Solved

How to VPN through DirecWay DW7000 (HN7000) Satellite connection to Windows 2003 RRAS PPTP or L2TP VPN

Posted on 2006-11-22
5
454 Views
Last Modified: 2008-02-01
The title says it all. We're connecting to the vpn host, but not getting beyond authentication. Has anybody successfully done this? Must I enable PAP authentication on the RRAS server?
0
Comment
Question by:jhafer2802
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17999278
Often times a VPN is not possible over a satellite connection for 2 reasons.
1) The basic design of satellite networks causes significant end to end propagation delays that results in ping replies which are often between 300 and 500ms which  drastically degrades performance (should be no more than 125ms)  
2) the satellite connection will often not support various encryption protocols such as PPTP and IPSec
A couple of articles explaining some of these difficulties:
http://compnetworking.about.com/od/vpn/f/vpnandsatellite.htm
http://www.agristar.com/satellite_vpn.shtml
http://forum.ecoustics.com/bbs/messages/34579/127542.html
0
 

Author Comment

by:jhafer2802
ID: 18000711
According to the DirecWay/HughesNet support pages, it is possible to make a VPN connection to a Windows RRAS VPN, although performance can be expected to be reduced by aproximately 50%. They do not however provide specific documentation of the configuration required to make said connection. I am able to make an initial connection to the RRAS server, which prompts for authentication, but the authentication fails with an error 721.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 75 total points
ID: 18000733
The 721 error almost certainly indicates that the GRE protocol is being blocked at some point. Check that all routers have PPTP pass-through enabled, if possible. Since you mention " DirecWay/HughesNet support pages, it is possible to make a VPN connection to a Windows RRAS VPN" they seem to support PPTP/GRE. However with 50% loss in performance it may be difficult to maintain the connection.

There are a couple of tests you can do to check if port forwarding for PPTP is configured correctly and that GRE is allowed to pass.

To verify PPTP, port 1723, is forwarded; from the VPN server go to the following site and test for port 1723:
http://www.canyouseeme.org

Assuming that is working correctly, Microsoft has a pair of test tools pptpsrv and pptpclnt, to test for GRE pass-through, which are available as part of the Windows resource kit or from:
http://www3.ns.sympatico.ca/malagash/Downloads/Net/

Log onto the client or VPN server machine and connect to the other with remote desktop, or a similar remote management tool. At a command line on the client machine, run pptpclnt and on the server run pptpsrv. The client machine will send a set of GRE packets to the server and it should show as received if GRE is able to pass. The server is then supposed to respond and the client indicate received, but I have never had that part work. The one direction client to server is usually enough to test.

Following links outline the use of the test tools:
http://www.howtonetworking.com/Tools/testgre.htm
See VPN traffic:
http://www.microsoft.com/technet/community/columns/cableguy/cg0105.mspx
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question