Re: VPN L2TP connection from internet through my Linksys WAG300N

Tech-Archive recommends: Fix windows errors by optimizing your registry

You shouldn't forward TCP 1723, or allow GRE through, for an L2TP
connection. They are only for PPTP VPNs.

For L2TP, enabling L2TP/IPsec VPN passthrough on your Linksys should
suffice. If it doesn't support L2TP properly (some residential-grade
routers don't), forward UDP ports 1701, 500, 4500 and 5500 to your SBS
server external NIC.

You also need to configure ISA properly for the VPN. The settings
depend on what form of authentication you are using. If you are using
EAP with a certificate, one gotcha is that if you are also using Owen
William's (excellent) secure wireless setup then your VPN clients will
not be able to validate the server certificate (and you will need to
turn off server certificate validation on the client VPN connection).

Another gotcha might arise if your laptop is behind a NAT router of its
own when off-domain. In that case, you will need to set the laptop's
IPSec "AssumeUDPEncapsulationContextOnSendRule" registry value to 2.
You can read about it here:

http://support.microsoft.com/kb/885407/

Also, MS offer general L2TP/IPSec troubleshooting guidelines here:

http://support.microsoft.com/kb/314831/en-us

--
Regards,
Steve.

GOA wrote:

Hi

I'm trying to reach my SBS2003 R2 Premium server from the internet
with VPN L2TP through my Linksys WAG300N, but it doesn't work, error
789. It's installed as a broadband connection with the linksys as an
local router. Static IP-adress on the outside of the router and the
adress of inside of the router is 192.168.1.1
My SBS 2003R2 Premium server has 192.168.1.10 on the ISA network
interface and 192.168.10.1 on the local lan interface.
I'm running Vista on my laptop
When I connect to 192.168.1.10 from the inside the router to the SBS
server via the ISA2004 everything is working so it's seems to be
something wrong with the router.
I have open up port TCP 1723, UDP 500, 1701 and 4500 on the router
and redirect it to my SBS ISA2004 network card with address
192.168.1.10. The software in router is version 1.01.03.
The VPN passtrough is on (isn't that only from the inside to
outside?) The log in the router deosn't show anything and there is
nothing on the ISA log.

Does anyone hane an solution?

Best Regards
Goa
.

Relevant Pages

  • Re: VPN Advice...do I need a purchased static ip address on the external interface?
    ... >> Server then that server must have a been assigned a purchased static IP ... >> if I was to try and use Windows 2000 SBS as the server for the VPN, ... >> If I used a router instead then the router would have this purchased IP ... > supports dynamic dns, then users connect to the dynamic dns name and ...
    (comp.dcom.vpn)
  • Re: L2TP over Wireless and NAT
    ... I have swapped the client router, I have reconfigured the server router ... but cast a spell and roll the bones --- we cannot get a L2TP connection. ... L2TP works into this server from the client when dialed int the Internet ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: vpn probl
    ... not to vpn server, so when workstations needed to reply to the ping requests ... they were trying to respond though their gateway that was the adsl router ... static route 172.16.x..x pointing to vpn remote router in rras, ...
    (microsoft.public.windows.server.networking)
  • Re: Problem
    ... telephoned the office where the server was and asked her to re-boot the ... Once I saw the config of the VPN router there, I knew what to do on the ... on the remote site and see if they have the connection manager installed. ...
    (microsoft.public.windows.server.sbs)
  • RE: SBS Standard VPN Setup using L2TP
    ... I noticed a lot of them pertain to 2000/2003 server not SBS. ... which specifies the NAS/Tunnel-type for L2TP & I wish to remove the PPTP ... THe VPN client is deployed by SBS but I notice that there is no separate VPN ...
    (microsoft.public.windows.server.sbs)