Solved

MN-700 Router and Incoming VPN - Windows XP Professional

Posted on 2004-04-25
3
812 Views
Last Modified: 2007-12-19
Hi all,

Yep, yet another question on configuring an incoming VPN on windows XP.  I have spent all day on this and have finally drawn a total blank.  I have read so many postings in different places, that I am ready to yell!

Heres the scoop.....

I have a Microsoft MN-700 router, connected to a Motorola SB5100 Surfboard cable modem.  This is all connected to a broadband provide (insightbb.com).  There are 3 computers in the home, 1 desktop and two notebooks.  There are also 3 pocket pc's.  All works great.  Filesharing between all of them, printing, internet access on all of them. Everything is in a workgroup.  All items connect using wireless.  All is good.

I need to setup a vpn into the workgroup, so that when we are out and about, we can access into the machines at home.  I have created an incoming vpn connection in Wondows XP on the desktop machine, which is always on.

When I try to connect to the vpn from a remote network (eg at a workplace etc) I get the dreaded error 721.  When I try to connect to the vpn server internally within our network, I get error 619.

I have checked everyting again and again and read countless posts.  No ICF is configured on any of the machines.  The desktop uses Norton Firewall, which has been disabled since I started this project (incidentally, when turn it back on it the vpn server can't be reached at all, as I have no rules set up yet for that...so it doesn't even get as far as the verifying user name and password prompt.  Norton will remain disabled until I get this fixed...)  I have port 1723 mapped through to the ip of the desktop, setup via port forwarding on the MN-700 config utiility.  What I can't seem to sort out, and I think this may be the root of the problem, is whether or not the MN-700 router allows GRE 47 to pass through it.  I have read that other routers have a PPTP passthrough capability.  There is nothing in the MN-700 config utilities for that, and no mention of it in the manuals.  I have read all about the people opening up port 47, and have now learned that is not the same thing!

Can anyone offer any insights as to what the next step could be?  I am wondering whether its the router and a lack of support for GRE 47 passthrough, as I can't even set up a vpn internally within the network.  'coz everything is wireless, its presumably still going through the router to get to the desktop vpn server anyway.  Is it this that is stripping out/interfering with packets to stop communications back to the vpn clients so that the handshake cannot complete?  If it helps, I used Shields Up to check that port 1723 was open from the outside.  it reported that it was.  Also, when the vpn client tries to connect, I see "connecting to....then the ip address", very briefly "all devices connected" and then it goes to the verifying username and password"...and then returns either 619 0r 721 as listed above.

Any help greatly appreciated!

David
0
Comment
Question by:dnmartin98
3 Comments
 
LVL 11

Accepted Solution

by:
ewtaylor earned 125 total points
ID: 10963624
Ok make sure the firmware on the mn700 is up to date, then I would turn off stateful packet inspection just for troubleshooting purposes. Also make sure you have vpn passthrough enabled on this side and on the client side. Lastly make sure the 2 networks are addressed differently if you are connecting from a 192.168.0.x network to a 192.168.0.x network it can cause trouble.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

One of the Top 10  common Cisco VPN problems are not-matching shared keys. This is an easy one to fix, but not always easy to notice, see the case below. A simple IPsec tunnel between fast Ethernet interfaces of routers SW1 (f1/1) and R1(f0/0). …
Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now