Solved

Network Topology & VPN

Posted on 2004-03-31
8
547 Views
Last Modified: 2006-11-17
Brief overview of the current network setup

|router| ---- |firewall| ---- |switch(s)| ---- w2k server and rest of LAN

Problem:

I am trying to setup up a user to access the corporate network using PPTP.  I have configured the VPN server using RRAS built into 2k server, and everything appears to be functioning correctly internally.  The problem I am having deals with the way the traffic is being routed through the firewall.  I only have the two ports on the firewall (one for the router and one for the LAN).  I have turned on NAT to allow traffic to specific computers on the LAN from the outside world and that is working fine.  That being said, when I try to connect to the VPN server, I always get some type of error message (I think the last one was 721).  I think the problem is not with the setup of the VPN server, but with the way NAT is handling the traffic.  I can get to the server (It tries to login), but when the VPN server sends traffic back to the client, I think the firewall is dropping it.  I do have port 1723 and Protocol 47 open.  Here is a graphic depiction:

Client computer initiates VPN session to the public address of the VPN server 216.145.1.xxx
Firewall recognizes the traffic to the VPN server and NAT translates the 216.145.1.xxx to the private address 192.168.20.40.
VPN server tries to send the info back to the client (using the private address I think)
The firewall doesn't relay the info to the client
Client gets the error message (721 I think).

The VPN server does have 2 NIC cards available, but seeing how the firewall only has the two ports, the second NIC card is disabled right now.  My question is this...

How do I configure the network for this to work properly.  I suppose I could put a hub between the router and the firewall using the second NIC card and a public address, but that would open the VPN server to all sorts of unwanted traffic.  Any help at all would be appreciated.

Thanks,
J
0
Comment
Question by:jbayness
  • 4
  • 3
8 Comments
 
LVL 2

Expert Comment

by:noamkrief
ID: 10729177
i have that same problem. I have a cheezy linksys router which has a problem forwarding the VPN protocol to a win2k server.

It's very wierd. If you have my model of linksys router and a win2k VPN serber, it doesn't work :) funny.

I resorted to SSH tunneling which i think is faster and know is way more secure with key authentication.
With VPN, all users have to know is my username / password.
SSH they need my key file, username, and passphrase...

I hope you figure out the VPN.
Try setting it up as DMZ. That will open it up completely.
Noam
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 10732517
What is on the other end? You are connecting from home with a router in place? If you are running NAT from the client end make sure that you have the correct settings on that router. I would switch to l2tp instead. If you check the firewall logs does any dropped packets from either side of the tunnel show up?
0
 

Author Comment

by:jbayness
ID: 10733156
I have a linksys on the other side (home) and a sonicwall soho 3 on the office side.  There is nothing in the firewall logs about dropped packets...  I have tried from a different home location without a router with no success either.  I will mess with L2tp this afternoon and post back the results.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 11

Expert Comment

by:ewtaylor
ID: 10733384
Quick question, do you have any other software installed like zonealarm or cisco vpn client?
0
 

Author Comment

by:jbayness
ID: 10733465
nope.  I just have what I mentioned before.  Will this even work with NAT turned on?
0
 
LVL 11

Accepted Solution

by:
ewtaylor earned 500 total points
ID: 10733706
The soho 3 is a firewall with a vpn endpoint. You do not need the microsoft vpn server just install the sonicwall client and setup the soho as the vpn server.
0
 

Author Comment

by:jbayness
ID: 10736192
I am going to award the points to ewtaylor...his last point pointed me in the right direction (back to the firewall itself).  I updated the firmware on the soho3 to 6.5.x.  That added a few more features...namely TRANVERSE NAT.  guess what.  I am up and running beautifully.  Thanks for the help guys.
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 10736335
No problem, thanks for the points.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question