MN-700 Router and Incoming VPN - Windows XP Professional
Posted on 2004-04-25
Yep, yet another question on configuring an incoming VPN on windows XP. I have spent all day on this and have finally drawn a total blank. I have read so many postings in different places, that I am ready to yell!
Heres the scoop.....
I have a Microsoft MN-700 router, connected to a Motorola SB5100 Surfboard cable modem. This is all connected to a broadband provide (insightbb.com). There are 3 computers in the home, 1 desktop and two notebooks. There are also 3 pocket pc's. All works great. Filesharing between all of them, printing, internet access on all of them. Everything is in a workgroup. All items connect using wireless. All is good.
I need to setup a vpn into the workgroup, so that when we are out and about, we can access into the machines at home. I have created an incoming vpn connection in Wondows XP on the desktop machine, which is always on.
When I try to connect to the vpn from a remote network (eg at a workplace etc) I get the dreaded error 721. When I try to connect to the vpn server internally within our network, I get error 619.
I have checked everyting again and again and read countless posts. No ICF is configured on any of the machines. The desktop uses Norton Firewall, which has been disabled since I started this project (incidentally, when turn it back on it the vpn server can't be reached at all, as I have no rules set up yet for that...so it doesn't even get as far as the verifying user name and password prompt. Norton will remain disabled until I get this fixed...) I have port 1723 mapped through to the ip of the desktop, setup via port forwarding on the MN-700 config utiility. What I can't seem to sort out, and I think this may be the root of the problem, is whether or not the MN-700 router allows GRE 47 to pass through it. I have read that other routers have a PPTP passthrough capability. There is nothing in the MN-700 config utilities for that, and no mention of it in the manuals. I have read all about the people opening up port 47, and have now learned that is not the same thing!
Can anyone offer any insights as to what the next step could be? I am wondering whether its the router and a lack of support for GRE 47 passthrough, as I can't even set up a vpn internally within the network. 'coz everything is wireless, its presumably still going through the router to get to the desktop vpn server anyway. Is it this that is stripping out/interfering with packets to stop communications back to the vpn clients so that the handshake cannot complete? If it helps, I used Shields Up to check that port 1723 was open from the outside. it reported that it was. Also, when the vpn client tries to connect, I see "connecting to....then the ip address", very briefly "all devices connected" and then it goes to the verifying username and password"...and then returns either 619 0r 721 as listed above.
Any help greatly appreciated!