tommyboy22481
asked on
I can't get VPN to work, what am I missing?
Server is Windows 2003, I setup RRAS with VPN only. I have TCP 1723 forwarded to the Servers IP (192.168.1.101) and I have enabled PPTP and IPsec passthrough on my Linksys Router. MTU on the router is set to 1400. This used to work for me a long time ago, but I have not been able to get this to work for quite some time. I can make the connection if I am on the local network and connect to the internal IP, but when I use the WAN address it does not work. The initial handshake works, but it just times out while "Verifying username and Password". This leads me to suspect there is a firewall setting that is incorrect. I am tired of beating my head against the wall over this, I need some expert advice.
Any suggestions???
Any suggestions???
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Okay I disconnected the router entirely, connected the server directly to the cable modem and it is still not working. So it seems its something in 2003. We are having this exact same problem at work, so any ideas what I could have configured wrong in RRAS? The server right now is getting a public IP and I assigned a range of 192.168.5.1-192.168.5.5 for the VPN connection.
Here's an MS article on deploying VPN's on Server 2003. Sorry I'm not to familiar with setting up VPN's on Windows. Just follow the links on the left hand side to read through the article.
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/all/deployguide/en-us/dnsbf_vpn_scnu.asp
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/all/deployguide/en-us/dnsbf_vpn_scnu.asp
ASKER
Humm, that had some good info, but it wasn't as detailed as I would like. Theres gotta be something stupid that I'm missing.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes I can connect to the VPN server if I am connecting to it from the same subnet.
When connected to the VPN can you access the internet?
ASKER
Yeah I think so, I have the "Do not use default gateway on remote network" box checked.
I need know this for sure to help you.
ASKER
I just tested this and for sure I can access the web on my laptop when I connect to the VPN server thats on the same subnet. The "use default gateway on remote network" box doesn't actually seem to make a difference.
Ok then it is most likey a routing issue.
It likey that you are forwording port 1723.
It likey that you are forwording port 1723.
ASKER
Yes I am forwarding port 1723 to the VPN server. I thought it was a firewall configuration problem at first but it still didn't work when I connected the modem directly up to the server bypassing the firewall entirely.
Do you a fire wall on server ?
How are pc and server connect to the internet?
How are pc and server connect to the internet?
ASKER
I get internet access through Charter Communications, I have their cable modem hooked up to my Netgear WAP/router. I have 3 computers, all hooked up to the router. I am using Private IP's on the internal network. I do not use any firewall software, just the netgear router for my firewall.
So net gear is being used as router ? with Nat ? How are you getting your IP address?
ASKER
Yes, with NAT. Charter gives me 1 public IP that is assigned to the WAN interface of the router. IP are assigned using DHCP from the Netgear router.
Ok with setup VPN would not work if you connected to your server Direct
I think we back port 1723 is not bing passed, it need to be enable for incomming and outgoing.
I think we back port 1723 is not bing passed, it need to be enable for incomming and outgoing.
ASKER
Do you think my ISP blocks port 1723? If so, how can I test that?
I Just looked on microsoft site they say you need port 47 also.
ASKER
Umm thats GRE IP Protocol 47, not a port.
you right
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ahh, I hadn't thought about that. I will give that a try, though I never had to do that before so unless my ISP changed somthing I don't think thats it.
how is this coming along? Please explain the config if ya'll solve it.
ASKER
Sorry I forgot all about this.
I just tried the MTU settings and I still get the error. I should mention I am using a Netgear MR814 v2 Router now instead of the Linksys, they had a good deal on it so I picked it up. So now I've used two seperate routers, connected the cable modem directly to the server and nothing made any difference. I'm thinking it must be something I've misconfigured on the server or my ISP (Charter Communications, WI) .
My local subnet behind the router uses the 192.168.1.0 netwrok address with a subnetmask of 255.255.255.0. I've configured RRAS to use a static address pool inthe range of 192.168.1.50-55 (those not being used on the local subnet). Is this correct?
I just tried the MTU settings and I still get the error. I should mention I am using a Netgear MR814 v2 Router now instead of the Linksys, they had a good deal on it so I picked it up. So now I've used two seperate routers, connected the cable modem directly to the server and nothing made any difference. I'm thinking it must be something I've misconfigured on the server or my ISP (Charter Communications, WI) .
My local subnet behind the router uses the 192.168.1.0 netwrok address with a subnetmask of 255.255.255.0. I've configured RRAS to use a static address pool inthe range of 192.168.1.50-55 (those not being used on the local subnet). Is this correct?
>My local subnet behind the router uses the 192.168.1.0 netwrok address with a subnetmask of 255.255.255.0. I've configured >RRAS to use a static address pool inthe range of 192.168.1.50-55 (those not being used on the local subnet). Is this correct?
I would keep the pools completely separate - eg 192.168.1.0 for your network, and 192.168.2.0 for your RRAS network, otherwise they will overlap, and overlapping is generally bad.
I would keep the pools completely separate - eg 192.168.1.0 for your network, and 192.168.2.0 for your RRAS network, otherwise they will overlap, and overlapping is generally bad.
ASKER
Okay that makes sense. I was concerned that using a different subnet would cause problems with the computer not being able to see it, but I forgot that the WAN connection is sort of like another network card just with a different IP.
ASKER
I still havn't gotten this to work yet but I have given up for the time being. I have other things to worry about so I'm just closing the question until I want to mess around with this again.
Thanks for everybody's help.
Thanks for everybody's help.
ASKER