Solved

Windows Server 2003 - RRAS VPN connections only work through Linksys brand home routers...

Posted on 2006-07-22
8
912 Views
Last Modified: 2010-08-05
RRAS VPN connections only work through Linksys brand home routers and I can't figure out why. It could be in server rras properties or the network configuration; either way, why is this happening and is there a solution to this problem, so all home routers (dlink, belkin, etc.) can connect?

General Properties:
Windows Server 2003
Service - Routing and Remote Access using pptp protocol
Fortigate firewall
static t1

Properties for RRAS:
enabled as a router with LAN routing only
enabled as Remote Access Server
Uses Windows Authentication / Windows Accounting
IP routing enabled
Allows ip-based and demand-dial remote interface connections
Server assigns addresses using dhcp
Broadcast name resolution enabled
PPP: multilink connections enabled, dynamic bandwidth control using BAP or BACP enabled, LCP extensions enabled, software compression enabled

Properties for networking:
PPTP (1723) forwarded (ext --> int) to the rras ip address
ext. subnet: 255.255.255.252
int. subnet: 255.255.255.0
int. scope: 192.168.3.x
0
Comment
Question by:lbeg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
8 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17162297
Can you please post a complete IPCONFIG /ALL from your server?  While there is nothing in an IPCONFIG /ALL that would compromise the security of your network (this is the most often requested output in any support forum), there may be items which would provide your identity and therefore compromise your privacy if that is of concern.

Therefore, if you feel that it's necessary, you can modify the domain name, but please only modify anything that is identifiable to something generic.  Such as changing TechSoEasy.local to MyCompany.local.  If you have any public IP addresses, please just replace the last two octets with ***.***, and some people do not like to have the MAC (Physical) address shown... if you like, just modify he last few sections of these to **-**-**.

Jeff
TechSoEasy
0
 
LVL 1

Author Comment

by:lbeg
ID: 17163480
Windows IP Configuration

   Host Name . . . . . . . . . . . . : server
   Primary Dns Suffix  . . . . . . . : example.example.com
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : example.example.com

PPP adapter RAS Server (Dial In) Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.3.36
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : example.example.com
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-14-22-22-64-5E
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.3.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.3.1
   DNS Servers . . . . . . . . . . . : 192.168.3.2
0
 
LVL 1

Author Comment

by:lbeg
ID: 17163492
Also, when I say vpn connections only work with Linksys brand, I mean the vpn connection can only access ip addresses, not netbios or fqdn. The problem therein lies in that most people only know network addresses by their name, not ip address.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17163806
Are you using WINS on your network?  If so, you should define that in the NIC's settings which will allow remote users to see network resources.

Jeff
TechSoEasy
0
 
LVL 26

Expert Comment

by:Vahik
ID: 17164121
1- make sure RRAS is listed in the RAS and IAS servers security group
2- make sure your binding order is correct
3- and -4 (i am no expret and must be checked by TechSoEasy or firewall gurus)

3-clients making a connection through VPN must be on diffrent subnet than the one used by ur internal clients..
4-ur internal and external NIC cards should also be on diffrent subnets...

i am no expert in firewall\VPNs ....just making some general comments....
take care and good luck.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 17164718
Actually, 2 & 4 above do not apply because there is only one NIC in the server.  The other interface is the PPTP one.

#3 above would be something to look out for, except that Belkin and D-Link routers don't use 192.168.3.x by default, so I don't think that would be a problem.

But this triggers a few thoughts for me...  

I think the answer may lay in either the configuration of the Fortigate and the way the clients are configured to connect through it, or it may have to do with GRE Protocol 47 not being enabled.

So, first make sure that the Fortigate is properly configured:  http://kc.forticare.com/default.asp?id=1700&SID=&Lang=1

And make sure you have the remote clients configured to default to the remote gateway: http://kc.forticare.com/default.asp?SID=&Lang=1&id=1564

Then, make sure that GRE Protocol 47 is enabled.  This is not port 47, and is often termed in router firmware as "enable PPTP VPN Passthrough" or some such wording.

Jeff
TechSoEasy
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question