Solved

Windows Server 2003 - RRAS VPN connections only work through Linksys brand home routers...

Posted on 2006-07-22
8
906 Views
Last Modified: 2010-08-05
RRAS VPN connections only work through Linksys brand home routers and I can't figure out why. It could be in server rras properties or the network configuration; either way, why is this happening and is there a solution to this problem, so all home routers (dlink, belkin, etc.) can connect?

General Properties:
Windows Server 2003
Service - Routing and Remote Access using pptp protocol
Fortigate firewall
static t1

Properties for RRAS:
enabled as a router with LAN routing only
enabled as Remote Access Server
Uses Windows Authentication / Windows Accounting
IP routing enabled
Allows ip-based and demand-dial remote interface connections
Server assigns addresses using dhcp
Broadcast name resolution enabled
PPP: multilink connections enabled, dynamic bandwidth control using BAP or BACP enabled, LCP extensions enabled, software compression enabled

Properties for networking:
PPTP (1723) forwarded (ext --> int) to the rras ip address
ext. subnet: 255.255.255.252
int. subnet: 255.255.255.0
int. scope: 192.168.3.x
0
Comment
Question by:lbeg
  • 3
  • 2
8 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17162297
Can you please post a complete IPCONFIG /ALL from your server?  While there is nothing in an IPCONFIG /ALL that would compromise the security of your network (this is the most often requested output in any support forum), there may be items which would provide your identity and therefore compromise your privacy if that is of concern.

Therefore, if you feel that it's necessary, you can modify the domain name, but please only modify anything that is identifiable to something generic.  Such as changing TechSoEasy.local to MyCompany.local.  If you have any public IP addresses, please just replace the last two octets with ***.***, and some people do not like to have the MAC (Physical) address shown... if you like, just modify he last few sections of these to **-**-**.

Jeff
TechSoEasy
0
 
LVL 1

Author Comment

by:lbeg
ID: 17163480
Windows IP Configuration

   Host Name . . . . . . . . . . . . : server
   Primary Dns Suffix  . . . . . . . : example.example.com
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : example.example.com

PPP adapter RAS Server (Dial In) Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.3.36
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : example.example.com
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-14-22-22-64-5E
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.3.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.3.1
   DNS Servers . . . . . . . . . . . : 192.168.3.2
0
 
LVL 1

Author Comment

by:lbeg
ID: 17163492
Also, when I say vpn connections only work with Linksys brand, I mean the vpn connection can only access ip addresses, not netbios or fqdn. The problem therein lies in that most people only know network addresses by their name, not ip address.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17163806
Are you using WINS on your network?  If so, you should define that in the NIC's settings which will allow remote users to see network resources.

Jeff
TechSoEasy
0
 
LVL 26

Expert Comment

by:Vahik
ID: 17164121
1- make sure RRAS is listed in the RAS and IAS servers security group
2- make sure your binding order is correct
3- and -4 (i am no expret and must be checked by TechSoEasy or firewall gurus)

3-clients making a connection through VPN must be on diffrent subnet than the one used by ur internal clients..
4-ur internal and external NIC cards should also be on diffrent subnets...

i am no expert in firewall\VPNs ....just making some general comments....
take care and good luck.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 17164718
Actually, 2 & 4 above do not apply because there is only one NIC in the server.  The other interface is the PPTP one.

#3 above would be something to look out for, except that Belkin and D-Link routers don't use 192.168.3.x by default, so I don't think that would be a problem.

But this triggers a few thoughts for me...  

I think the answer may lay in either the configuration of the Fortigate and the way the clients are configured to connect through it, or it may have to do with GRE Protocol 47 not being enabled.

So, first make sure that the Fortigate is properly configured:  http://kc.forticare.com/default.asp?id=1700&SID=&Lang=1

And make sure you have the remote clients configured to default to the remote gateway: http://kc.forticare.com/default.asp?SID=&Lang=1&id=1564

Then, make sure that GRE Protocol 47 is enabled.  This is not port 47, and is often termed in router firmware as "enable PPTP VPN Passthrough" or some such wording.

Jeff
TechSoEasy
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

I have never ceased to be amazed how many problems you can encounter on a fresh install of a Windows operating system.  This is certainly case in point& Unable to complete ANY MSI installation.  This means Windows Updates are failing and I can't …
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video discusses moving either the default database or any database to a new volume.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now