Can't establish VPN Connection to Windows 2003 Server R2 via ADSL Modem/Router
Posted on 2006-11-26
I've setup a Windows 2003 R2 Server with 2 NICs.
The "Downlink to LAN" NIC is at 192.168.0.128, and the "Uplink to Router" NIC is at 10.0.0.128. DHCP is setup to issue addys from 10.0.0.1 to 10.0.0.127, and is working perfectly. The server has a handfull of WinXP clients attached and is issuing IPs just fine - and these clients can access the outside world just fine through the router at 192.168.0.254
I setup Routing and Remote access to use L2TP & CHAP V2 (with a pre-shared key).
I setup the Router to pass on port TCP 1723 to my Server and (at this stage) I've turned off the firewall while I get to the bottom of this. Router is assigned a static IP addy by the ISP, and I've verified that I can ping the router through the internet (when firewall is switched off).
I've given myself dial in permissions, and those permissions will be bypassing any remote access policy.
If I configure my laptop with a 192.168.0.x address - plug it into the server's "uplink to Router" segment I can connect just fine - but when I try to establish a connection via the internet (dial up or ADSL) it basically just somes back with a message to the effect of "failed security negotiations at an early stage", although on the dial up connection I can see a "healthy" exchange of packets on the "modem lights" (in the tray area)
I suspected the router, but I'm having 2nd thoughts ... I've had a similar one work fine with only port 1723 forwarded, and at one stage (out of frustration) I told NAT to forward EVERYTHING to the server - still didn't work.
On the server side of things all firewalls are turned off, and the logs (event and R&RA) aren't showing anything - almost as if the server just isn't aware of the attempt - so I'm going in circles here.
Would be great if anyone could: (a) Come up with a good thought as to why it works when I hand a box off the same subnet, and (b) Tell me all the ports that need to be open and forwarded to authenticate successfully via only CHAP V2.
Many many thanks!!!