Set up Router to allow VPN access

I have configured ISA 2004 on a Win2K server for VPN access, does anyone know what I need to set on the router (Vigor 2810) to make this work?

Thanks
HKFueyAsked:
Who is Participating?
 
plug1Connect With a Mentor Commented:
I take it the blocked out address's arent on the subnet 192.168.1.0? It looks to me like the are as the default gateway is 192.168.1.1. If thats the case then thats why its not working, the external adapter needs a different range than the internal so if the internal is 192.168.1.2 then the external HAS to be on another subnet I.E 10.1.1.0 or 192.168.100.0.

It wont work otherwise.
0
 
gzarnickCommented:
Make sure you have port 1723 open
0
 
gzarnickCommented:
If your router has services listed then you need PPTP open with GRE.
0
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

 
HKFueyAuthor Commented:
OK, I have unchecked the VPN services in the router and done a port redirect to local computer (ISA 2004, 192.168.1.238) and also opened port 1723.
When I query the ISA logs after trying to connect from an external source I see nothing so I assume the router is still blocking the VPN inbound.
0
 
gzarnickCommented:
Don't uncheck the VPN services in the router.  Make sure the ports in the router are open as well as the ports in ISA.  You want to make sure that the PPTP tunnel is able to go inbound and outbound.
0
 
HKFueyAuthor Commented:
mmm not sure about that, see note on VPN page. ISA server is on the LAN so I want VPN pass through?
Router.bmp
0
 
gzarnickCommented:
I would enable PPTP VPN Service.  You're not really running a VPN server on your LAN.  You are allowing to go through with ISA but the server running it is the router.
0
 
HKFueyAuthor Commented:
I tried it both ways, I can't get a connection. Not showing on ISA logs so I asume router is still blocking.
0
 
gzarnickCommented:
http://www.draytek.co.uk/support/kb_vigor_vpncheck.html

Check out that page and see if it will help.
0
 
plug1Commented:
You  NEED to uncheck the pptp services as you already have done, the only other thing is to redirect port 1723 to the server can you post your config of that. I haver this working on a few 2820's so I can post my configs up if need be. TBH though in your situation Id be looking at ISA blocking the VPN before the router.
0
 
HKFueyAuthor Commented:
Hi chaps, I have already redirected port 1723 from one of the WAN ip alias's to the local IP.
I used this article which is quite easy to follow to set up ISA for VPN: -
http://www.isaserver.org/articles/2004vpnserver.html
I get to the part where you test the VPN on the local network and I still get no connection.
I think maybe I have the network settings wrong on the 2 ISA NICS??
0
 
plug1Commented:
Easy way to test it is to try and VPN in locally, take the internet out of the equation, make sure vpns are allowed on both NIC's.
0
 
HKFueyAuthor Commented:
VPN local does not work.
 Have gone through the setup as defined here: - http://www.isaserver.org/tutorials/Configuring_ISA_Server_Interface_Settings.html
But I get this error:-
Technical Information (for support personnel) Error Code 12206: Proxy chain loop Background: The gateway has detected a proxy chain loop. This condition might indicate a configuration problem on a proxy server. Date: 19/11/2008 08:39:00 Server: Users.xxxxxxxx.com Source: Proxy
 
0
 
plug1Commented:
Can you post an IPCONFIG /ALL from the ISA box?
0
 
HKFueyAuthor Commented:
Windows 2000 IP Configuration
        Host Name . . . . . . . . . . . . : Users
        Primary DNS Suffix  . . . . . . . : ######.com
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : Yes
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : ######.com
Ethernet adapter Int:
        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Allied Telesyn AT-2700TX PCI 10/100
Ethernet Adapter
        Physical Address. . . . . . . . . : 00-30-84-6D-E2-A9
        DHCP Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.1.238
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . : 192.168.1.251
                                            192.168.1.1
        Primary WINS Server . . . . . . . : 150.0.0.130
Ethernet adapter Ext:
        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Intel(R) PRO/100+ Server Adapter (PI
LA8470B)
        Physical Address. . . . . . . . . : 00-02-B3-65-6D-E2
        DHCP Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : ########.253
        Subnet Mask . . . . . . . . . . . : 255.255.255.248
        IP Address. . . . . . . . . . . . : ########.252
        Subnet Mask . . . . . . . . . . . : 255.255.255.248
        IP Address. . . . . . . . . . . . : ########.251
        Subnet Mask . . . . . . . . . . . : 255.255.255.248
        IP Address. . . . . . . . . . . . : ########.250
        Subnet Mask . . . . . . . . . . . : 255.255.255.248
        IP Address. . . . . . . . . . . . : ########.249
        Subnet Mask . . . . . . . . . . . : 255.255.255.248
        Default Gateway . . . . . . . . . : 192.168.1.1
        DNS Servers . . . . . . . . . . . :
        NetBIOS over Tcpip. . . . . . . . : Disabled
0
 
HKFueyAuthor Commented:
I also tried the external address of the router as the default gateway on the external nic:  217.xxx.xxx.254 (with 255.255.225.248 as the subnet)
0
 
plug1Commented:
what is the actual address of the external nic at the moment? Change it slightly if you feel you have to but only by 1 digit.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.