• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4408
  • Last Modified:

xp vpn server behind BEFSR81 router with NAT

I'm trying to setup a VPN between my home network and my office. I can remote desktop to (1) fine from (6), forwarding TCP 3389 in router (2) just fine.

-----------------------HOME-------------------------------- Internet --------------------------- Office ----------------------------
1. XP sp2 ----- 2. BEFSR81 ----- 3. Cable Modem ----- Internet ----- 4. Verison DSL ----- 5. DLink Router ----- 6. XP sp2

1. XP Pro VPN Server, Static IP, Windows Firewall Ports TCP 1723, UDP 500 open
2. Linksys Befsr81 v.3 latest firmware. PPTP forwarding enabled, forwarding 1723, 500 to xp vpn server
3. Comcast RCA modem model unknown for now
4. Verison Westel DSL Modem
5. DLink router, model unknown
6. my office XP Pro sp2

I know there is NAT taking place between (1) and (2). I don't want to place a single machine in the Linksys DMZ. The error I'm getting when I try to connect to (1) from (6) is 800. The VPN connection doesn't even seem to see the router (2).

Have tried to find an answer in this database, so now I ask the question. what am I missing?
0
trbagpiper
Asked:
trbagpiper
  • 2
2 Solutions
 
LucFCommented:
Hello trbagpiper,

I see you've opened up port 1723 TCP which is used for PPTP connections and port 500 UDP which is for IPSec connections, please verify which one you really need to have opened up. (and also, please mention which location you're using as a server)
Apart from this, I'm guessing that both Windows XP computers are in the 192.168.1.x subnet which will cause your VPN not to work, please move one of them out of that range by changing the local subnet on one end.

Greetings,

LucF
0
 
Rob WilliamsCommented:
A few suggestions:
You can confirm the XP VPN server and client configurations at:
http://www.onecomputerguy.com/networking/xp_vpn_server.htm
http://www.onecomputerguy.com/networking/xp_vpn.htm

-I assume the port forwarding method is fine where your RD works fine.
-You need PPTP pass-through enabled on #2 as you have done, and some folks also recomend doing so on #5 As LucF, stated you do not need UDP 500 as you are using PPTP not IPSec (Windows client)
-You do not need to remove #2 NAT but you shouldn't have multiple NAT devices at one end. If either modem is a combined modem and router it should be put in Bridge mode. I believe the Westell is one of these units, the Comcast is likely a basic modem. Westel instructions:
http://www.broadbandreports.com/faq/6323
-Some routers do not support VPN pass-through. Verify the D-Link model is OK, the Linksys should be fine.
-Try disabling the Windows firewall on #1, you may be still be blocking GRE (the PPTP encapsulation protocol)
-A few ISP's do not support PPTP. If still having problems verify with your service providers that they are not blocking that service.
0
 
Rob WilliamsCommented:
trbagpiper, were you able to get your VPN functioning?
--Rob
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now