's Manual
and make sure the PPTP checkbox is CHECKED in your device...

http://www.dlink.com.au/tech/drivers/files/routers/dsl500.htm

3. Run the test detailed in the "VPN Traffic" section on this page from another XP PC at a remote
site connected to the internet via a dialup link...

http://www.microsoft.com/technet/community/columns/cableguy/cg0105.mspx

...Get the tools for XP from this link...

http://www.microsoft.com/downloads/details.aspx?amp;displaylang=en&familyid=49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en

That test will tell you if you have TCP Port 1723 forwarded correctly and if GRE Protocol 47 traffic
is being passed through the router...

I recommend *NOT* using the DMZ since that exposes the PC to the public internet fully. That is a
potential and probable security risk...

One other note is that if you get this working you will only be able to have one incoming PPTP VPN
connection at a time. This is a limitation of Windows XP. If you need additional VPN incoming
connections then you need to look at a server grade OS like Windows 2003 Server or a dedicated VPN
end-point router...

Good luck... 

-- 
    Al Jarvi (MS-MVP Windows Networking)
Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...
"jollydingo" <craig@hughbgage.com.au> wrote in message 
news:ba081713.0502282302.48ca02aa@posting.google.com...
> Greetings from Australia.
>
> I am designated IT manager for small company but am an ignoramus and
> need help.  Hope my Aussie accent and phrasiology doesn't confuse.
>
> Trying to set up VPN connection to office LAN using xp VPN
> capabilities.
>
> Office LAN has 10 or more users with designated machine running xp pro
> which has been setup as vpn server (allows incoming connections) and
> remote user identities have been setup.  The LAN accesses the internet
> via d-link dsl-500 modem/router (which is supposed to have VPN pass
> through capabilities).  The router has port tcp 1723 redirected to
> local ip address of the xp machine acting as vpn server.
>
> At remote end is laptop running xp home, setup to connect to vpn
> server at office LAN.  Internet access is established and trying to
> establish vpn connection to static ip address of router (issued by
> isp) which is theoretically passed through to vpn server at local ip
> address through tcp port 1723.
>
> Problem is that i'm not getting through and error 800 is displayed.
>
> I contacted the router supplier tech support who explained that NAT is
> enabled on the router to allow multiple internet users on the LAN from
> a single public ip address and that with NAT enabled effectively a
> firewall stopping all else from entering??  They gave several ideas to
> rectify problem or to allow VPN traffic to pass through router with
> NAT enabled:
> 1) enable "pptp" or "IPSec"  - however, there is nowhere in the router
> configuration menu to do this??
> 2) Redirect port tcp 1723 or udp 500 to the local ip address of the
> vpn server - which i have.
> 3) and enable and redirect DMZ to the local ip address of the vpn
> server - now when i did this i was able to make it through the
> connection and authentication process without error but was not able
> to view any files present on the vpn server.  Also, all local users
> lost contact with the designated server machine and their internet
> access.  Once DMZ disabled my remote connection terminated and local
> users were restored.
>
> Result - i'm still screwed and unable to connect to the designated
> server machine.
>
> I suspect that the router config is my downfall but i may be missing
> something else in the vpn server setup, client connection setup, or
> some other obscure issue i have no idea about??
>
> please help if you can.

Relevant Pages

  • Re: Novice trying to setup VPN on XP with Linkys Router
    ... my office vpn on my laptop. ... I have even tried to delete the connection and adding it ... The modem is connected to a wireless router. ... home) and I want to use the Windows XP VPN feature. ...
    (microsoft.public.windowsxp.work_remotely)
  • RE: PPTP VPN connection problems
    ... But I do not think it is in the ADSL router itself. ... They do not say it but maybe they prohibit VPN connections ... fix IP for my connection – PPPoE/PPPoA) subscription at belgacom in Belgium ... | A ping to the server would result in "Request timed out". ...
    (microsoft.public.windows.server.sbs)
  • RE: VPN Connects once then Error 721
    ... connection, the connection fails and you receive an error 721. ... To verify whether the router is the root cause, ... Server to a simple hub and connect the client to the same hub. ... Configure the VPN connection on the client and do a VPN test. ...
    (microsoft.public.windows.server.sbs)
  • RE: Adsl VPN
    ... I understand that you want to setup VPN ... function on your single NIC SBS with ADSL Internet connection. ... How to configure Internet access in Windows Small Business Server 2003 ... You have a ADSL router before SBS, the SBS and all clients will connect ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN authentication erratic and times out
    ... My router already had the latest firmware. ... somewhere else and use a connection such as WIFI at a local coffee shop, ... always seem to get a VPN connection to home. ... should be changed on the VPN client or host. ...
    (microsoft.public.windowsxp.work_remotely)