VPN with LinkSys BEFSR11-CA ver.2

Posted on 2005-04-28
Last Modified: 2013-11-09
A network that I support has a number of WindowsXP Pro clients connecting to a Windows 2000 Server using a VPN connection and running Terminal Services.  The server has 2 network cards. One for the LAN and the 2nd to connect to the Internet and provide the external IP for the remote connections. It uses ICS to share the external connection for the LAN.
I want to replace the 2nd card with a router and I have a single port LinkSys BEFSR11-CA router. I cloned the MAC address of the 2nd network card and moved the modem cable from the 2nd NIC to the router.  I was able to do a release and renew and get an IP address and internet connection for the LAN PC's through the router but I can't get a connection coming in.  Also I can send email but can't receive any (server not found error).
The router configuration changes were:
   I forewarded port 3387 to the Terminal server IP
   I Disabled 'Block WAN requests'.
   Enabled 'PPTP Pass Through'
then forewarded ports 1723 and 47 for the VPN connection.

What else do I need to do to get the external clients to connect into the server through the existing Microsoft VPN and the run Terminal Server (RDT) software.

Any help would be greatly appreciated.

Question by:GDunsmore
    LVL 24

    Accepted Solution

    Most cheap routers support PPTP and IPSEC pass-through only for outgoing connections.  What this means is that you will be able to create an outgoing VPN connection from inside your LAN, but won't be able to connect to your server from outside in the way you are trying.  You may be able to if you declare your server as the DMZ, though this does mean that you are losing the benefit of the firewall, etc. on the router.

    One of the problems with incoming VPN is the random assignment of the port after the initial negotiation.  The ports you have forwarded are correct, but are only used for establishing the VPN.  If you look on the server when a VPN is established, you would see it is actually using a completely different port.  The cheaper routers just aren't designed to cope with this.

    Pretty much the only options available are the DMZ (as described above), or the purchase of a new router that fully supports VPN.
    LVL 24

    Assisted Solution

    Looking in the manual for your router, it doesn't support the VPN facilities you require.  It doesn't yet support IPSEC pass-through at all, and PPTP pass-through isn't sufficient for the VPN set-up you require.   You would require a router that actively routes PPTP sessions (rather than just allows them to pass).  A Linksys router that does support this is the BEFVP41 (

    Still worth trying the DMZ option though.
    LVL 6

    Assisted Solution

    I would suggest buying a Linksys WRT54G Wireless Router (in case you ever need WiFi).

    Upgrade the firmware out of the box, you can also try using sveasoft on it (

    Sorry we couldn't help more.


    Featured Post

    New My Cloud Pro Series - organize everything!

    With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

    Join & Write a Comment

    I recently purchased a Bluetooth headset called the Music Jogger (model BSH10). The control buttons on it look like this: One of my goals is to use it as the microphone and speakers for Skype calls. In that respect, it works well. However, I …
    PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now