• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4479
  • Last Modified:

xp vpn server behind BEFSR81 router with NAT

I'm trying to setup a VPN between my home network and my office. I can remote desktop to (1) fine from (6), forwarding TCP 3389 in router (2) just fine.

-----------------------HOME-------------------------------- Internet --------------------------- Office ----------------------------
1. XP sp2 ----- 2. BEFSR81 ----- 3. Cable Modem ----- Internet ----- 4. Verison DSL ----- 5. DLink Router ----- 6. XP sp2

1. XP Pro VPN Server, Static IP, Windows Firewall Ports TCP 1723, UDP 500 open
2. Linksys Befsr81 v.3 latest firmware. PPTP forwarding enabled, forwarding 1723, 500 to xp vpn server
3. Comcast RCA modem model unknown for now
4. Verison Westel DSL Modem
5. DLink router, model unknown
6. my office XP Pro sp2

I know there is NAT taking place between (1) and (2). I don't want to place a single machine in the Linksys DMZ. The error I'm getting when I try to connect to (1) from (6) is 800. The VPN connection doesn't even seem to see the router (2).

Have tried to find an answer in this database, so now I ask the question. what am I missing?
  • 2
2 Solutions
LucFEMEA Server EngineerCommented:
Hello trbagpiper,

I see you've opened up port 1723 TCP which is used for PPTP connections and port 500 UDP which is for IPSec connections, please verify which one you really need to have opened up. (and also, please mention which location you're using as a server)
Apart from this, I'm guessing that both Windows XP computers are in the 192.168.1.x subnet which will cause your VPN not to work, please move one of them out of that range by changing the local subnet on one end.


Rob WilliamsCommented:
A few suggestions:
You can confirm the XP VPN server and client configurations at:

-I assume the port forwarding method is fine where your RD works fine.
-You need PPTP pass-through enabled on #2 as you have done, and some folks also recomend doing so on #5 As LucF, stated you do not need UDP 500 as you are using PPTP not IPSec (Windows client)
-You do not need to remove #2 NAT but you shouldn't have multiple NAT devices at one end. If either modem is a combined modem and router it should be put in Bridge mode. I believe the Westell is one of these units, the Comcast is likely a basic modem. Westel instructions:
-Some routers do not support VPN pass-through. Verify the D-Link model is OK, the Linksys should be fine.
-Try disabling the Windows firewall on #1, you may be still be blocking GRE (the PPTP encapsulation protocol)
-A few ISP's do not support PPTP. If still having problems verify with your service providers that they are not blocking that service.
Rob WilliamsCommented:
trbagpiper, were you able to get your VPN functioning?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now