[Webinar] Learn how to a build a cloud-first strategyRegister Now


VPN with LinkSys BEFSR11-CA ver.2

Posted on 2005-04-28
Medium Priority
Last Modified: 2013-11-09
A network that I support has a number of WindowsXP Pro clients connecting to a Windows 2000 Server using a VPN connection and running Terminal Services.  The server has 2 network cards. One for the LAN and the 2nd to connect to the Internet and provide the external IP for the remote connections. It uses ICS to share the external connection for the LAN.
I want to replace the 2nd card with a router and I have a single port LinkSys BEFSR11-CA router. I cloned the MAC address of the 2nd network card and moved the modem cable from the 2nd NIC to the router.  I was able to do a release and renew and get an IP address and internet connection for the LAN PC's through the router but I can't get a connection coming in.  Also I can send email but can't receive any (server not found error).
The router configuration changes were:
   I forewarded port 3387 to the Terminal server IP
   I Disabled 'Block WAN requests'.
   Enabled 'PPTP Pass Through'
then forewarded ports 1723 and 47 for the VPN connection.

What else do I need to do to get the external clients to connect into the server through the existing Microsoft VPN and the run Terminal Server (RDT) software.

Any help would be greatly appreciated.

Question by:Grant Dunsmore
  • 2
LVL 24

Accepted Solution

purplepomegranite earned 1800 total points
ID: 13892880
Most cheap routers support PPTP and IPSEC pass-through only for outgoing connections.  What this means is that you will be able to create an outgoing VPN connection from inside your LAN, but won't be able to connect to your server from outside in the way you are trying.  You may be able to if you declare your server as the DMZ, though this does mean that you are losing the benefit of the firewall, etc. on the router.

One of the problems with incoming VPN is the random assignment of the port after the initial negotiation.  The ports you have forwarded are correct, but are only used for establishing the VPN.  If you look on the server when a VPN is established, you would see it is actually using a completely different port.  The cheaper routers just aren't designed to cope with this.

Pretty much the only options available are the DMZ (as described above), or the purchase of a new router that fully supports VPN.
LVL 24

Assisted Solution

purplepomegranite earned 1800 total points
ID: 13892896
Looking in the manual for your router, it doesn't support the VPN facilities you require.  It doesn't yet support IPSEC pass-through at all, and PPTP pass-through isn't sufficient for the VPN set-up you require.   You would require a router that actively routes PPTP sessions (rather than just allows them to pass).  A Linksys router that does support this is the BEFVP41 (http://www.linksys.com/products/product.asp?grid=34&scid=29&prid=607).

Still worth trying the DMZ option though.

Assisted Solution

BILJAX earned 200 total points
ID: 13894470
I would suggest buying a Linksys WRT54G Wireless Router (in case you ever need WiFi).

Upgrade the firmware out of the box, you can also try using sveasoft on it (http://www.sveasoft.com).

Sorry we couldn't help more.


Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question