VPN Frustration

Posted on 2006-04-06
Last Modified: 2010-04-12
Here is the setup:
Win XP x64 on a desktop connected via CAT5e to a Dell TrueMobile 2300. The router is serviced by an SBC ADSL WAN Link. The "server" (x64 desktop) is statically assigned and is set as DMZ on the TrueMobile. The unit is configured to accept outside connections with PPTP and assign them an address from the scope to

When connecting from an off site location we get the "Verifying Username and Password" dialouge and then error out.

1) We have tested it internally. The clients get an IP address within that range and works fine.
2) PPTP/VPN Passthrough is enabled on all involved devices (The TrueMobile has 1723 forwarded).

Any and all ideas are welcome.
Question by:pcpalct
    LVL 10

    Accepted Solution

    I am not familiar with the Dell router.  However, you should try the following:

    - Put the server on your inside LAN.  You don't need it on the DMZ because VPN will allow you to securely connect from outside to inside.  A DMZ is for untrusted (or less-trusted)connections from outside.

    - If your inside network is (mask, your VPN network (the address pool assigned to outside VPN clients) should be different.  For example,  This will give you 254 addresses for inside and 254 addresses for the VPN pool.  Your current VPN range (if it was not a typo) is really big... 500000+ hosts with a mask.  I doubt this is what you wanted and the router is probably confused if you have a different mask...

    Note- you don't need to forward 1723 on the router since the VPN connection terminates there from the outside.  Also, having VPN passthrough enabled won't help your outside connections.  Passthrough is to allow internal clients (with a software VPN client) to connect to an outside VPN server.

    Author Comment

    Thanks for your input. I agree with a few things you said and even venture to say that I must have made a typo somewhere (192.160* hahah!) so that statement of mine made little sense.

    The ultimate answer was that the customers were running Dynamic DSL Packages from SBC (without my knowledge - of course, let the IT guy know the details last) and they naturally need SBC Static IP Packages to take advantage of web & VPN services (confirmed this with SBC Technicial Support).

    Thanks a bunch!

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
    I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now