?
Solved

Microsoft VPN

Posted on 2003-03-23
5
Medium Priority
?
480 Views
Last Modified: 2010-03-19
I have three computers in three different locations each with SDSL each with one external, static IP address, and each behind a router.  One is a fileserver (Windows 2000 Professional), and I'm trying to network the 2 outside computers (both Windows ME) over a PPTP VPN. Before beginning this project, I contacted Microsoft, whose representatives informed me that Windows 2000 Professional could accept up to 10 simultaneous incoming VPN connections.  With this information, I created an incoming connection for PPTP VPN on the Windows 2000 Pro machine and forwarded port 1723 to the internal IP address.  On each of the other two machines, I created a VPN client connection connecting to the fileserver's external IP (using the Microsoft VPN Adapter) and again configured the port forwarding.  Everything worked great except I could only connect one location at a time.  On another recommendation, I have since gotten an additional external IP address and an additional network card for the Windows 2000 pro machine.  Each external IP address now goes to each network card.  Still no luck...  : /  What am I doing wrong?
0
Comment
Question by:_forrest_
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 300 total points
ID: 8192739
G'day _forrest_
Your problem is not with the server limitation, it is with your router. PPTP depends not only on TCP port 1723, it also depends on GRE which has no concept of ports, so it can only handle one connection at a time. At the site with the server, you need a router that can handle multple GRE connections.

Microsoft's story:
PPTP traffic consists of a TCP connection for tunnel maintenance and GRE encapsulation for tunneled data. The TCP connection is NAT-translatable because the source TCP port numbers can be transparently translated. However, the GRE-encapsulated data is not NAT-translatable

From Cisco documentation:
Because the connection is initiated as TCP on one port and the response is GRE protocol, it is necessary to configure ACLs to allow the return traffic into the PIX, as the PIX Adaptive Security Algorithm (ASA) does not know the traffic flows are related. PPTP through the PIX with NAT (one-to-one address mapping) works because the PIX uses the port information in the TCP or User Datagram Protocol (UDP) header to keep track of translation. PPTP through the PIX with Port Address Translation (PAT) does not work because there is no concept of ports in GRE.

References:
http://www.microsoft.com/windows2000/technologies/communications/vpn/default.asp
http://support.microsoft.com/default.aspx?scid=kb;en-us;308208
http://www.microsoft.com/windows2000/techinfo/reskit/en-us/default.asp?url=/windows2000/techinfo/reskit/en-us/intwork/inbe_vpn_hidv.asp
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/cableguy/cg0103.asp
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/columns/tips/15tipsfo.asp




0
 

Author Comment

by:_forrest_
ID: 8196654
NAT is currently turned off on the router.  Each external IP address is now going directly to each network card on the PC.  Does this still matter?  If I get a router that can accept multiple GRE connections, will I still need 2 external IP addresses and 2 network cards, or can I just use one and accept up to 10 connections like Mircosoft says?
0
 

Expert Comment

by:CleanupPing
ID: 9152939
_forrest_:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
LVL 5

Expert Comment

by:juliancrawford
ID: 10088582
No comment has been added lately, so it's time to clean up this TA.
I will leave the following recommendation for this question in the Cleanup topic area:

Accept: lrmoore {http:#8192739}

Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Julian Crawford
EE Cleanup Volunteer
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question