tspelman
asked on
Setting up VPN with Windows 2000
I am killing myself over this one...
I have an established domain (W2K AD). I had a .NET 2003 server running VPN, no problems. I tweaked something and it stopped working. I decided to 86 the .NET server and stick with W2K, but can not get the VPN to work again. I have TCP1723 forwarded through the firewall to the VPN server, RAS is installed on the VPN server...IT WORKS internally, but if I try and hit it from an external machine via TCP/IP, it hangs on verifying username/password. (so it's getting to the server). I got some errors in the event viewer about L2TP certificates....(did not have one installed before and it worked (with .NET))...installed one anyways, still no dice. I get nothing in event viewer now, after installing the certificate server..UGH!
I have combed through the settings for RRAS serval billion times, PLUS it works perfectly internally...what the heck am I missing here?
Please help me, I can not afford to throw anymore equipment against the wall!!! hehe
-=tspelman
I have an established domain (W2K AD). I had a .NET 2003 server running VPN, no problems. I tweaked something and it stopped working. I decided to 86 the .NET server and stick with W2K, but can not get the VPN to work again. I have TCP1723 forwarded through the firewall to the VPN server, RAS is installed on the VPN server...IT WORKS internally, but if I try and hit it from an external machine via TCP/IP, it hangs on verifying username/password. (so it's getting to the server). I got some errors in the event viewer about L2TP certificates....(did not have one installed before and it worked (with .NET))...installed one anyways, still no dice. I get nothing in event viewer now, after installing the certificate server..UGH!
I have combed through the settings for RRAS serval billion times, PLUS it works perfectly internally...what the heck am I missing here?
Please help me, I can not afford to throw anymore equipment against the wall!!! hehe
-=tspelman
Les Moore
Do you also have GRE (protocol 47) forwarded at your firewall?
ASKER
Not that I know of. I have a DFL-300 and see no place to forward a protocol, just a service.
-=ts
-=ts
ASKER
Not that I know of. I have a DFL-300 and see no place to forward a protocol, just a service.
-=ts
-=ts
Do you have an option to put one inside host into a "DMZ" to forward everything to it?
ASKER
DMZ is not configured, the VPN is running on the same server as my DC (for testing purposes).
-=ts
-=ts
More info for you:
PPTP traffic consists of a TCP connection for tunnel maintenance and GRE encapsulation for tunneled data. The TCP connection is NAT-translatable because the source TCP port numbers can be transparently translated. However, the GRE-encapsulated data is not NAT-translatable
http://support.microsoft.com/default.aspx?scid=kb;en-us;308208
http://www.microsoft.com/windows2000/techinfo/reskit/en-us/default.asp?url=/windows2000/techinfo/reskit/en-us/intwork/inbe_vpn_hidv.asp
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/columns/tips/15tipsfo.asp
PPTP traffic consists of a TCP connection for tunnel maintenance and GRE encapsulation for tunneled data. The TCP connection is NAT-translatable because the source TCP port numbers can be transparently translated. However, the GRE-encapsulated data is not NAT-translatable
http://support.microsoft.com/default.aspx?scid=kb;en-us;308208
http://www.microsoft.com/windows2000/techinfo/reskit/en-us/default.asp?url=/windows2000/techinfo/reskit/en-us/intwork/inbe_vpn_hidv.asp
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/columns/tips/15tipsfo.asp
Did you add the vpn server to the "RAS and IAS" security group?
ASKER
Silly me finally realized that the DFL-300 will not pass PPtP through, because it has a built in VPN server, so thanks to everyone for their thoughts! Problem solved.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.