[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Windows Server 2003 - RRAS VPN connections only work through Linksys brand home routers...

Posted on 2006-07-22
8
Medium Priority
?
916 Views
Last Modified: 2010-08-05
RRAS VPN connections only work through Linksys brand home routers and I can't figure out why. It could be in server rras properties or the network configuration; either way, why is this happening and is there a solution to this problem, so all home routers (dlink, belkin, etc.) can connect?

General Properties:
Windows Server 2003
Service - Routing and Remote Access using pptp protocol
Fortigate firewall
static t1

Properties for RRAS:
enabled as a router with LAN routing only
enabled as Remote Access Server
Uses Windows Authentication / Windows Accounting
IP routing enabled
Allows ip-based and demand-dial remote interface connections
Server assigns addresses using dhcp
Broadcast name resolution enabled
PPP: multilink connections enabled, dynamic bandwidth control using BAP or BACP enabled, LCP extensions enabled, software compression enabled

Properties for networking:
PPTP (1723) forwarded (ext --> int) to the rras ip address
ext. subnet: 255.255.255.252
int. subnet: 255.255.255.0
int. scope: 192.168.3.x
0
Comment
Question by:lbeg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
8 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17162297
Can you please post a complete IPCONFIG /ALL from your server?  While there is nothing in an IPCONFIG /ALL that would compromise the security of your network (this is the most often requested output in any support forum), there may be items which would provide your identity and therefore compromise your privacy if that is of concern.

Therefore, if you feel that it's necessary, you can modify the domain name, but please only modify anything that is identifiable to something generic.  Such as changing TechSoEasy.local to MyCompany.local.  If you have any public IP addresses, please just replace the last two octets with ***.***, and some people do not like to have the MAC (Physical) address shown... if you like, just modify he last few sections of these to **-**-**.

Jeff
TechSoEasy
0
 
LVL 1

Author Comment

by:lbeg
ID: 17163480
Windows IP Configuration

   Host Name . . . . . . . . . . . . : server
   Primary Dns Suffix  . . . . . . . : example.example.com
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : example.example.com

PPP adapter RAS Server (Dial In) Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.3.36
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : example.example.com
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-14-22-22-64-5E
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.3.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.3.1
   DNS Servers . . . . . . . . . . . : 192.168.3.2
0
 
LVL 1

Author Comment

by:lbeg
ID: 17163492
Also, when I say vpn connections only work with Linksys brand, I mean the vpn connection can only access ip addresses, not netbios or fqdn. The problem therein lies in that most people only know network addresses by their name, not ip address.
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17163806
Are you using WINS on your network?  If so, you should define that in the NIC's settings which will allow remote users to see network resources.

Jeff
TechSoEasy
0
 
LVL 26

Expert Comment

by:Vahik
ID: 17164121
1- make sure RRAS is listed in the RAS and IAS servers security group
2- make sure your binding order is correct
3- and -4 (i am no expret and must be checked by TechSoEasy or firewall gurus)

3-clients making a connection through VPN must be on diffrent subnet than the one used by ur internal clients..
4-ur internal and external NIC cards should also be on diffrent subnets...

i am no expert in firewall\VPNs ....just making some general comments....
take care and good luck.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 2000 total points
ID: 17164718
Actually, 2 & 4 above do not apply because there is only one NIC in the server.  The other interface is the PPTP one.

#3 above would be something to look out for, except that Belkin and D-Link routers don't use 192.168.3.x by default, so I don't think that would be a problem.

But this triggers a few thoughts for me...  

I think the answer may lay in either the configuration of the Fortigate and the way the clients are configured to connect through it, or it may have to do with GRE Protocol 47 not being enabled.

So, first make sure that the Fortigate is properly configured:  http://kc.forticare.com/default.asp?id=1700&SID=&Lang=1

And make sure you have the remote clients configured to default to the remote gateway: http://kc.forticare.com/default.asp?SID=&Lang=1&id=1564

Then, make sure that GRE Protocol 47 is enabled.  This is not port 47, and is often termed in router firmware as "enable PPTP VPN Passthrough" or some such wording.

Jeff
TechSoEasy
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question