[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 7482
  • Last Modified:

VPN into SMC8014 Router How To Instructions

We have a small business with a Comcast SMC8014 Router.  I would like to be able to vpn into 1 computer from home.  It gets confusing when I read the documentation about port forwarding, etc.  We dont have a server but just a mix of XP Home, XP Pro and W2000 machines.  I would really appreciate some step by step procedures on settings to put into the router to accomplish this.
0
mstep3
Asked:
mstep3
  • 5
  • 3
  • 2
1 Solution
 
Rob WilliamsCommented:
I don't believe you have a VPN router, so you will need to make the machine to which you want to connect a VPN server. See the following site for details:
http://www.onecomputerguy.com/networking/xp_vpn_server.htm

You also need to forward port 1723, and GRE from the router to the PC you are connecting to. Depending on the router, GRE may be a specific command, or is often labeled "PPTP pass-through". For many routers detailed instruction for port forwarding of port 1723 can be found by going to the following link:
http://www.portforward.com/english/applications/port_forwarding/PPTP/PPTPindex.htm
Your router does not seem to be present, but perhaps one of the SMC's present, is similar.

Then you need to configure the client on the connecting PC:
http://www.onecomputerguy.com/networking/xp_vpn.htm


Another option is to use a 3rd party service that does not require port forwarding such as LogMeIn
http://www.logmein.com
or their VPN service:
http://www.hamachi.cc
0
 
mstep3Author Commented:
Thanks RobWill....good info.  One question from item 3 in your list about configuring the client on the connecting pc.  When I set up the vpn on the connecting machine which ip do I use?   We have one static ip assigned to us by comcast.  Then we have the internal ip for the vpn server.
0
 
Rob WilliamsCommented:
To connect you use the external static IP.
Once the VPN is established you can connect to devices on the remote LAN using the local LAN IP, as if you were on the same network.

Something I failed to mention; the subnets used at the two sites must be different. i.e. both sites cannot use something like 192.168.1.x. I recommend somthing uncommon like 192.168.100.x at one site and 192.168.200.x at the otther. This may mean reconfiguring your existing LAN/s. Not to worry if they are different, but if the same, one or the other will have to be changed.
0
Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

 
mstep3Author Commented:
Much thanks for the help thus far.  I was able to connect by enabling DMZ but unable to get port forwarding to work.  That tells me it's a port thing.  Got 1723 and 500 open.  Anything I might be missing.
0
 
Rob WilliamsCommented:
You don't need 500, that is for an IPSec VPN. However you need GRE, protocol 47 (not port 47). There is often an option to enable with "PPTP pass-through", "VPN pass-through", or similar. Then again some routers do not support it at all. Is there an on-line manual for your router? I was unable to find one.

What do you get for an error when the connection fails? Usually if GRE is the only problem you will get a 721 error.
0
 
mstep3Author Commented:
I found another post that had the same router and same problem.  There is no way to allow IPSEC passthrough.   My rounter is listed on SMC's web site but the documention is for another rounter.  I think comcast got a scaled back rounter.  I'm going to call on Monday and complain and see they will upgrade it.   Thanks for all your help.
0
 
Rob WilliamsCommented:
You don't need IPSec pass-through, but you do need PPTP passthrough, for your configuration.
The SMC website states that the SMC8014W-G does support PPTP and IPSec pass-through, but different models may offer different features.
The other possibility is some ISP's do not support PPTP. Comcast is one of these, but only some times. Their commercial accounts seem fine, but in the New England area they do not always support it on residential type accounts.

One final thought; it is important there is only one router between the vPN "server" and the internet, so that the router 's WAN interface has a public IP. If it has a private IP, the modem may need to be put in bridge mode.

Good luck with it mstep3.
Thanks,
--Rob
0
 
berkslawCommented:
I disagree with the conclusion of the expert here.  If you log in to the SMC Router as a comcast admin using the MSO account, you can enable the VPN features that are built into the 8014.  Also, check out the router's help file:

Feature Settings -> VPN -> IPSec Configuration -> Tunnel List  

In this page, users can view the VPN tunnels that have been configured on the gateway. The info includes the remote node's ID and IP address, and its current status. Users can also negotiate the tunnel, or break the existing tunnel by the pull down menu in the "Action" field. A keep alive feature is available that allows a tunnel to automatically be re-established if broken. Clicking the "Reconnect" checkbox will enable that. Users can create a tunnel by pressing the "Add New" button. If users want to edit the existing tunnel, they can select the tunnel which they want to edit and then press the "Edit" button. Users can also delete the existing tunnel by selecting the tunnel and pressing the "Delete" button.

Feature Settings -> VPN -> IPSec Configuration -> Tunnel Add/Edit  

In this page, users need to provide some basic information which is necessary for building a tunnel.
1.      Local Host Setting/Intranet Configuration : This is the basic information for the local site of the VPN tunnel. Users need to provide the local ID and specify its format/ID Type (e.g. email, like a@a.com, IPv4 address, like 10.10.10.10, or fully qualified domain name like example.com). Users must be sure that the format and value of the "local ID" of the local site must be the same as the "remote ID" of the remote site for the VPN tunnel. Then the intranet subnet and intranet subnet mask are used together to define the local network which should be assigned for the VPN tunnel.

2.      Remote Gateway: In this table, users should provide the "remote ID" for the VPN tunnel which should be the same as the "local ID" of the remote site. The ID type must also be specified as email, IPv4, or fully qualified domain name. Users need to provide the IP of the remote gateway of the VPN tunnel.

3.      Key Management/IKE and IPSec : The parameters of these two are used for tunnel negotiation and data encryption after the tunnel is built. Please note that some gateways need to have a precise match for this setting in order to operate properly. Also the pre-shared key for authentication is defined here. Currently, only Pre-Shared key is supported for authentication. Users must have the same key for both sites of the VPN tunnel.

4.      Tunnel Remote Host Configuration: Users can define the remote hosts which they want to access for the VPN tunnel. A maximum of three ranges or subnets are allowed. Users need to note that these settings must be inside of the allowed intranet range in the remote site's configuration.

5.      Tunnel Local Host Access Control List: Users define which subnet or which local IP range will have the access to participate in the VPN Tunnel.
If everything is set properly, press the Apply button to add the tunnel. This page then would be replaced by "VPN - IPsec Tunnel Configuration" page.


Feature Settings -> VPN -> PPTP/L2TP Configuration  

Remote users can connect to the workplace gateway via PPTP or L2TP over IPSec VPN tunnel. In this page, login accounts can be created for remote PPTP/L2TP over IPSec users.
1.      Enter the L2TP over IPSec Pre-Shared Phrase.

2.      Type the Username and Password you would like added to the PPTP user list. Click Add.

3.      Click Apply



I am trying to use the 8014 to act as a VPN server and would greatly appreciate some assistance.

0
 
Rob WilliamsCommented:
Hi berkslaw.
This question was closed 4 years ago. You will need to open a new question of your own.
Cheers.
--Rob
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 5
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now