Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How do is know which VPN type is being setup on my Windows server 2008 std?

Posted on 2010-09-01
10
Medium Priority
?
830 Views
Last Modified: 2012-05-10
Hi Experts,

One of our system engineers finish setting a RAS for VPN purposes on our  Windows server 2008 std.
How can i know which type of VPN did he use ( PPTP \L2TP \PSec \SSTP)?

Thanks in advance, Nir
0
Comment
Question by:IT_Group1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
10 Comments
 
LVL 12

Expert Comment

by:tgtran
ID: 33580491
Open CMD with administrator rights and issue these commands:

netsh ras dump >c:\ras.txt
netsh dump >c:\everything.txt

You can decipher the VPN type from RAS.txt - if you need help, you can post the file everything.txt here and we can examine it together
0
 

Author Comment

by:IT_Group1
ID: 33580665
Hi tgtran,
Thx for your reply.
Here is the RAS.TXT output:


                                           
# -----------------------------------------
# Remote Access Configuration              
# -----------------------------------------
pushd ras
set authmode mode = standard
delete authtype type = PAP
delete authtype type = MD5CHAP
delete authtype type = MSCHAP
delete authtype type = MSCHAPv2
delete authtype type = EAP
add authtype type = MSCHAP
add authtype type = MSCHAPv2
add authtype type = EAP
delete link type = SWC
delete link type = LCP
add link type = SWC
add link type = LCP
delete multilink type = MULTI
delete multilink type = BACP
add multilink type = MULTI
add multilink type = BACP
set conf confstate = enabled
set type ipv4rtrtype = lananddd ipv6rtrtype = none rastype = ipv4
set user name = Administrator dialin = policy cbpolicy = none
set user name = Avi dialin = policy cbpolicy = none
set user name = Aviv dialin = policy cbpolicy = none
set user name = eyal dialin = policy cbpolicy = none
set user name = Gal dialin = policy cbpolicy = none
set user name = Guest dialin = policy cbpolicy = none
set user name = Idan dialin = policy cbpolicy = none
set user name = info dialin = policy cbpolicy = none
set user name = iris dialin = policy cbpolicy = none
set user name = IUSR_SERVER2008 dialin = policy cbpolicy = none
set user name = Jobs dialin = policy cbpolicy = none
set user name = krbtgt dialin = policy cbpolicy = none
set user name = moti dialin = policy cbpolicy = none
set user name = nirs dialin = permit cbpolicy = none
set user name = Notifications dialin = policy cbpolicy = none
set user name = Postmaster dialin = policy cbpolicy = none
set user name = stas dialin = policy cbpolicy = none
set user name = support dialin = policy cbpolicy = none
set user name = Yeli dialin = policy cbpolicy = none

popd
# End of Remote Access configuration.        
                                             
                                             
                                           
# -----------------------------------------
# Remote Access Diagnostics Configuration  
# -----------------------------------------
pushd ras diagnostics
set rastracing component = * state = disabled
set modemtracing state = disabled
set cmtracing state = disabled
set securityeventlog state = enabled
set loglevel events = warn

popd
# End of Remote Access Diagnostics Configuration.
                                                 
                                                 
                                           
# -----------------------------------------
# Remote Access IP Configuration            
# -----------------------------------------
pushd ras ip
delete pool
set negotiation mode = allow
set access mode = all
set addrreq mode = deny
set broadcastnameresolution mode = enabled
set addrassign method = auto
set preferredadapter name = "Local Area Connection 2"
popd
# End of Remote Access IP configuration.    
                                             
                                           
# -----------------------------------------
# Remote Access IPv6 Configuration          
# -----------------------------------------
pushd ras ipv6
 
set negotiation mode = deny
set access mode = all
set prefix prefix = ::
popd
# End of Remote Access IPv6 configuration.  
                                             
                                           
# -----------------------------------------
# Remote Access AAAA Configuration          
# -----------------------------------------
pushd ras aaaa
set authentication provider = windows
set accounting provider = windows
delete authserver name = *
delete acctserver name = *
 
popd
# End of Remote Access AAAA configuration.    
                                               
_________________________________________________________________                                              
 And  here's the everything.txt output:

#========================
# Interface configuration
#========================
pushd interface
reset all

popd
# End of interface configuration
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=disabled dhcpmediasense=disabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=192.168.68.254
add address name="Local Area Connection" address=192.168.68.1

popd
# End of IPv4 configuration
 
# ----------------------------------
# IPv6 Configuration
# ----------------------------------
pushd interface ipv6
reset

popd
# End of IPv6 configuration
 
# ----------------------------------
# ISATAP Configuration
# ----------------------------------
pushd interface isatap
 
popd
# End of ISATAP configuration
 
# ----------------------------------
# 6to4 Configuration
# ----------------------------------
pushd interface 6to4
reset
 
popd
# End of 6to4 configuration
 
# ----------------------------------
# ISATAP Configuration
# ----------------------------------
pushd interface isatap
 
popd
# End of ISATAP configuration

\#========================
\# Port Proxy configuration
\#========================
pushd interface portproxy
reset

popd
# End of Port Proxy configuration
 
# ----------------------------------
# TCP Configuration
# ----------------------------------
pushd interface tcp
reset
set global rss=enabled chimney=disabled autotuninglevel=normal congestionprovider=ctcp ecncapability=disabled timestamps=disabled

popd
# End of TCP configuration
 
# ----------------------------------
# Teredo Configuration
# ----------------------------------
pushd interface teredo
set state servername=teredo.ipv6.microsoft.com.
 
popd
# End of Teredo configuration
 
# ----------------------------------
# 6to4 Configuration
# ----------------------------------
pushd interface 6to4
reset
 
popd
# End of 6to4 configuration

# ------------------------------------
# Bridge configuration (not supported)
# ------------------------------------
# ------------------------------------
# End of Bridge configuration
# ------------------------------------
# ----------------------------------------
# Wired LAN Configuration
# ----------------------------------------
pushd lan

popd
# End of Wired LAN Configuration.

# ==========================================================
# Health Registration Authority configuration
# ==========================================================
pushd nap hra
popd
# End of NAP HRA configuration
# ==========================================================
# Network Access Protection client configuration
# ==========================================================
pushd nap client
# ----------------------------------------------------------
# Trusted server group configuration
# ----------------------------------------------------------
reset trustedservergroup
# ----------------------------------------------------------
# Cryptographic service provider (CSP) configuration
# ----------------------------------------------------------
set csp name = "Microsoft RSA SChannel Cryptographic Provider" keylength = "2048"
# ----------------------------------------------------------
# Hash algorithm configuration
# ----------------------------------------------------------
set hash oid = "1.3.14.3.2.29"
# ----------------------------------------------------------
# Enforcement configuration
# ----------------------------------------------------------
set enforcement id = "79617" admin = "disable" id = "79618" admin = "disable" id = "79619" admin = "disable" id = "79621" admin = "disable" id = "79623" admin = "disable"
# ----------------------------------------------------------
# Tracing configuration
# ----------------------------------------------------------
set tracing state = "disable" level = "basic"
# ----------------------------------------------------------
# User interface configuration
# ----------------------------------------------------------
reset userinterface
popd
# End of NAP client configuration
dump
    [exportPSK =] YES
 
    Creates a script that contains the current configuration. If saved to a
    file, this script can be used to restore altered configuration settings.
 
    exportPSK - To export the shared secrets for RADIUS clients and remote
               RADIUS servers (required).
 
    If you want to export the NPS server configuration, you must also export
    all shared secrets and SQL server logging settings. Export of NPS server
    configuration without shared secrets is not supported.
 
    The exported file contains unencrypted shared secrets for RADIUS
    clients and members of remote RADIUS server groups. Because of this, you
    should ensure that the file is stored in a secure location to prevent
    malicious users from accessing the file.
 
The syntax supplied for this command is not valid. Check help for the correct syntax.
                                           
# -----------------------------------------
# Remote Access Configuration              
# -----------------------------------------
pushd ras
set authmode mode = standard
delete authtype type = PAP
delete authtype type = MD5CHAP
delete authtype type = MSCHAP
delete authtype type = MSCHAPv2
delete authtype type = EAP
add authtype type = MSCHAP
add authtype type = MSCHAPv2
add authtype type = EAP
delete link type = SWC
delete link type = LCP
add link type = SWC
add link type = LCP
delete multilink type = MULTI
delete multilink type = BACP
add multilink type = MULTI
add multilink type = BACP
set conf confstate = enabled
set type ipv4rtrtype = lananddd ipv6rtrtype = none rastype = ipv4
set user name = Administrator dialin = policy cbpolicy = none
set user name = Avi dialin = policy cbpolicy = none
set user name = Aviv dialin = policy cbpolicy = none
set user name = eyal dialin = policy cbpolicy = none
set user name = Gal dialin = policy cbpolicy = none
set user name = Guest dialin = policy cbpolicy = none
set user name = Idan dialin = policy cbpolicy = none
set user name = info dialin = policy cbpolicy = none
set user name = iris dialin = policy cbpolicy = none
set user name = IUSR_SERVER2008 dialin = policy cbpolicy = none
set user name = Jobs dialin = policy cbpolicy = none
set user name = krbtgt dialin = policy cbpolicy = none
set user name = moti dialin = policy cbpolicy = none
set user name = nirs dialin = permit cbpolicy = none
set user name = Notifications dialin = policy cbpolicy = none
set user name = Postmaster dialin = policy cbpolicy = none
set user name = stas dialin = policy cbpolicy = none
set user name = support dialin = policy cbpolicy = none
set user name = Yeli dialin = policy cbpolicy = none

popd
# End of Remote Access configuration.        
                                             
                                             
                                           
# -----------------------------------------
# Remote Access Diagnostics Configuration  
# -----------------------------------------
pushd ras diagnostics
set rastracing component = * state = disabled
set modemtracing state = disabled
set cmtracing state = disabled
set securityeventlog state = enabled
set loglevel events = warn

popd
# End of Remote Access Diagnostics Configuration.
                                                 
                                                 
                                           
# -----------------------------------------
# Remote Access IP Configuration            
# -----------------------------------------
pushd ras ip
delete pool
set negotiation mode = allow
set access mode = all
set addrreq mode = deny
set broadcastnameresolution mode = enabled
set addrassign method = auto
set preferredadapter name = "Local Area Connection 2"
popd
# End of Remote Access IP configuration.    
                                             
                                           
# -----------------------------------------
# Remote Access IPv6 Configuration          
# -----------------------------------------
pushd ras ipv6
 
set negotiation mode = deny
set access mode = all
set prefix prefix = ::
popd
# End of Remote Access IPv6 configuration.  
                                             
                                           
# -----------------------------------------
# Remote Access AAAA Configuration          
# -----------------------------------------
pushd ras aaaa
set authentication provider = windows
set accounting provider = windows
delete authserver name = *
delete acctserver name = *
 
popd
# End of Remote Access AAAA configuration.    
                                               
                                               
# Routing Configuration
pushd routing
reset
popd
# IP Configuration
pushd routing ip
reset
set loglevel error
add preferenceforprotocol proto=LOCAL preflevel=1
add preferenceforprotocol proto=STATIC preflevel=3
add preferenceforprotocol proto=NONDOD preflevel=5
add preferenceforprotocol proto=AUTOSTATIC preflevel=7
add preferenceforprotocol proto=NetMgmt preflevel=10
add preferenceforprotocol proto=RIP preflevel=120
add interface name="Local Area Connection 2" state=enable
set filter name="Local Area Connection 2" fragcheck=disable
add interface name="Local Area Connection" state=enable
set filter name="Local Area Connection" fragcheck=disable
add interface name="Internal" state=enable
add interface name="Loopback" state=enable
popd
# End of IP configuration
 
# ----------------------------------
# DNS Proxy configuration            
# ----------------------------------
pushd routing ip dnsproxy
uninstall

popd
# End of DNS proxy configuration
 
# ----------------------------------
# IGMP Configuration                
# ----------------------------------
pushd routing ip igmp
uninstall
install
set global loglevel = ERROR

# IGMP configuration for interface "Local Area Connection 2"
delete interface name="Local Area Connection 2"
add interface name="Local Area Connection 2" igmpprototype=IGMPPROXY ifenabled=enable

# IGMP configuration for interface "Internal"
delete interface name="Internal"
add interface name="Internal" igmpprototype=IGMPRTRV3 ifenabled=enable robustvar=2 startupquerycount=2 startupqueryinterval=31 genqueryinterval=125 genqueryresptime=10 lastmemquerycount=2 lastmemqueryinterval=1000 accnonrtralertpkts=YES

popd
# End of IGMP configuration
 
# ----------------------------------
# NAT configuration                  
# ----------------------------------
pushd routing ip nat
uninstall

popd
 

# ----------------------------------
# DHCP Relay Agent configuration    
# ----------------------------------
pushd routing ip relay
uninstall
install
set global loglevel=ERROR
add dhcpserver server=192.168.68.1

#
#DHCP Relay Agent configuration for interface "Internal"
#
add interface name="Internal"
set interface name="Internal" relaymode=enable maxhop=4 minsecs=4
 
popd
# End of DHCP Relay configuration
 
# ----------------------------------
# RIP configuration                  
# ----------------------------------
pushd routing ip rip
uninstall

popd
# End of RIP configuration
 
# ----------------------------------
# Router Discovery Configuration    
# ----------------------------------
pushd routing ip routerdiscovery
uninstall
add interface name="Local Area Connection 2" disc=disable minint=7 maxint=10 life=30 level=0
add interface name="Local Area Connection" disc=disable minint=7 maxint=10 life=30 level=0
add interface name="Internal" disc=disable minint=7 maxint=10 life=30 level=0
add interface name="Loopback" disc=disable minint=7 maxint=10 life=30 level=0

popd

# ----------------------------------
# DHCP Allocator Configuration      
# ----------------------------------
pushd routing ip autodhcp
uninstall

popd
# End of DHCP Allocator Configuration
# IPv6 Configuration
pushd routing ipv6
set filter name="Local Area Connection 2" fragcheck=disable
set filter name="Local Area Connection" fragcheck=disable
popd
# End of IPv6 configuration
 
# ----------------------------------
# DHCPv6 Relay Agent configuration    
# ----------------------------------
pushd routing ipv6 relayv6
uninstall

popd
# End of DHCPv6 Relay configuration

                                           
# -----------------------------------------------------------------------
# Remote Access Demand Dial Configuration                                
# -----------------------------------------------------------------------
# This script is not guaranteed to work across machines with different    
# Physical Demand Dial devices like Modems. Before executing this script,
# all these devices should be installed with same name and on same port  
# -----------------------------------------------------------------------
# Known issues and limitations :
# 1. The user needs to set the password for dial out credentials either here
# in the script for every interface enumerated below or later on using the  
# MMC or "ro demanddial set credentials" command.                        
# 2. The user needs to manually set the EAP settings like PEAP or installing
# Smartcard or other Certificates on the machine                            
pushd ro demanddial
 
# -----------------------------------------
# WinHTTP Proxy Configuration
# -----------------------------------------
pushd winhttp
reset proxy
popd
# End of WinHTTP Proxy Configuration
 
0
 
LVL 12

Expert Comment

by:tgtran
ID: 33588948
From what I can see from the log, I believe:
1.  RAS VPN (PPTP) - {set type ipv4rtrtype = lananddd} listed in the RAS Configuration
2.  RAS is listening on NIC# 2 {set preferredadapter name = "Local Area Connection 2" }
3.  DHCP relay configured to use 192.168.68.1
4.  Authentication via MSCHAP & MSCHAPv2 through Windows
5.  LAN & Demand routing on NIC #1
6.  No IKE, IPSec, and such configured

You can verify by open RRAS, right-click on the server name and select "properties"



0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 

Author Comment

by:IT_Group1
ID: 33606425
tgtran thank you very much.
Can you please advise which ports are needed to be opened in firewall (Juniper) and in the Windows firewall.

Thx
0
 

Author Comment

by:IT_Group1
ID: 33606472
When opened port 1723, the connection is hanged (Verified user\pass takes LONG time).
Is there any other ports, maybe outbound?

Thx
0
 

Author Comment

by:IT_Group1
ID: 33606488
The received error is 800
0
 

Author Comment

by:IT_Group1
ID: 33606715
BTW, the gateway is Juniper-NS5GT , and i've just saw a few threads which speaks about a specific problem with GRE 47 over VIP in this unit (here's one for example: http://www.juniperforum.com/index.php?topic=3183.0)

Do you happen to know where can i post this question?
Needless to say i'll grant you the points anyway.

Thx
0
 
LVL 12

Accepted Solution

by:
tgtran earned 2000 total points
ID: 33606954
Depending what ScreenOS you are on, but here is a good guide (Option 3):
http://blogostuff.blogspot.com/2006/06/netscreen-5gt-firewall-pptp.html
0
 

Author Comment

by:IT_Group1
ID: 33714922
Thx, still doesn't work.
Any ideas guys?
0
 
LVL 12

Expert Comment

by:tgtran
ID: 33717543
Do you mind posting the screen capture of the error window and possibly the config of the Netscreen
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

664 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question