Solved

MN-700 Router and Incoming VPN - Windows XP Professional

Posted on 2004-04-25
3
816 Views
Last Modified: 2007-12-19
Hi all,

Yep, yet another question on configuring an incoming VPN on windows XP.  I have spent all day on this and have finally drawn a total blank.  I have read so many postings in different places, that I am ready to yell!

Heres the scoop.....

I have a Microsoft MN-700 router, connected to a Motorola SB5100 Surfboard cable modem.  This is all connected to a broadband provide (insightbb.com).  There are 3 computers in the home, 1 desktop and two notebooks.  There are also 3 pocket pc's.  All works great.  Filesharing between all of them, printing, internet access on all of them. Everything is in a workgroup.  All items connect using wireless.  All is good.

I need to setup a vpn into the workgroup, so that when we are out and about, we can access into the machines at home.  I have created an incoming vpn connection in Wondows XP on the desktop machine, which is always on.

When I try to connect to the vpn from a remote network (eg at a workplace etc) I get the dreaded error 721.  When I try to connect to the vpn server internally within our network, I get error 619.

I have checked everyting again and again and read countless posts.  No ICF is configured on any of the machines.  The desktop uses Norton Firewall, which has been disabled since I started this project (incidentally, when turn it back on it the vpn server can't be reached at all, as I have no rules set up yet for that...so it doesn't even get as far as the verifying user name and password prompt.  Norton will remain disabled until I get this fixed...)  I have port 1723 mapped through to the ip of the desktop, setup via port forwarding on the MN-700 config utiility.  What I can't seem to sort out, and I think this may be the root of the problem, is whether or not the MN-700 router allows GRE 47 to pass through it.  I have read that other routers have a PPTP passthrough capability.  There is nothing in the MN-700 config utilities for that, and no mention of it in the manuals.  I have read all about the people opening up port 47, and have now learned that is not the same thing!

Can anyone offer any insights as to what the next step could be?  I am wondering whether its the router and a lack of support for GRE 47 passthrough, as I can't even set up a vpn internally within the network.  'coz everything is wireless, its presumably still going through the router to get to the desktop vpn server anyway.  Is it this that is stripping out/interfering with packets to stop communications back to the vpn clients so that the handshake cannot complete?  If it helps, I used Shields Up to check that port 1723 was open from the outside.  it reported that it was.  Also, when the vpn client tries to connect, I see "connecting to....then the ip address", very briefly "all devices connected" and then it goes to the verifying username and password"...and then returns either 619 0r 721 as listed above.

Any help greatly appreciated!

David
0
Comment
Question by:dnmartin98
3 Comments
 
LVL 11

Accepted Solution

by:
ewtaylor earned 125 total points
ID: 10963624
Ok make sure the firmware on the mn700 is up to date, then I would turn off stateful packet inspection just for troubleshooting purposes. Also make sure you have vpn passthrough enabled on this side and on the client side. Lastly make sure the 2 networks are addressed differently if you are connecting from a 192.168.0.x network to a 192.168.0.x network it can cause trouble.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the Top 10  common Cisco VPN problems are not-matching shared keys. This is an easy one to fix, but not always easy to notice, see the case below. A simple IPsec tunnel between fast Ethernet interfaces of routers SW1 (f1/1) and R1(f0/0). …
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

806 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question