Forward PPTP Port and GRE Protocol to Internal Server - SMC 8014 Business Gateway
Unfortunately simply forwarding port 1723 to my internal server is not enough to allow a PPTP connection on my company's SMC 8014 (Comcast). My guess would be the lack of controls offered logged in as user "CUSADMIN". I have logged into one of these devices before with Comcast's super user login - which offers far more granular controls, as well as access to so much more, including the actual modem (not router) settings. But, like an idiot, I did not save the username and password that Comcast uses (I actually found the login previously on Google - but am having no such luck tonight in relocating it), nor do I have the faintest memory of what it was. It would sure come in handy right about now.
So the question is: Does anyone know the super user login that Comcast uses to manage these SMC devices? Or, does anyone know if, even if I could log in as a super user, will I be able to properly setup PPTP forwarding? Sticking the server in the DMZ allows the PPTP connection to connect, but I certainly don't want to leave it there (in the DMZ)!
I am also aware that these devices apparently are capable of being a PPTP or L2TP endpoint, but would rather use my SBS server to handle authentication.
Thanks in advance for helping toward a solution.
note: I am using the Comcast provided SMC 8014 Modem/Router as the modem (of course) and router for my network. I have no additional routers between my network and Internet.
So the question is: Does anyone know the super user login that Comcast uses to manage these SMC devices? Or, does anyone know if, even if I could log in as a super user, will I be able to properly setup PPTP forwarding? Sticking the server in the DMZ allows the PPTP connection to connect, but I certainly don't want to leave it there (in the DMZ)!
I am also aware that these devices apparently are capable of being a PPTP or L2TP endpoint, but would rather use my SBS server to handle authentication.
Thanks in advance for helping toward a solution.
note: I am using the Comcast provided SMC 8014 Modem/Router as the modem (of course) and router for my network. I have no additional routers between my network and Internet.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Unfortunately, Comcast was utterly helpless. They (of course) don't support even the port forwarding of the device, so expecting them to understand that PPTP needs more than just port forwarding but also VPN passthrough or GRE forwarding, was futile. I could do as suggested, which I have done many times before, but hoped not to, as one more device is one more point of failure. I may end up doing it in the long run if my current solution proves to be unreliable.
My current solution is to create a VPN using Hamachi. Quick, easy, painless, and hopefully reliable. Time will tell. It is for only two users, so even occassional unreliability might be permitted. If very occassional, I will bite the bullett and install a router behind the SMC modem.
Thanks for your suggestions.
Wayne-
My current solution is to create a VPN using Hamachi. Quick, easy, painless, and hopefully reliable. Time will tell. It is for only two users, so even occassional unreliability might be permitted. If very occassional, I will bite the bullett and install a router behind the SMC modem.
Thanks for your suggestions.
Wayne-
Wayne,
Sorry to hear about comcast - i can honestly say that i'm not surprised though.
I believe you are correct with the connection manager. I would imagine that by nstalling a second connection manager, you will in effect overwrite the first. A limitation set by SBS, I presume. While this is an alternative to setting up a windows VPN connection, it's not needed to use the RWW feature. Have you tried setting up and using RWW yet? I ask, because this is the most direct and easiest way to provide remote access to your users - they can use it from nearly any PC with IE and a broadband connection, without setting up and messing with any VPN connections. And if it works well enough for you and your users, you may save yourself some bucks without having to purchase a router to sit behind the comcast cable modem. Do you see whether it's possible to setup 2 port forwarding rules in the cable modem? You will want to forward tcp port 443 and tcp port 4125 to SBS for RWW tow ork. Whether RWW relies on GRE or not is a good question - giving RWW a try is a good method to rule that out. ;)
Feel free to let me know if you need a hand. Take it easy.
Regards,
Jim P.
Sorry to hear about comcast - i can honestly say that i'm not surprised though.
I believe you are correct with the connection manager. I would imagine that by nstalling a second connection manager, you will in effect overwrite the first. A limitation set by SBS, I presume. While this is an alternative to setting up a windows VPN connection, it's not needed to use the RWW feature. Have you tried setting up and using RWW yet? I ask, because this is the most direct and easiest way to provide remote access to your users - they can use it from nearly any PC with IE and a broadband connection, without setting up and messing with any VPN connections. And if it works well enough for you and your users, you may save yourself some bucks without having to purchase a router to sit behind the comcast cable modem. Do you see whether it's possible to setup 2 port forwarding rules in the cable modem? You will want to forward tcp port 443 and tcp port 4125 to SBS for RWW tow ork. Whether RWW relies on GRE or not is a good question - giving RWW a try is a good method to rule that out. ;)
Feel free to let me know if you need a hand. Take it easy.
Regards,
Jim P.
ASKER
Hey Jim,
The RWW is where I found the connection manager - so yes, it is set up. However, it won't be of much use to my client as they need access to thousands of files stored on the server. There is no way I am going to try to put all that into SharePoint either. :)
Thanks again for your suggestions.
Wayne-
The RWW is where I found the connection manager - so yes, it is set up. However, it won't be of much use to my client as they need access to thousands of files stored on the server. There is no way I am going to try to put all that into SharePoint either. :)
Thanks again for your suggestions.
Wayne-
If anyone else looks at this post, I wanted to make sure you know wleblanc is right...there is a 'super user' log-in for this Comcast Business Gateway SMC 8014. I was able to find the log-in online. Sure enough, there is an option under port forwarding to enable the GRE protocol. Rather than just "TCP/UDP/Both" like you see in the simplified admin, there are a couple additional protocol options. I enabled the GRE protocol, and bingo, everything suddenly started working for VPN to SBS 2003.
If someone else has this Comcast router, I would suggest calling Comcast and asking if they could add the GRE protocol to port forwarding screen. I know they can do it, I've seen it. I would post the 'super user' log-in, but I'm not sure if it is supposed to be private/secret--and thereby against the Experts Exchange Terms of Use to post it? Maybe an Admin can tell me.
If someone else has this Comcast router, I would suggest calling Comcast and asking if they could add the GRE protocol to port forwarding screen. I know they can do it, I've seen it. I would post the 'super user' log-in, but I'm not sure if it is supposed to be private/secret--and thereby against the Experts Exchange Terms of Use to post it? Maybe an Admin can tell me.
ASKER
Thanks for the reply. I think your first suggestion will likely be the route I take. My client would rather not add anymore expenses to this project, and for what little their needs are, I'd rather not complicate the network beyond its absolute current simplicicty unless absolutely needed - so I am going to try avoiding bringing in a separate router.
I actually wasn't aware of the Connection Manager tool in the RWW before now (which for those that don't know, it creates a VPN connection entry on the local PC, all pre-configured and everything - assuming all your server settings are correct). However, it would appear that it too requires the GRE protocol, as that connection hangs at username authentication the same as my manually configured PPTP connection does.
The other bummer about the Connect to Small Business Server VPN (Connection Manager) is that it would appear you cannot have multiple connections to different networks setup. Each time you download the Connection Manager from another server, it overwrites the previous. Would you happen to know if it sets the flag "Use default gateway on remote network" to on? That would be another strike against it if so, as there appears to be no way to disable it.
Thanks,
Wayne-