Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 710
  • Last Modified:

VPN Connections

Hi
Iam new to Networking.Though i have done the MCSE training,certain tasks prove so challenging.I have been given a task of setting up some form of VPN to members of staff at a small company..I have 5 routers;
1.Intelligent Gateway 1800
2.Linksys WRT54g router
3.Linksys WAG354G ADSL router
4.Sparkcom ADSL Router
5.D-Link DI-524 Wireless Router
all i need to do is provide users with a VPN connections to a server running windows 2003 that stores a Database.There will only be a max of 10 concurrent connections to the server via VPN at any one time.These clients will connect either from their homes or on the road where ever they have internet connections.We use the Intelligent gateway to connect to the internet.This gateway connects to a LAN so all of our pcs at the office connect to the net through the Broadband Router.Is it possible for me to use any of these routers to configure VPN connections?If so can someone  please take me through the process so i can clearly understand what iam supposed to do? .I need a Hardware related VPN than software coz i want use this as an opportunity to learn how these devices are configured.I can also do with some knowledge of DMZ and how to configure it.A simple sketch using arrows would be:
Mobile users------->ISP------>internet----ISP---inelligent gateway Router------>Swich(LAN)------->Win2003 and other pcs

Your help will be higly appreciated.
Jmaambo
0
Jmaambo
Asked:
Jmaambo
  • 7
  • 7
3 Solutions
 
Rob WilliamsCommented:
To the best of my knowledge, none of these routers are VPN routers, therefore they cannot be the VPN endpoint. You would need to buy something different such as a Linksys RV042, Cisco router or another. That is not to say you cannot set up a VPN.
You can create a VPN connection/endpoint on the 2003 server and the router can be configured to forward the VPN traffic to the VPN server allowing remote VPN connections.
It is quite straight forward to set up. The basic server and client configurations can be found at the following sites with good detail:
Server 2003 configuration:
http://www.lan-2-wan.com/vpns-RRAS-1nic.htm
Windows XP client configuration:
http://www.onecomputerguy.com/networking/xp_vpn.htm
You will also have to configure the router to forward the VPN traffic to the server. This is done by enabling on your router VPN or PPTP pass-through, and also forwarding port 1723 traffic to the server's IP. For details as to how to configure the port forwarding, click on the link for your router (assuming it is present) on the following page:
http://www.portforward.com/english/applications/port_forwarding/PPTP/PPTPindex.htm
The only other thing to remember is the subnet you use at the remote office needs to be different than the server end. For example if you are using 192.168.1.x at the office , the remote should be something like 192.168.2.x

Once this is configured you can then use services similar to how you would on the local network. You will not be able to browse the network unless you have a WINS server installed. Also depending on your network configuration you may have problems connecting to devices by name, though this can usually be configured.. Using the IP address is less problematic such as \\192.168.1.111\SharenName.

Should you by any chance be using Small Business Server 2003, it needs to be configured slightly differently. You can ignore the above links and follow the instructions here:
http://www.lan-2-wan.com/SBS-VPN-instr.htm


0
 
JmaamboAuthor Commented:
Thanks for the Response,i will try the options above and report back on the progress.Am using windows 2003 server(not small business)
Jmaambo
0
 
Rob WilliamsCommented:
Great, let us know how you make out.
--Rob
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
JmaamboAuthor Commented:
I have configured the win 2003 server as instructed above.I have not made any changes to the default settings on the RRAS server.I have set the port forwarding according to the 2Wire instrictions above.
I have also configured one of the XP clients.I tried to initiate a connection from this XP client computer within the network,it goes all the way to displaying the message "Verifying username and Password..."and then displays"Disconnected:Error721:the remote computer did not respond"I do not know what i have not done right here,Lets hear from you experts.
Thanks
0
 
Rob WilliamsCommented:
A 721 error indicates GRE, protocol 47 (not port 47) is being blocked. There may be an option "enable PPTP pass-through" or "Enable VPN pass-through" on the 2-wire. It is different on different routers. also many routers do not support GRE.

>>"I tried to initiate a connection from this XP client computer within the network,it "
Though it shouldn't result in a 721 error, you have to be off site (outside of the 2-wire router) to test.

0
 
JmaamboAuthor Commented:
I will try to connect from outside and see what happens,for now let me go to the 2-wire firewall settings and check the settings, but then i followed all the instructions listed in the link you gave me.
Will update you,let me try again
thanks
0
 
Rob WilliamsCommented:
>>"followed all the instructions listed in the link you gave me."
Unfortunately the link (PortForward.com) doesn't show GRE configurations.
0
 
JmaamboAuthor Commented:
I have tried to look at the firewall settings  on the router to try and look for the option to allow GRE configurations.Am unable to correct the error 721.What other options do i have to come around this error?I tested the connection from outside the network but same error.
0
 
Rob WilliamsCommented:
No way around it, one way or another you need to enable GRE pass-through.
Doing a little digging it seems some of the 2wires have a pass-through option you can enable.
Not all 2wires support GRE, I couldn't find out if yours does.
It's also possible the ISP doesn't support GRE/PPTP, though rare, some do not.
Your configuration is as shown above, no other router between the Internet and the server? PPTP/GRE does not like multiple routers.
Can you try one of your other routers to see if it supports GRE?
0
 
JmaamboAuthor Commented:
It seems this Router am using is abit tricky,i will try the Linksys WAG354G and see if it will allow it.As i was doing some more research,i came across this link where this guy explains a problem similar to mine.He is using a 2wire router but a different version.have a look at this,he talks about enabling the passthrough option which i assumed was on one of the pages on this router.here is the link:
http://www.governmentsecurity.org/archive/t15714.html

0
 
JmaamboAuthor Commented:
by the way!no other router connected,what i have is :
Internet-----2Wire----->switch----->-Pcs
0
 
Rob WilliamsCommented:
Yes, I saw that page when I was digging, but there are quite a few models.
0
 
JmaamboAuthor Commented:
Rob
Thanks for all the help,you have been Excellent,I eventually just followed your advice to change the router from 2wire to Linksys WAG354G.I followed the instructions in the link and 'Bung! game on! established the connection instantly from even inside the network.I havent tested it from the outside but i guess it will still work.One more thing please Rob,What advice can you give me with regard to the security of the VPN,how do i configure the security on these connections,what approach to security should i take?
Many that for the solution
0
 
Rob WilliamsCommented:
There is really only two major concerns with VPN security;
-everybody has the Windows VPN client, therefore it is important to use strong passwords, and keep them protected
-all traffic in a VPN tunnel is encrypted and therefore protected, but the tunnel itself is a wide open back door to your network, from the remote location. Try to control what hardware users are using to connect to your network. I won't allow users to use their home, family computer that Johny uses to play on-line games. If that computer were compromised, your network could become compromised. You have now placed a remote computer dead center in your business network. Treat it as such.
On the same note; there is a security feature in the VPN client that blocks local connections, including local Internet access, to protect the office/remote network. I recommend keeping this enabled, it is by default. It is located on the client in; control panel | network connections | right click on the VPN/Virtual adapter and choose properties | Networking | TCP/IP -properties | Advanced | General | leave enabled/checked "Use default gateway on remote network"

There are also more secure VPN's that use IPSec and certificates if really concerned, but you need more expensive equipment.
Thanks Jmaambo.
Cheers !
--Rob

0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 7
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now