[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 325
  • Last Modified:

I can't get VPN to work, what am I missing?

Server is Windows 2003, I setup RRAS with VPN only. I have TCP 1723 forwarded to the Servers IP (192.168.1.101) and I have enabled PPTP and IPsec passthrough on my Linksys Router. MTU on the router is set to 1400. This used to work for me a long time ago, but I have not been able to get this to work for quite some time. I can make the connection if I am on the local network and connect to the internal IP, but when I use the WAN address it does not work. The initial handshake works, but it just times out while "Verifying username and Password". This leads me to suspect there is a firewall setting that is incorrect. I am tired of beating my head against the wall over this, I need some expert advice.

Any suggestions???
0
tommyboy22481
Asked:
tommyboy22481
  • 15
  • 9
  • 2
  • +2
3 Solutions
 
tommyboy22481Author Commented:
The error I am getting is #721. How do I enable GRE IP protocol 47 on my Linksys BEFSR41 router?
0
 
cnewgaardCommented:
This page seems to have a lot of people having the same issue as you.  Might be something in there for you to try

GRE is a protocol used in PPTP VPN's.  Note it's a protocol not a port.

http://www.broadbandreports.com/forum/remark,7568950~mode=flat
0
 
tommyboy22481Author Commented:
Okay I disconnected the router entirely, connected the server directly to the cable modem and it is still not working. So it seems its something in 2003. We are having this exact same problem at work, so any ideas what I could have configured wrong in RRAS? The server right now is getting a public IP and I assigned a range of 192.168.5.1-192.168.5.5 for the VPN connection.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
cnewgaardCommented:
Here's an MS article on deploying VPN's on Server 2003.  Sorry I'm not to familiar with setting up VPN's on Windows.  Just follow the links on the left hand side to read through the article.

http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/all/deployguide/en-us/dnsbf_vpn_scnu.asp
0
 
tommyboy22481Author Commented:
Humm, that had some good info, but it wasn't as detailed as I would like. Theres gotta be something stupid that I'm missing.
0
 
gjohnson99Commented:
first  thing is

Can you use the loacal ?  If it dose it work ok (like you want it to)?




 
0
 
tommyboy22481Author Commented:
Yes I can connect to the VPN server if I am connecting to it from the same subnet.
0
 
gjohnson99Commented:
When connected to the VPN can you access the internet?
0
 
tommyboy22481Author Commented:
Yeah I think so, I have the "Do not use default gateway on remote network" box checked.
0
 
gjohnson99Commented:
I need know this for sure to help you.
0
 
tommyboy22481Author Commented:
I just tested this and for sure I can access the web on my laptop when I connect to the VPN server thats on the same subnet. The "use default gateway on remote network" box doesn't actually seem to make a difference.
0
 
gjohnson99Commented:
Ok then it is most likey a routing issue.


It likey that you are forwording port 1723.
0
 
tommyboy22481Author Commented:
Yes I am forwarding port 1723 to the VPN server. I thought it was a firewall configuration problem at first but it still didn't work when I connected the modem directly up to the server bypassing the firewall entirely.
0
 
gjohnson99Commented:
Do you a fire wall on server ?

How are pc and server connect to the internet?
0
 
tommyboy22481Author Commented:
I get internet access through Charter Communications, I have their cable modem hooked up to my Netgear WAP/router. I have 3 computers, all hooked up to the router. I am using Private IP's on the internal network. I do not use any firewall software, just the netgear router for my firewall.
0
 
gjohnson99Commented:
So net gear is  being used as router ?   with Nat ?  How are you getting your IP address?
0
 
tommyboy22481Author Commented:
Yes, with NAT. Charter gives me 1 public IP that is assigned to the WAN interface of the router. IP are assigned using DHCP from the Netgear router.
0
 
gjohnson99Commented:
Ok with setup VPN would not work if you connected to your server Direct


I think we back port 1723 is not bing passed, it need to be enable for incomming and outgoing.  
0
 
tommyboy22481Author Commented:
Do you think my ISP blocks port 1723?  If so, how can I test that?
0
 
gjohnson99Commented:
I Just looked on microsoft site they say you need port 47 also.
0
 
tommyboy22481Author Commented:
Umm thats GRE IP Protocol 47, not a port.
0
 
gjohnson99Commented:
you right
0
 
Tim HolmanCommented:
Set the MTU on the CLIENTS and NOT the router.  Put the router's MTU back to how it was (1500 bytes)....

http://www.dslreports.com/faq/695
0
 
tommyboy22481Author Commented:
ahh, I hadn't thought about that. I will give that a try, though I never had to do that before so unless my ISP changed somthing I don't think thats it.
0
 
dsynCommented:
how is this coming along? Please explain the config if ya'll solve it.
0
 
tommyboy22481Author Commented:
Sorry I forgot all about this.

I just tried the MTU settings and I still get the error. I should mention I am using a Netgear MR814 v2 Router now instead of the Linksys, they had a good deal on it so I picked it up. So now I've used two seperate routers, connected the cable modem directly to the server and nothing made any difference. I'm thinking it must be something I've misconfigured on the server or my ISP (Charter Communications, WI) .

My local subnet behind the router uses the 192.168.1.0 netwrok address with a subnetmask of 255.255.255.0. I've configured RRAS to use a static address pool inthe range of 192.168.1.50-55 (those not being used on the local subnet). Is this correct?
0
 
Tim HolmanCommented:
>My local subnet behind the router uses the 192.168.1.0 netwrok address with a subnetmask of 255.255.255.0. I've configured >RRAS to use a static address pool inthe range of 192.168.1.50-55 (those not being used on the local subnet). Is this correct?

I would keep the pools completely separate - eg 192.168.1.0 for your network, and 192.168.2.0 for your RRAS network, otherwise they will overlap, and overlapping is generally bad.
0
 
tommyboy22481Author Commented:
Okay that makes sense. I was concerned that using a different subnet would cause problems with the computer not being able to see it, but I forgot that the WAN connection is sort of like another network card just with a different IP.
0
 
tommyboy22481Author Commented:
I still havn't gotten this to work yet but I have given up for the time being. I have other things to worry about so I'm just closing the question until I want to mess around with this again.

Thanks for everybody's help.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 15
  • 9
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now