LeeGolding
asked on
Configuring a Server to allow external clients to dial-in and establish a VPN connection
Hi all,
I have a Windows 2000 Server with broadband internet access. I want to be able to connect to the server from home and browse the network resources as if I was on the Servers LAN.
I have tried to set this up before using Routing and Remote access and PPTP protocol but as I'm a novice with VPN It didn't work properly. So I've come here to ask the experts :)
The server has an ISP assigned static IP address (obtained by our ADSL router)
The server has a static internal LAN IP address of 192.168.0.2
The server is a domain controller running DNS and DHCP.
Any solutions or links to good tutorials would be appreciated, and points will be split and awarded fairly and accordingly :)
Lee.
I have a Windows 2000 Server with broadband internet access. I want to be able to connect to the server from home and browse the network resources as if I was on the Servers LAN.
I have tried to set this up before using Routing and Remote access and PPTP protocol but as I'm a novice with VPN It didn't work properly. So I've come here to ask the experts :)
The server has an ISP assigned static IP address (obtained by our ADSL router)
The server has a static internal LAN IP address of 192.168.0.2
The server is a domain controller running DNS and DHCP.
Any solutions or links to good tutorials would be appreciated, and points will be split and awarded fairly and accordingly :)
Lee.
I don't really like PPTP. You will probablyhavebetter luck with straight SecureIP tunneling. W2k supports SecureIP VPNs, and you can get inexpensive routers that support this as well. Linksys has one -- get a pair (one for office, one for home).
ASKER
Thanks for the suggestions. I've chosen PPTP as my protocol. Routing and remote access is setup and configured.
I can establish a connection from home to my work network. However, just before the connection is complete, the dialogue box just sits there trying to authenticate the username and password. After about 40 seconds it says that the connection failed :(
I'm using the correct username and password. This user account also has full dial-in permission.
My work LAN is on 192.168.0.* segment.
My home LAN (on a workgroup) is 192.168.100.*
My work LAN is on an internal domain - say "internaldomain.com" which is run by the Windows 2000 Server primary domain controller.
Any ideas why I can't connect properly?
Thanks :)
I can establish a connection from home to my work network. However, just before the connection is complete, the dialogue box just sits there trying to authenticate the username and password. After about 40 seconds it says that the connection failed :(
I'm using the correct username and password. This user account also has full dial-in permission.
My work LAN is on 192.168.0.* segment.
My home LAN (on a workgroup) is 192.168.100.*
My work LAN is on an internal domain - say "internaldomain.com" which is run by the Windows 2000 Server primary domain controller.
Any ideas why I can't connect properly?
Thanks :)
What kind of errors is the server logging during a connection attempt?
ASKER
Ok. If I put our windows 2000 server on the ADSL router DMZ, I can successfully authenticate and connect (where the connectiojn says VPN connection is now connected, etc.). But I still cannot see the server or any user on the LAN at work.
I can ping my own VPN address allocated which is 192.168.0.16. But cannot ping the server on 192.168.0.2!
I can ping my own VPN address allocated which is 192.168.0.16. But cannot ping the server on 192.168.0.2!
ASKER
Where would the errors be logged on the server during a connection attempt?
Lee.
Lee.
Do you have the client set to use the hosts default gateway??
ASKER
Hi dimate.
I believe I have tried it both ways. Is it the setting in the VPN connection properties?
Lee.
I believe I have tried it both ways. Is it the setting in the VPN connection properties?
Lee.
ASKER
The router is a D-Link DSL504 with the latest firmware and PPTP enabled. I can make the VPN connection successfully if I put the server on the DMZ which could suggest its the router.
When I remove the DMZ setting and setup port forwarding for PPTP TCP 1723 and 47 (GRE) the connection hangs.
The remote network is found OK, it hangs for about 60 seconds on the winodws dialogue box saying "Verifying Username and Password". Then timesout.
Perhaps the router is not passing GRE packets although it should do.
Any more ideas?
Thanks :)
When I remove the DMZ setting and setup port forwarding for PPTP TCP 1723 and 47 (GRE) the connection hangs.
The remote network is found OK, it hangs for about 60 seconds on the winodws dialogue box saying "Verifying Username and Password". Then timesout.
Perhaps the router is not passing GRE packets although it should do.
Any more ideas?
Thanks :)
When using a VPN protocol (all of which provide a form of tunneling), any NAT router has to understand the VPN traffic, becase it is changing packet destinations in the packet headers. VPN software normally doesn't like this.
ASKER
I see. What are my options?
The remote VPN server is a Windows 2000 Server thats a Domain Controller running Active Directory and DNS. The ADSL router is as above.
Which method of VPN can be setup in the shortest amount of time and have the best change of success with my hardware and software?
Could someone note the steps to acheive the final result? I've banged my head against the wall for too long now :)
Thanks,
Lee.
The remote VPN server is a Windows 2000 Server thats a Domain Controller running Active Directory and DNS. The ADSL router is as above.
Which method of VPN can be setup in the shortest amount of time and have the best change of success with my hardware and software?
Could someone note the steps to acheive the final result? I've banged my head against the wall for too long now :)
Thanks,
Lee.
ASKER
I just want to be able to reasonably connect from my Windows 2000 PC from home over a broadband ADSL connection, to my remote Windows 2000 LAN at work. When connected I want to browse the LAN at work via the Network Neighbourhood icon on my PC at home.
Thanks,
Lee.
Thanks,
Lee.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'm going to try a different router.
I'll let you know how I get on.
Thanks so far :)
I'll let you know how I get on.
Thanks so far :)
I woud suggest the Linksys router that has IPSec VPN support. I forget the model number, but it has a V in it (to distinguish it from its more prletarian, non-VPN buddies)
http://www.labmice.net/networking/vpn.htm