Solved

Set up Router to allow VPN access

Posted on 2008-10-09
17
731 Views
Last Modified: 2012-05-05
I have configured ISA 2004 on a Win2K server for VPN access, does anyone know what I need to set on the router (Vigor 2810) to make this work?

Thanks
0
Comment
Question by:HKFuey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 5
17 Comments
 
LVL 5

Expert Comment

by:gzarnick
ID: 22677791
Make sure you have port 1723 open
0
 
LVL 5

Expert Comment

by:gzarnick
ID: 22677842
If your router has services listed then you need PPTP open with GRE.
0
 

Author Comment

by:HKFuey
ID: 22678735
OK, I have unchecked the VPN services in the router and done a port redirect to local computer (ISA 2004, 192.168.1.238) and also opened port 1723.
When I query the ISA logs after trying to connect from an external source I see nothing so I assume the router is still blocking the VPN inbound.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 5

Expert Comment

by:gzarnick
ID: 22679078
Don't uncheck the VPN services in the router.  Make sure the ports in the router are open as well as the ports in ISA.  You want to make sure that the PPTP tunnel is able to go inbound and outbound.
0
 

Author Comment

by:HKFuey
ID: 22679479
mmm not sure about that, see note on VPN page. ISA server is on the LAN so I want VPN pass through?
Router.bmp
0
 
LVL 5

Expert Comment

by:gzarnick
ID: 22679664
I would enable PPTP VPN Service.  You're not really running a VPN server on your LAN.  You are allowing to go through with ISA but the server running it is the router.
0
 

Author Comment

by:HKFuey
ID: 22679910
I tried it both ways, I can't get a connection. Not showing on ISA logs so I asume router is still blocking.
0
 
LVL 5

Expert Comment

by:gzarnick
ID: 22679957
http://www.draytek.co.uk/support/kb_vigor_vpncheck.html

Check out that page and see if it will help.
0
 
LVL 14

Expert Comment

by:plug1
ID: 22982924
You  NEED to uncheck the pptp services as you already have done, the only other thing is to redirect port 1723 to the server can you post your config of that. I haver this working on a few 2820's so I can post my configs up if need be. TBH though in your situation Id be looking at ISA blocking the VPN before the router.
0
 

Author Comment

by:HKFuey
ID: 22986202
Hi chaps, I have already redirected port 1723 from one of the WAN ip alias's to the local IP.
I used this article which is quite easy to follow to set up ISA for VPN: -
http://www.isaserver.org/articles/2004vpnserver.html
I get to the part where you test the VPN on the local network and I still get no connection.
I think maybe I have the network settings wrong on the 2 ISA NICS??
0
 
LVL 14

Expert Comment

by:plug1
ID: 22986300
Easy way to test it is to try and VPN in locally, take the internet out of the equation, make sure vpns are allowed on both NIC's.
0
 

Author Comment

by:HKFuey
ID: 22992490
VPN local does not work.
 Have gone through the setup as defined here: - http://www.isaserver.org/tutorials/Configuring_ISA_Server_Interface_Settings.html
But I get this error:-
Technical Information (for support personnel) Error Code 12206: Proxy chain loop Background: The gateway has detected a proxy chain loop. This condition might indicate a configuration problem on a proxy server. Date: 19/11/2008 08:39:00 Server: Users.xxxxxxxx.com Source: Proxy
 
0
 
LVL 14

Expert Comment

by:plug1
ID: 22993084
Can you post an IPCONFIG /ALL from the ISA box?
0
 

Author Comment

by:HKFuey
ID: 22993258
Windows 2000 IP Configuration
        Host Name . . . . . . . . . . . . : Users
        Primary DNS Suffix  . . . . . . . : ######.com
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : Yes
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : ######.com
Ethernet adapter Int:
        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Allied Telesyn AT-2700TX PCI 10/100
Ethernet Adapter
        Physical Address. . . . . . . . . : 00-30-84-6D-E2-A9
        DHCP Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.1.238
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . : 192.168.1.251
                                            192.168.1.1
        Primary WINS Server . . . . . . . : 150.0.0.130
Ethernet adapter Ext:
        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Intel(R) PRO/100+ Server Adapter (PI
LA8470B)
        Physical Address. . . . . . . . . : 00-02-B3-65-6D-E2
        DHCP Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : ########.253
        Subnet Mask . . . . . . . . . . . : 255.255.255.248
        IP Address. . . . . . . . . . . . : ########.252
        Subnet Mask . . . . . . . . . . . : 255.255.255.248
        IP Address. . . . . . . . . . . . : ########.251
        Subnet Mask . . . . . . . . . . . : 255.255.255.248
        IP Address. . . . . . . . . . . . : ########.250
        Subnet Mask . . . . . . . . . . . : 255.255.255.248
        IP Address. . . . . . . . . . . . : ########.249
        Subnet Mask . . . . . . . . . . . : 255.255.255.248
        Default Gateway . . . . . . . . . : 192.168.1.1
        DNS Servers . . . . . . . . . . . :
        NetBIOS over Tcpip. . . . . . . . : Disabled
0
 
LVL 14

Accepted Solution

by:
plug1 earned 500 total points
ID: 22993457
I take it the blocked out address's arent on the subnet 192.168.1.0? It looks to me like the are as the default gateway is 192.168.1.1. If thats the case then thats why its not working, the external adapter needs a different range than the internal so if the internal is 192.168.1.2 then the external HAS to be on another subnet I.E 10.1.1.0 or 192.168.100.0.

It wont work otherwise.
0
 

Author Comment

by:HKFuey
ID: 22995118
I also tried the external address of the router as the default gateway on the external nic:  217.xxx.xxx.254 (with 255.255.225.248 as the subnet)
0
 
LVL 14

Expert Comment

by:plug1
ID: 22995151
what is the actual address of the external nic at the moment? Change it slightly if you feel you have to but only by 1 digit.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question