Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 746
  • Last Modified:

Set up Router to allow VPN access

I have configured ISA 2004 on a Win2K server for VPN access, does anyone know what I need to set on the router (Vigor 2810) to make this work?

Thanks
0
HKFuey
Asked:
HKFuey
  • 7
  • 5
  • 5
1 Solution
 
gzarnickCommented:
Make sure you have port 1723 open
0
 
gzarnickCommented:
If your router has services listed then you need PPTP open with GRE.
0
 
HKFueyAuthor Commented:
OK, I have unchecked the VPN services in the router and done a port redirect to local computer (ISA 2004, 192.168.1.238) and also opened port 1723.
When I query the ISA logs after trying to connect from an external source I see nothing so I assume the router is still blocking the VPN inbound.
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
gzarnickCommented:
Don't uncheck the VPN services in the router.  Make sure the ports in the router are open as well as the ports in ISA.  You want to make sure that the PPTP tunnel is able to go inbound and outbound.
0
 
HKFueyAuthor Commented:
mmm not sure about that, see note on VPN page. ISA server is on the LAN so I want VPN pass through?
Router.bmp
0
 
gzarnickCommented:
I would enable PPTP VPN Service.  You're not really running a VPN server on your LAN.  You are allowing to go through with ISA but the server running it is the router.
0
 
HKFueyAuthor Commented:
I tried it both ways, I can't get a connection. Not showing on ISA logs so I asume router is still blocking.
0
 
gzarnickCommented:
http://www.draytek.co.uk/support/kb_vigor_vpncheck.html

Check out that page and see if it will help.
0
 
plug1Commented:
You  NEED to uncheck the pptp services as you already have done, the only other thing is to redirect port 1723 to the server can you post your config of that. I haver this working on a few 2820's so I can post my configs up if need be. TBH though in your situation Id be looking at ISA blocking the VPN before the router.
0
 
HKFueyAuthor Commented:
Hi chaps, I have already redirected port 1723 from one of the WAN ip alias's to the local IP.
I used this article which is quite easy to follow to set up ISA for VPN: -
http://www.isaserver.org/articles/2004vpnserver.html
I get to the part where you test the VPN on the local network and I still get no connection.
I think maybe I have the network settings wrong on the 2 ISA NICS??
0
 
plug1Commented:
Easy way to test it is to try and VPN in locally, take the internet out of the equation, make sure vpns are allowed on both NIC's.
0
 
HKFueyAuthor Commented:
VPN local does not work.
 Have gone through the setup as defined here: - http://www.isaserver.org/tutorials/Configuring_ISA_Server_Interface_Settings.html
But I get this error:-
Technical Information (for support personnel) Error Code 12206: Proxy chain loop Background: The gateway has detected a proxy chain loop. This condition might indicate a configuration problem on a proxy server. Date: 19/11/2008 08:39:00 Server: Users.xxxxxxxx.com Source: Proxy
 
0
 
plug1Commented:
Can you post an IPCONFIG /ALL from the ISA box?
0
 
HKFueyAuthor Commented:
Windows 2000 IP Configuration
        Host Name . . . . . . . . . . . . : Users
        Primary DNS Suffix  . . . . . . . : ######.com
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : Yes
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : ######.com
Ethernet adapter Int:
        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Allied Telesyn AT-2700TX PCI 10/100
Ethernet Adapter
        Physical Address. . . . . . . . . : 00-30-84-6D-E2-A9
        DHCP Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.1.238
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . : 192.168.1.251
                                            192.168.1.1
        Primary WINS Server . . . . . . . : 150.0.0.130
Ethernet adapter Ext:
        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Intel(R) PRO/100+ Server Adapter (PI
LA8470B)
        Physical Address. . . . . . . . . : 00-02-B3-65-6D-E2
        DHCP Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : ########.253
        Subnet Mask . . . . . . . . . . . : 255.255.255.248
        IP Address. . . . . . . . . . . . : ########.252
        Subnet Mask . . . . . . . . . . . : 255.255.255.248
        IP Address. . . . . . . . . . . . : ########.251
        Subnet Mask . . . . . . . . . . . : 255.255.255.248
        IP Address. . . . . . . . . . . . : ########.250
        Subnet Mask . . . . . . . . . . . : 255.255.255.248
        IP Address. . . . . . . . . . . . : ########.249
        Subnet Mask . . . . . . . . . . . : 255.255.255.248
        Default Gateway . . . . . . . . . : 192.168.1.1
        DNS Servers . . . . . . . . . . . :
        NetBIOS over Tcpip. . . . . . . . : Disabled
0
 
plug1Commented:
I take it the blocked out address's arent on the subnet 192.168.1.0? It looks to me like the are as the default gateway is 192.168.1.1. If thats the case then thats why its not working, the external adapter needs a different range than the internal so if the internal is 192.168.1.2 then the external HAS to be on another subnet I.E 10.1.1.0 or 192.168.100.0.

It wont work otherwise.
0
 
HKFueyAuthor Commented:
I also tried the external address of the router as the default gateway on the external nic:  217.xxx.xxx.254 (with 255.255.225.248 as the subnet)
0
 
plug1Commented:
what is the actual address of the external nic at the moment? Change it slightly if you feel you have to but only by 1 digit.
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

  • 7
  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now