Solved

Network Topology & VPN

Posted on 2004-03-31
8
544 Views
Last Modified: 2006-11-17
Brief overview of the current network setup

|router| ---- |firewall| ---- |switch(s)| ---- w2k server and rest of LAN

Problem:

I am trying to setup up a user to access the corporate network using PPTP.  I have configured the VPN server using RRAS built into 2k server, and everything appears to be functioning correctly internally.  The problem I am having deals with the way the traffic is being routed through the firewall.  I only have the two ports on the firewall (one for the router and one for the LAN).  I have turned on NAT to allow traffic to specific computers on the LAN from the outside world and that is working fine.  That being said, when I try to connect to the VPN server, I always get some type of error message (I think the last one was 721).  I think the problem is not with the setup of the VPN server, but with the way NAT is handling the traffic.  I can get to the server (It tries to login), but when the VPN server sends traffic back to the client, I think the firewall is dropping it.  I do have port 1723 and Protocol 47 open.  Here is a graphic depiction:

Client computer initiates VPN session to the public address of the VPN server 216.145.1.xxx
Firewall recognizes the traffic to the VPN server and NAT translates the 216.145.1.xxx to the private address 192.168.20.40.
VPN server tries to send the info back to the client (using the private address I think)
The firewall doesn't relay the info to the client
Client gets the error message (721 I think).

The VPN server does have 2 NIC cards available, but seeing how the firewall only has the two ports, the second NIC card is disabled right now.  My question is this...

How do I configure the network for this to work properly.  I suppose I could put a hub between the router and the firewall using the second NIC card and a public address, but that would open the VPN server to all sorts of unwanted traffic.  Any help at all would be appreciated.

Thanks,
J
0
Comment
Question by:jbayness
  • 4
  • 3
8 Comments
 
LVL 2

Expert Comment

by:noamkrief
ID: 10729177
i have that same problem. I have a cheezy linksys router which has a problem forwarding the VPN protocol to a win2k server.

It's very wierd. If you have my model of linksys router and a win2k VPN serber, it doesn't work :) funny.

I resorted to SSH tunneling which i think is faster and know is way more secure with key authentication.
With VPN, all users have to know is my username / password.
SSH they need my key file, username, and passphrase...

I hope you figure out the VPN.
Try setting it up as DMZ. That will open it up completely.
Noam
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 10732517
What is on the other end? You are connecting from home with a router in place? If you are running NAT from the client end make sure that you have the correct settings on that router. I would switch to l2tp instead. If you check the firewall logs does any dropped packets from either side of the tunnel show up?
0
 

Author Comment

by:jbayness
ID: 10733156
I have a linksys on the other side (home) and a sonicwall soho 3 on the office side.  There is nothing in the firewall logs about dropped packets...  I have tried from a different home location without a router with no success either.  I will mess with L2tp this afternoon and post back the results.
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 10733384
Quick question, do you have any other software installed like zonealarm or cisco vpn client?
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:jbayness
ID: 10733465
nope.  I just have what I mentioned before.  Will this even work with NAT turned on?
0
 
LVL 11

Accepted Solution

by:
ewtaylor earned 500 total points
ID: 10733706
The soho 3 is a firewall with a vpn endpoint. You do not need the microsoft vpn server just install the sonicwall client and setup the soho as the vpn server.
0
 

Author Comment

by:jbayness
ID: 10736192
I am going to award the points to ewtaylor...his last point pointed me in the right direction (back to the firewall itself).  I updated the firmware on the soho3 to 6.5.x.  That added a few more features...namely TRANVERSE NAT.  guess what.  I am up and running beautifully.  Thanks for the help guys.
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 10736335
No problem, thanks for the points.
0

Featured Post

Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now