VPN Problem

I am having trouble logging into VPN to my office from home.
I can log in to the VPN when in the network(at the office, for testing purposes), by
putting in the Win 2000 Servers IP, in the Host or IP part of the VPN client login.

Logically, it would seem I would need the routers IP to then connect to the Server's IP.

My setup.
HOME - Laptop in LAN, local IP connected using CABLE Modem. (net gear router)

WORK - 2k server in LAN, LOCAL IP connected by DSL (using linksys router)

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Assuming the router & VPN server on the work end are configured properly, you have to make sure you are connecting to the public/internet IP for the work server, not the local/LAN IP.  The router will make sure the incoming connections are sent to the VPN server for validation.  On your end, you also have to configure your router to allow IPSec Pass-Through or PPTP Pass-Through (or both) depending on which your work server uses for VPN connections.
Try enabling PPTP & L2TP on the netgear (if those options are available) Also enable pass-thru authentication. If that's not it try updating or predating the firmware to the router, in other words don't be scared to use an older firmware.
jfilmore33Author Commented:
My main mis-unserstanding is, when i log into the VPN connection, and it asks for the server Host Name/IP, do I put
the routers DNS IP Address. On the the router it has LAN and WAN settings. It would be the IP from the WAN settings, is that right?

OWASP: Forgery and Phishing

Learn the techniques to avoid forgery and phishing attacks and the types of attacks an application or network may face.

Yes, you put in the WAN (public/internet) IP address, not the LAN address.
Dang, you couldn't have been more general huh?

First, what kind of router you are using.  Hopefully Cisco, if so please post config and ver.  Let's take this step-by-step, or this will take forever man.  Has this ever worked before, or was working and not working anymore?

Did you configure the routers yourself, need infrastructure and routing diagram please.

Please understand a lot of people post their questions very generally and think everybody already knows their network layout, which we have never seem before.  As a network engineer before a tackle a project for a client, I first request a network diagram, access to their routers (if not, at least a config and ver).  To see at least their hardware/OS meets requirements for the topology they want to accomplish.  If we *network consultant* just go in and don't understand and see the whole picture, our configuration will probably NOT work in your enviroment.  As you know, all environment is unique, which means different.  What works in one environment, will probably not work best in yours.
jfilmore33Author Commented:

STATUS : can connect to VPN in OFFICE (LAN)only for testing purposes, but outside the LAN, no success.

SMALL OFFICE - 7 PC'S running XP Pro, TCP/IP as network protocol
                        1 Windows 2000 Server, Domain Controller

Network connected to outer world by LINKSYS , (BEFR41 v2) router (not wireless)
Router is connected to our DSL Connection

The router's internet connection type is currently PPPoE, not sure if that effects anything.
Another choice is PPTP which sounds more like a VPN, but the PPPoE is whats being used currently. Should I be using PPTP, ???

On 2000 server, running active directory which contains users that have been given the
permission to Dial in and connect remotely.(well, i can login locally so the users must have correct permissions.

To attempt and log into my offices VPN, I use the IP address located under the WAN settings in my offices router settings (the LinkSys BEFSR41) not the LAN IP. This is being done through my home NETGEAR Router, which also has VPN Capabilities.

I called linksys, but i honestley cannot understand a word they are saying to me!!!

jfilmore33Author Commented:
PPTP and IPSEc are enabled, by the way
I'm not sure you're going to like this answer, but it wasn't long ago that I was in exactly the same situation that you are in.  I was setting up a VPN connection very much like the one you're talking about using two BEFR41 v2 routers.  The problem I encountered was this: PPTP and L2TP run on certain protocols, but the Linksys router has no mechanism to pass these protocols on to the VPN server.  The solution Linksys will give you is to forward specific port numbers (I forget the exact numbers, but they correspond with the VPN protocols).  The problem is ports and protocols are two entirely different things and Linksys tech support - as well as whoever writes their manuals - seems to have no clue that this is the case.  You said, << I called linksys, but i honestley cannot understand a word they are saying to me!!! >>  If you you want to experience real frustration, give them a call and try to explain the difference between a port and a protocol.

If you dig around the web long enough (like I did), you will find examples of people who got this to work and plenty of people who came to the same conclusion I did.  I was able to get it working temporarily by downgrading to an old version of the router's firmware (the PPTP & L2TP problems apparently had begun with a specific firmware update), but even then the connections kept getting dropped - it was never reliable enough to count on.  In the end, my solution was to purchase two VPN routers (Linksys makes those, too, and they work just fine, ie. the BEFVP41 - the VPN equivalent of what you have now).  This established a secure, persistent connection between my home office and my client's office, which I use every day.  Since then we have added VPN connections to two branch offices and haven't had a problem since.

Having said all of that, this is 'supposed to' work the way you are trying to set it up.  I don't like being a pessimist, but given the extreme frustration I experienced with the same problem you are facing and my research that demonstrated that there were many others in the same boat, I feel obliged to mention all of this.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jfilmore33Author Commented:
I like that answer, because now I am able to reach my VPN Server at least. But
now the user that i gave permissions is being denied I believe, because it remains
at verifying Username + Password, and doesnt get passed that point. What are the
permissions the user should have to access through VPN, are there any things on WIN 2K Server
config that may be holding something back from log on?

In the user's properties, under the 'dial-in' tab you have to make sure the 'Allow access' radio button under 'Remote Access Permission (Dial-in or VPN)' is checked or, if you are using RRAS, make sure that 'Control access through Remote Access Policy' is checked.

NB - I'm looking at a Win2k server (don't have Win2k3 at home), so it may be a little different in Win2k3.
Make sure your users have "Dial in" permissions on their AD profile.
jfilmore33Author Commented:
I understand the logic now, which I am very happy about, I'll check the permissions tomorrow to see
if i can figure it out.
Good luck.  Be sure to check back here and tell us how it goes.
jfilmore33Author Commented:
will do!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.