ashjuv
asked on
RRAS VPN Setup on widows server 2003, behind a firewall Watchguard
HI ALL
could some one help me troubleshoot my problem with rras vpn setup server.
our network has two servers, both are windows server 2003 , and are domain controllers. I have setup rras on one of the servers with a dedicated nic for it. I have opened up firewall which is provided by Watchguard router. we only have one public ip. on the firewall I have opened up the port of pptp and assigned the host address as the ip address of the nic I am using for rras. ( I don't think , this device watchguard, has explicti natting available).
When I try test by creating a vpn connection using a computer from my home it hangs at verifying user name and password for a bit, then gives the error message ' error 691: access was denied becuase the username and or password was invalid on the domian.'
I have gave the user account I am using to connect access as allow in the properties of AD for dial and remote access connection ( something like that, i don't remember the name of the option /tab).
am I mising something really obvious here. how do I troubleshoot this issue and hopefully resolve it.
could some one help me troubleshoot my problem with rras vpn setup server.
our network has two servers, both are windows server 2003 , and are domain controllers. I have setup rras on one of the servers with a dedicated nic for it. I have opened up firewall which is provided by Watchguard router. we only have one public ip. on the firewall I have opened up the port of pptp and assigned the host address as the ip address of the nic I am using for rras. ( I don't think , this device watchguard, has explicti natting available).
When I try test by creating a vpn connection using a computer from my home it hangs at verifying user name and password for a bit, then gives the error message ' error 691: access was denied becuase the username and or password was invalid on the domian.'
I have gave the user account I am using to connect access as allow in the properties of AD for dial and remote access connection ( something like that, i don't remember the name of the option /tab).
am I mising something really obvious here. how do I troubleshoot this issue and hopefully resolve it.
This really depends on which watchguard you are using. If you are using a firebox and not the soho. you can setup a direct one to one NAT with out a prob.
Which Watchguard are you using?
Which Watchguard are you using?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
this is the watchguard info
version 6.4.1
build 15
boot rom 5.6
Watchguard SOHO 6TC
version 6.4.1
build 15
boot rom 5.6
Watchguard SOHO 6TC
ASKER
when i specify pptp as the service should it not automatically take care of both the tcp port and protocol on the firewall.??
I actually did try creating my own service and specifying the the rras port as well as protocol, it gave the same result
I actually did try creating my own service and specifying the the rras port as well as protocol, it gave the same result
ASKER
Actually I tried logging on using full name user@domain.com and it worked.
thanks so much.
thanks so much.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks, mickey, the information would really be helpful if I run into vpn problems. So far with ms it looks good ( still in test ). when I start rolling out i i will find out what are the other issues. In the mean time i will close the case and open a new one whent the issues happen again. thanks for all your hlep guys who responded to this mesage in timely manner.
http://support.microsoft.com/kb/241251