SBS 2003 client VPN Connection using MS CHAP V2 Behind Linksys routers

Posted on 2006-05-14
Medium Priority
Last Modified: 2008-02-26
I have a Small Business Server 2003 network.  I connect remotely on occasion using the Windows XP VPN Connector.  By default the SBS uses MS-CHAP V2 for authentication.  The VPN connection works fine if I am not behind a Linksys router.  If I am behind a Linksys router and connect with the VPN connection it says that it is connected, but I don't have any connectivity with my SBS network.  I can't ping the server, see any network shares, etc...  It is odd that is even says that it is connected.  This happens with any model of Linksys router I have tried.  

If I am connected directly to the internet of behind a Netgear or D-Link router the VPN connection works fine and I can work as normal.  I can ping the server, see all the shares, etc...

Does anyone know how to get the VPN connection to work properly behind a Linksys router?
Question by:hitekcomputing
  • 4
  • 2
LVL 78

Expert Comment

by:Rob Williams
ID: 16677476
Most of the Linksys need to have VPN pass-through enabled. This is located in different places on different models but you should find a list with check boxes, which are disabled by default:
PPTP pass-through
L2TP pass-through
IPSec pass-trough
Just a note: some old Linksys routers do not support VPN's, and some not so old units require firmware updates to allow VPN pass through. However, if the pass-through list is there, they are compatible.

Author Comment

ID: 16679197
I do know that the VPN passthrough needs to be enabled and it is.  However, the default authentication for VPN on SBS is not L2TP, PPTP, or IPSEC.  It is MS-CHAP V2.  That is what I cannot get to work from behind any Linksys router.  It works fine from behind Netgear, D-Link, and other brands.  
LVL 78

Expert Comment

by:Rob Williams
ID: 16687670
Sorry I was thinking IPSec/L2TP. I dug everywhere and could find no reference to Linksys routers supporting MS-Chap V1 or V2, then again none stating they don't. However, it is possible they do not support it.
Though you can configure SBS with MS-CHAP v2, I don't believe it is the default configuration. You could change that and use basic PPTP only, which is supported by Linksys.
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 16690849
I may have to do that.  How do you configure SBS 2003 to use PPTP.  IS PPTP as sucure?
LVL 78

Accepted Solution

Rob Williams earned 1000 total points
ID: 16691033
You can switch it off on the client and server, but I wouldn't do that. Looking at it now, PPTP actually uses MS-CHAP to "communicate.  A Linksys router, unless an old one, will support PPTP without a problem All you should have to do is enable PPTP pass-through on the Linksys. If this option exists on the router then it is VPN/PPTP compatible.

You mention it works when behind a Netgear or D-Link router. Is this on the same network? If not the only reason I can see it working when directly connected to the modem but not when behind the Linksys is if the modem is a combined router and modem and therefore performing NAT (Network Address Translation). The router also performs NAT and VPN's do not like 2 NAT devices. You can verify by going the status page of the Linksys. See what the WAN/Public IP is. If it starts with one of the following:
it is behind a NAT modem. The modem in that case would have to re-configured from NAT mode to Bridge mode. If unsure please provide the make and model of the modem and I can get the specifications.
LVL 78

Expert Comment

by:Rob Williams
ID: 16910746
hitekcomputing, were you able to get this working properly?

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the Top 10  common Cisco VPN problems are not-matching shared keys. This is an easy one to fix, but not always easy to notice, see the case below. A simple IPsec tunnel between fast Ethernet interfaces of routers SW1 (f1/1) and R1(f0/0). …
Using Windows 2008 RRAS, I was able to successfully VPN into the network, but I was having problems restricting my test user from accessing certain things on the network.  I used Google in order to try to find out how to stop people from accessing c…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses
Course of the Month16 days, 2 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question