Solved

Windows Server 2003 - RRAS VPN connections only work through Linksys brand home routers...

Posted on 2006-07-22
8
908 Views
Last Modified: 2010-08-05
RRAS VPN connections only work through Linksys brand home routers and I can't figure out why. It could be in server rras properties or the network configuration; either way, why is this happening and is there a solution to this problem, so all home routers (dlink, belkin, etc.) can connect?

General Properties:
Windows Server 2003
Service - Routing and Remote Access using pptp protocol
Fortigate firewall
static t1

Properties for RRAS:
enabled as a router with LAN routing only
enabled as Remote Access Server
Uses Windows Authentication / Windows Accounting
IP routing enabled
Allows ip-based and demand-dial remote interface connections
Server assigns addresses using dhcp
Broadcast name resolution enabled
PPP: multilink connections enabled, dynamic bandwidth control using BAP or BACP enabled, LCP extensions enabled, software compression enabled

Properties for networking:
PPTP (1723) forwarded (ext --> int) to the rras ip address
ext. subnet: 255.255.255.252
int. subnet: 255.255.255.0
int. scope: 192.168.3.x
0
Comment
Question by:lbeg
  • 3
  • 2
8 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17162297
Can you please post a complete IPCONFIG /ALL from your server?  While there is nothing in an IPCONFIG /ALL that would compromise the security of your network (this is the most often requested output in any support forum), there may be items which would provide your identity and therefore compromise your privacy if that is of concern.

Therefore, if you feel that it's necessary, you can modify the domain name, but please only modify anything that is identifiable to something generic.  Such as changing TechSoEasy.local to MyCompany.local.  If you have any public IP addresses, please just replace the last two octets with ***.***, and some people do not like to have the MAC (Physical) address shown... if you like, just modify he last few sections of these to **-**-**.

Jeff
TechSoEasy
0
 
LVL 1

Author Comment

by:lbeg
ID: 17163480
Windows IP Configuration

   Host Name . . . . . . . . . . . . : server
   Primary Dns Suffix  . . . . . . . : example.example.com
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : example.example.com

PPP adapter RAS Server (Dial In) Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.3.36
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : example.example.com
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-14-22-22-64-5E
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.3.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.3.1
   DNS Servers . . . . . . . . . . . : 192.168.3.2
0
 
LVL 1

Author Comment

by:lbeg
ID: 17163492
Also, when I say vpn connections only work with Linksys brand, I mean the vpn connection can only access ip addresses, not netbios or fqdn. The problem therein lies in that most people only know network addresses by their name, not ip address.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17163806
Are you using WINS on your network?  If so, you should define that in the NIC's settings which will allow remote users to see network resources.

Jeff
TechSoEasy
0
 
LVL 26

Expert Comment

by:Vahik
ID: 17164121
1- make sure RRAS is listed in the RAS and IAS servers security group
2- make sure your binding order is correct
3- and -4 (i am no expret and must be checked by TechSoEasy or firewall gurus)

3-clients making a connection through VPN must be on diffrent subnet than the one used by ur internal clients..
4-ur internal and external NIC cards should also be on diffrent subnets...

i am no expert in firewall\VPNs ....just making some general comments....
take care and good luck.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 17164718
Actually, 2 & 4 above do not apply because there is only one NIC in the server.  The other interface is the PPTP one.

#3 above would be something to look out for, except that Belkin and D-Link routers don't use 192.168.3.x by default, so I don't think that would be a problem.

But this triggers a few thoughts for me...  

I think the answer may lay in either the configuration of the Fortigate and the way the clients are configured to connect through it, or it may have to do with GRE Protocol 47 not being enabled.

So, first make sure that the Fortigate is properly configured:  http://kc.forticare.com/default.asp?id=1700&SID=&Lang=1

And make sure you have the remote clients configured to default to the remote gateway: http://kc.forticare.com/default.asp?SID=&Lang=1&id=1564

Then, make sure that GRE Protocol 47 is enabled.  This is not port 47, and is often termed in router firmware as "enable PPTP VPN Passthrough" or some such wording.

Jeff
TechSoEasy
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question