Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Windows 2003 server not working with Linksys router

Posted on 2006-05-23
18
Medium Priority
?
200 Views
Last Modified: 2010-03-18
I have Windows 2003 server I am trying to implement a VPN to through a Linksys WRT54GS router using VPN Pass Through.  The VPN is set up to use PPTP.  When I test the VPN without the router (the server is directly connected to the cable modem), I can connect to the VPN every time.  When I put the router back in place, I get an "Error 678: there was no answer."

I have used Linksys tech support and they have walked me through all of the options to make passthrough work and have even administered the router remotely to configure the router themselves and they cannot figure out the problem.

The following are already in place:

PPTP is enabled
The following ports are forwarded to the VPN server in Port Forwarding:
    47, 50, 500, 1723

We have also tried:
    Port Triggering instead of port forwarding.
    Placing the server in the DMZ

Nothing seems to work.  I still have an outstanding ticket with level 2 tech support but if anyone has any suggestions I am willing to try most anything.

If it helps, I have a similar problem with a Netgear router but want to focus on the Linksys since it is critical and time sensitive.  I am open to the possibility that there is a misconfiguration problem on the server but it does not seem likely since I can always connect when the router is taken out of the equation.

Thank you.

0
Comment
Question by:woodjack
  • 6
  • 6
  • 4
16 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16747052
Hi woodjack,

51 is another port worth opening for IPSEC, are you certain you have forwarded the ports to the correct address? have you tried hardbooting your router and reoconfiguring and/or updating its firmware
0
 

Author Comment

by:woodjack
ID: 16751600
Hi Jay,

I opened port 51 to no effect but thank you for the advice.  I upgraded my firmware as a first step and have hardbooted the router several times since.  I checked the port forwarding destination and it has the correct VPN IP address.

I am befuddled.

Thanks for the suggestions.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16756522
hmm has me stuffed as well, ill get some additional help from a VPN guru
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:woodjack
ID: 16756563
Thanks Jay.  I don't have a VPN resource nearby that I can tap for this.  Much appreciated.
0
 
LVL 78

Accepted Solution

by:
Rob Williams earned 2000 total points
ID: 16756598
If you are using the standard Windows VPN client you only need 2 things. Clean up all of the others "stuff" such as the extra ports and port triggering as they can actually interfere.

1) Forward TCP port 1723 to the VPN server's IP
2) On the Security tab of the firewall section," check PPTP pass-through" (this is the GRE encapsulation protocol used by PPTP. It is protocol 47, not port 47)

Having said that, the WRT54G is notorious for blocking some outgoing VPN connections, but usually only outgoing and only IPSec. Personally I have never had problems.
Give that a try and see how you make out.

The other thing to watch for is; is your modem a combined modem/router? If so it is performing NAT (Network Address Translation) and VPN's do not like 2 NAT devices. You will be able to tell if it is assigning the connected device a private IP such as 192.168.x.x, 10.x.x.x, or 172.16-31.x.x. If this is the case the modem needs to be put in Bridge mode, and the WAN page of the router configured with the ISP connection information. If in doubt provide the make and model of the modem and we'll track down the details.

Thanks for the invite James.
--Rob
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16756625
Thanks Rob
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16756640
Don't thank me yet <G>, but you are welcome.
0
 

Author Comment

by:woodjack
ID: 16792357
Thanks Jay and Rob.

I tried the above recommendation and it still does not work.  I have to admit it doesn't make a lot of sense at this point.  I'm back on the phone with Linksys tech support.

Jack
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16792557
Have you tried verifying that the appropriate port, 1723, is in fact forwarded. From the server log on to
Http://www.canyouseeme.org   and test for port 1723
This will also verify the true WAN IP address that you should be connecting to from the remote location. Also make sure when you log onto the Linksys that on the status page of the router it shows that IP as being the WAN/public IP.
And, again verify PPTP pass-through is enabled on the router, though this does not usually generate a 678 error, that would be more the port forwarding or wrong WAN IP.

Another test would be to turn on remote management of the router and verify you can connect.
0
 

Author Comment

by:woodjack
ID: 16793330
I just tried www.canyouseeme.org and it can see port 1723 on the server.  The router log also shows an incoming connection to 1723.  PPTP is verified as enabled.  Also, I can remotely manage the router.

The public address on the router was the address that showed at www.canyouseeme.org.

Thanks.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16793385
Then I am stumped. You should at least get as far as a 721 error. Any chance of trying another router?
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16793398
No chance of a Windows or other firewall enabled on the machine to which you are connecting?
0
 

Author Comment

by:woodjack
ID: 16793781
Thanks Rob.

Yes, it doesn't make sense to me either.

We are on the verge of trying another router.

Thanks again.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16794248
probably save yourself some time and frustration at least trying another router or doing a hard reset on your current one
0
 

Author Comment

by:woodjack
ID: 17217412
Gentlement.  I apologize for not responding.  It was not my intent to abandon.

For my resolution I started from scratch with the router.  I reset to facorty defaults and upgraded the firmware again.  I then changed all relevent settings as posted in this thread.

Likewise, on the server I recreated routing and remote access from scratch just to make sure everything was configured properly and the VPN now works.

I can't be sure exactly which item in the thread helped the most but the suggestion to remove any extraneous port forwarding let me to reconfiguring from scratch so I award the points to Rob.

Thanks again and sorry about the lack of response.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 17221133
Thanks woodjack, and appreciate the update.
--Rob
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question