?
Solved

VPN on W2K server <-> Linksys Router <-> Win2K Pro

Posted on 2003-02-26
21
Medium Priority
?
403 Views
Last Modified: 2008-02-01
Hey guys,
I want to setup a VPN  from my home (direct connection to the net) to the office (behind a linksys router).

I followed MS KB article 308208, howto install/configure a VPN server. I then followed Linksys' suggestions and set up two port forwards for port 47 and port 1723, redirecting them to the server. I then created a PPTP connection on the client computer, to connect to the internet address of the router.

Two problems occurred:
1) The client would stop with error 651 saying there was a problem with the modem<?> (i'm on cable)
2) When I configured Remoted Access on the server, no computer on the intranet could access/ping the server anymore, until I actually stopped the remote access/routing service.

How should I be doing this properly?
Thanks.
0
Comment
Question by:gozoliet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 5
  • 4
  • +3
21 Comments
 

Expert Comment

by:marsbar105
ID: 8028645
Just wondering if you happend to have a firewall running on the win2ksrv box??  That could be it?

You could also try putting your server in the dmz on the linksys box just for test purposes.  If that works, then you know is the port forwarding that could be the problem.

Try it, let me know,

Mars
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8029157
It's not PORT 47, it is PROTOCOL 47 (GRE) which has no concept of ports and can't be forwarded, in addition to the TCP port 1723. In very small print in the Linksys documentation, it says that you must disable DHCP server to use port forwarding. Putting it in the DMZ may help.

Not to say that it can't be done, but I've never seen anyone in this forum have success at putting an NT/2K PPTP server behind a Linksys broadband router - because of the GRE factor. You can set up for IPSEC/L2TP VPN's, and forward TCP port 500, without requirement for GRE.

I'll try to get another guru to jump in and possibly help out.



0
 
LVL 4

Accepted Solution

by:
Shep earned 800 total points
ID: 8029724
" followed MS KB article 308208, how to install/configure a VPN server. I then followed Linksys' suggestions and set up two port forwards for port 47 and port 1723, redirecting them to the server. I then created a PPTP connection on the client computer, to connect to the internet address of the router."



only port 1723 needs to be forwarded to the server, and dhcp on the router does indeed need to be turned off.

--------------------------------------------------------------------------------------------------------------------

1) The client would stop with error 651 saying there was a problem with the modem<?> (I'm on cable)



error 651 is modem related, ensure that the client is not configured to use a modem to connect

--------------------------------------------------------------------------------------------------------------------

2) When I configured Remote Access on the server, no computer on the intranet could access/ping the server anymore, until I actually stopped the remote access/routing service.


Remote access is not configured correctly.Remove / uninstall Remote access


1) Reinstall it, and choose " Virtual Private network ( VPN ) server " from the choices

click next

2) Remote Client Protocol - tcp/ip

click next

3) Internet Connection - CHOOSE--->                 "<NO internet connection>"                    <---HERE

binding to the internal network card / ip address here is what killed the lan clients connections, the server would ONLY accept vpn connections on that card / ip

click next

4) Network Selection - here you select the ip of the server

click next

5) IP Address Assignment - If using dhcp server, choose "automatically" and skip ahead to #  8

click next

6) choose " from a specified range of addresses" if no dhcp server available

click next

7) click " new " and fill in the range of ip's to use for vpn clients, click ok, high light new range created

click next

8) Managing Multiple Remote Access Servers - choose " no, I don't want to set up this server to use RADIUS now "

click next

finished

if you are using dhcp, you MUST enter the ip address of the server into DHCP relay agent, even ifs the same server as ras

Routing And Remote Access
--Server
----IP Routing
------DHCP Relay Agent

right click : dhcp relay agent" , choose properties, enter dhcp server address

Shep
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 4

Expert Comment

by:Shep
ID: 8029741
above directions for win2k server
0
 

Expert Comment

by:gulbrain
ID: 8030141
I had troubles with Cisco VPN and a LinkSys router recently and found that I had to update the firmware on my router to v1.44.2 (Dec 13, 2002).

There were issues upgrading the firmware to this version directly from v1.39 or earlier and I therefore had to ask Linksys to send me an intermediate firmware upgrade.

Hope that helps.
0
 
LVL 4

Author Comment

by:gozoliet
ID: 8035183
The VPN server is working properly, I can connect to the server from another computer that is on the local LAN. Thanks Shep, the problem was step 3.

I still cannot connect to the server through the linksys router however. As it stands, I currently get the error saying 'no answer from the server'.

I had firmware 1.43, and have since updated to 1.44 (which is latest for my model router). DHCP is turned off on the router and is turned on on the 2k server. There is no firewall on the local network, only what is on the router.

I have not tried plugging into the DMZ port yet, as the cables would be awkward to run to there.
0
 
LVL 4

Expert Comment

by:Shep
ID: 8035228
dont bother using pptp, or vpn pass through features of the router, just port forward port 1723 to ip of server

Shep
0
 
LVL 4

Expert Comment

by:Shep
ID: 8035254
dmz is not a physical port on the router, but a configuration in it that places the computer ip entered to be unprotected ( wide open ) to the public internet

Shep
0
 
LVL 4

Expert Comment

by:Shep
ID: 8035448
add ip of server to dmz
forward port 1723 to server
save changes to router configuration
reboot router ( yank power cord - put it back in )
router is rdy

make sure user to vpn in is authorized to do so
- users and computers
- user proberities
- dial in tab
- check first option " allow access "

finished

Shep
0
 
LVL 4

Author Comment

by:gozoliet
ID: 8035542
The VPN server is working properly, I can connect to the server from another computer that is on the local LAN. Thanks Shep, the problem was step 3.

I still cannot connect to the server through the linksys router however. As it stands, I currently get the error saying 'no answer from the server'.

I had firmware 1.43, and have since updated to 1.44 (which is latest for my model router). DHCP is turned off on the router and is turned on on the 2k server. There is no firewall on the local network, only what is on the router.

I have not tried plugging into the DMZ port yet, as the cables would be awkward to run to there.
0
 

Expert Comment

by:AltonD
ID: 8038949
be sure and add VPN server to the RAS and IAS group.  If you don't, you will not be able to connect to the domain.  You will be able to connect to the local acount on the vpn server.
0
 
LVL 4

Author Comment

by:gozoliet
ID: 8042743
Plugged in server to DMZ port, and specified it's IP on the router. Forwarded port 1723. Tried every router configuration mentioend above.

When I try to connect to the VPN, it simply says 'No Answer'

If I do it from inside the network, it works perfect.

0
 
LVL 4

Expert Comment

by:Shep
ID: 8042866
make sure your vpn'ing into external ip of router, not internal from outside
0
 
LVL 4

Author Comment

by:gozoliet
ID: 8042966
so.. i'm retarded, and never had the right gateway specified on the server for the internet....
server was just sitting there like 'uhhh... where are they coming from'?

fixed.
Kudos!
0
 
LVL 4

Expert Comment

by:Shep
ID: 8043073
excelent

lrmoore
" Not to say that it can't be done, but I've never seen anyone in this forum have success at putting an NT/2K PPTP server behind a Linksys broadband router - because of the GRE factor. You can set up for IPSEC/L2TP VPN's, and forward TCP port 500, without requirement for GRE. "

you have now :)
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8043809
DOH!! That's why I called you in, Shep -- you da man!

I just see it over and over in this TA and this is the first success story. Perhaps we should co-author an FAQ page to post?
0
 
LVL 4

Expert Comment

by:Shep
ID: 8043861
lrmoore,


is there a way to collect points every time its used

just kidding, or am I ?

serously, count me in, what do you need
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8048966
How do I get in touch with you, Shep? Be glad to share points with you.
0
 
LVL 4

Expert Comment

by:Shep
ID: 8049220
lrmoore,

shep@portjeff.net

and not worried about points, other things top priority list

Shep
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8049264
Thanks, shep! we've got another one that could use your expertise.
http://www.experts-exchange.com/Networking/Q_20534894.html
0
 
LVL 4

Author Comment

by:gozoliet
ID: 8082149
Hey Shep, I saw you answer a question similar to what I'm having now, but I can't find it.

http://www.experts-exchange.com/Networking/Microsoft_Network/Q_20541338.html
0

Featured Post

ATEN's HDBaseT Presentation at InfoComm 2017

Hear ATEN Product Manager YT Liang review HDBaseT technology, highlighting ATEN’s latest solutions as they relate to real-world applications during her presentation at the HDBaseT booth at InfoComm 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question