Setting up VPN with Windows 2000

I am killing myself over this one...

I have an established domain (W2K AD).  I had a .NET 2003 server running VPN, no problems.  I tweaked something and it stopped working.  I decided to 86 the .NET server and stick with W2K, but can not get the VPN to work again.  I have TCP1723 forwarded through the firewall to the VPN server, RAS is installed on the VPN server...IT WORKS internally, but if I try and hit it from an external machine via TCP/IP, it hangs on verifying username/password. (so it's getting to the server).  I got some errors in the event viewer about L2TP certificates....(did not have one installed before and it worked (with .NET))...installed one anyways, still no dice.  I get nothing in event viewer now, after installing the certificate server..UGH!

I have combed through the settings for RRAS serval billion times, PLUS it works perfectly internally...what the heck am I missing here?

Please help me, I can not afford to throw anymore equipment against the wall!!! hehe

-=tspelman


tspelmanAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
CetusMODConnect With a Mentor Commented:
PAQed, with points refunded (50)

CetusMOD
Community Support Moderator
0
 
lrmooreCommented:
Do you also have GRE (protocol 47) forwarded at your firewall?
0
 
tspelmanAuthor Commented:
Not that I know of.  I have a DFL-300 and see no place to forward a protocol, just a service.  

-=ts
0
[Webinar] Kill tickets & tabs using PowerShell

Are you tired of cycling through the same browser tabs everyday to close the same repetitive tickets? In this webinar JumpCloud will show how you can leverage RESTful APIs to build your own PowerShell modules to kill tickets & tabs using the PowerShell command Invoke-RestMethod.

 
tspelmanAuthor Commented:
Not that I know of.  I have a DFL-300 and see no place to forward a protocol, just a service.  

-=ts
0
 
lrmooreCommented:
Do you have an option to put one inside host into a "DMZ" to forward everything to it?
0
 
tspelmanAuthor Commented:
DMZ is not configured, the VPN is running on the same server as my DC (for testing purposes).

-=ts
0
 
lrmooreCommented:
More info for you:
PPTP traffic consists of a TCP connection for tunnel maintenance and GRE encapsulation for tunneled data. The TCP connection is NAT-translatable because the source TCP port numbers can be transparently translated. However, the GRE-encapsulated data is not NAT-translatable

http://support.microsoft.com/default.aspx?scid=kb;en-us;308208
http://www.microsoft.com/windows2000/techinfo/reskit/en-us/default.asp?url=/windows2000/techinfo/reskit/en-us/intwork/inbe_vpn_hidv.asp
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/columns/tips/15tipsfo.asp

0
 
AltonDCommented:
Did you add the vpn server to the "RAS and IAS" security group?

0
 
tspelmanAuthor Commented:
Silly me finally realized that the DFL-300 will not pass PPtP through, because it has a built in VPN server, so thanks to everyone for their thoughts! Problem solved.
0
All Courses

From novice to tech pro — start learning today.