VPN question - how to setup when behind router with NAT

Posted on 2005-03-08
Medium Priority
Last Modified: 2008-02-20
I want to setup a Windows 2003 server as VPN server.
The server is behind a router that runs NAT.

Are any special configuration needed on the server for this to work?

(like under the IP routing on th RRAS MMC - general/static routes, DHP relay, IGMP, NAT/basic firewall).
What should the settings for these be?
Question by:rj2
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 16

Accepted Solution

samccarthy earned 1500 total points
ID: 13485670
Setup your RRAS using the custom configuration, (for 1 NIC).  Select VPN server and follow the default prompts.  That's it for the RRAS server.

On your firewall/Router, you need to open up port TCP 1723 and forward that to the IP address of the VPN server.  Depending on the model, you may also have to enable GRE (IP Protocol 47).

Some routers have a PPTP passthrough which makes this a 1 setp process.

Anyway, that's all there is to it.  A VPN request hits the firewall/Router and that device forwards that port 1723 request on to the ip of the server for it to act on.
LVL 10

Author Comment

ID: 13486586
ok, that is what I have done, but I'm having a problem making it work.

If I connect directly to internal IP it works ok.

But if I try external IP it gets connected but then hangs with message "verifring username/password", and then times out with error message "error 721: remote computer did not respond".

The router is administered by our ISP. They say they have done it "by the book" according to http://cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a00800949c0.shtml

If I run command "netstat" on the server when I try to connect I see a PPTP connection from my IP.

So I'm not sure what to do now, something is wrong either on the VPN server or the router, but how can I find out where?
If the ISP have not setup GRE correctly on the router, could this give such symptoms? How can I verify if GRE is setup correctly on the router when I don't have telnet access to it?
The ISP also tried to let all IP traffic get through to the VPN server, but same results.

LVL 10

Author Comment

ID: 13486707
Or, actually I used the "manage your server" program when setting up the VPN. I had to add another NIC to be able to do that.

Could you elobarate somewhat what you mean when you say "Setup your RRAS using the custom configuration, (for 1 NIC).  "?

Should I remove the second NIC?
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

LVL 16

Expert Comment

ID: 13511648
Here is what I would do.  Lets uncomplicate things.  Take RRAS back to the beginning and remove the second NIC.  Open RRAS and click or right click, (I forget) to set it up.  When the wizard runs, select a Custom Configuration.  There you will select VPN server.  Then follow through the prompts.  This will allow you to run 1 Nic on your VPN server.  See how this works.
LVL 10

Author Comment

ID: 13543362
The problem was on the router.
LVL 16

Expert Comment

ID: 13543472
Glad to help!  Good Luck!

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Learn about cloud computing and its benefits for small business owners.
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question