[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 910
  • Last Modified:

Problem setting up VPN connection to remote computers.

I can no longer setup a VPN connection from a remote location.  The only way a computer can connect to our server is that a computer needs to be connected within our company network.  So our laptop can no longer connect when they are off site (traveling).  

These remote computers would get an error message during the log in.  
Error  800.  connecting to 0.0.0.0 (IP) using "WAN MiniPort (L2TP) failed.  

Error 800:  The remote connection was not made because attmeped VPN tunneles faile.  the vpn server might be unreachable.  If this connection is attempting to use L2tp/IPsec tunnel, the security parameters required for IPsec negotiation might not be configured properly.

Is there something i need to do on the Win Server 2003 Admin config?

Is there something i need to reconfigure at our sonicwall firewall?
0
Lifestream
Asked:
Lifestream
  • 9
  • 5
  • 2
1 Solution
 
MuraliCommented:
Hi,

Try to telnet your server with 1723 port number.

If you are able telnet, some config need to set at your server end.

If you are not able to telnet, you need to config NAT between your firewall and server.

0
 
MuraliCommented:
And check your VPN IP pool. If you are using DHCP, try to give another pool at RAS console and try. It may work if you are able to telent to your server from the remote computer.
0
 
LifestreamAuthor Commented:
i am not able to telnet from a remote computer.    what should the NAT config between firewall and server be?
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
LifestreamAuthor Commented:
i went to the server to reconfig routing and remote access.  

i disabled the server's RRAS and enable it to reconfigure.  I tried to select VPN access and NAT but it was not allowing me because it says:

"less than two network interfaces were detected on this machine.  for standard vpn server configuration at least two netwokr interfaces need to be installed.  please use custon configuration path instead."

i know there are two connection to our server, 1.  t1/data 2.  internet
0
 
nappy_dCommented:
What model of the Sonicwall devices do you have?

On the Sonicwall, make sure that port 1723tcp is forwarded to your Windows server.

Alternatively, I would:
  1. configure a NAS port on the Windows server for the Sonicwall
  2. On the Sonicwall, configure RADIUS for VPN and l2tp
This way, your users are authenticated  by the Sonicwall using AD LDAP.
0
 
LifestreamAuthor Commented:
Sonicwall PRO 2040 Enhanced

I think when we upgraded to "Enhanced" version, that is when remote clients were not able to VPN to the server.
0
 
nappy_dCommented:
Look at your firewall rules.  Do you have a rule to allow 1723tp to pass to your RRAS server?
0
 
LifestreamAuthor Commented:
I have a rule under Access Rules > WAN > LAN

Source:  Any
Destination:  WAN Primary IP
Servier:  Server (VPN)
Action:  Allow all users

0
 
LifestreamAuthor Commented:
Access Rules (WAN>VPN):  no rules were created.
0
 
nappy_dCommented:
Actually, you need to setup wan to lan tcp1723 to the rras box.
0
 
LifestreamAuthor Commented:
there is already one setup:
the one i mentioned above.  Underservice Properties it says:  pptp: tcp port 1723 to RRAS
0
 
nappy_dCommented:
What does your event viewer show for errors relating to pptp connections?
0
 
LifestreamAuthor Commented:
no PPTP error found.  

this is what i found

Event Type:      Warning
Event Source:      Rasman
Event Category:      None
Event ID:      20209
Date:            12/21/2009
Time:            13:24:27
User:            N/A
Computer:      DC1
Description:
A connection between the VPN server and the VPN client 63.82.130.XX has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47). Verify that the firewalls and routers between your VPN server and the Internet allow GRE packets. Make sure the firewalls and routers on the user's network are also configured to allow GRE packets. If the problem persists, have the user contact the Internet service provider (ISP) to determine whether the ISP might be blocking GRE packets.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



____________
Event Type:      Warning
Event Source:      RemoteAccess
Event Category:      None
Event ID:      20189
Date:            12/21/2009
Time:            11:21:24
User:            N/A
Computer:      LSDC1
Description:
The user LIFESTREAM\client connected from 70.99.138.21XX but failed an authentication attempt due to the following reason: Authentication was not successful because an unknown user name or incorrect password was used.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

__________
I found no errors on the firewall side.
0
 
nappy_dCommented:
You need to forward port 47 for GRE to the server as well.
0
 
LifestreamAuthor Commented:
i am not familiar with that, I looked trough my firewall settings and i didn't see a port 47 forwarding and GRE.  I tried looking online but no luck.
0
 
LifestreamAuthor Commented:
he is the solution that worked for me.  Instead of creating a VPN from a remote pc directly to the file server, I used mail.domain.com port to connect rather than using the public IP.
0

Featured Post

[Webinar] Kill tickets & tabs using PowerShell

Are you tired of cycling through the same browser tabs everyday to close the same repetitive tickets? In this webinar JumpCloud will show how you can leverage RESTful APIs to build your own PowerShell modules to kill tickets & tabs using the PowerShell command Invoke-RestMethod.

  • 9
  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now