Solved

How do is know which VPN type is being setup on my Windows server 2008 std?

Posted on 2010-09-01
10
792 Views
Last Modified: 2012-05-10
Hi Experts,

One of our system engineers finish setting a RAS for VPN purposes on our  Windows server 2008 std.
How can i know which type of VPN did he use ( PPTP \L2TP \PSec \SSTP)?

Thanks in advance, Nir
0
Comment
Question by:IT_Group1
  • 6
  • 4
10 Comments
 
LVL 12

Expert Comment

by:tgtran
ID: 33580491
Open CMD with administrator rights and issue these commands:

netsh ras dump >c:\ras.txt
netsh dump >c:\everything.txt

You can decipher the VPN type from RAS.txt - if you need help, you can post the file everything.txt here and we can examine it together
0
 

Author Comment

by:IT_Group1
ID: 33580665
Hi tgtran,
Thx for your reply.
Here is the RAS.TXT output:


                                           
# -----------------------------------------
# Remote Access Configuration              
# -----------------------------------------
pushd ras
set authmode mode = standard
delete authtype type = PAP
delete authtype type = MD5CHAP
delete authtype type = MSCHAP
delete authtype type = MSCHAPv2
delete authtype type = EAP
add authtype type = MSCHAP
add authtype type = MSCHAPv2
add authtype type = EAP
delete link type = SWC
delete link type = LCP
add link type = SWC
add link type = LCP
delete multilink type = MULTI
delete multilink type = BACP
add multilink type = MULTI
add multilink type = BACP
set conf confstate = enabled
set type ipv4rtrtype = lananddd ipv6rtrtype = none rastype = ipv4
set user name = Administrator dialin = policy cbpolicy = none
set user name = Avi dialin = policy cbpolicy = none
set user name = Aviv dialin = policy cbpolicy = none
set user name = eyal dialin = policy cbpolicy = none
set user name = Gal dialin = policy cbpolicy = none
set user name = Guest dialin = policy cbpolicy = none
set user name = Idan dialin = policy cbpolicy = none
set user name = info dialin = policy cbpolicy = none
set user name = iris dialin = policy cbpolicy = none
set user name = IUSR_SERVER2008 dialin = policy cbpolicy = none
set user name = Jobs dialin = policy cbpolicy = none
set user name = krbtgt dialin = policy cbpolicy = none
set user name = moti dialin = policy cbpolicy = none
set user name = nirs dialin = permit cbpolicy = none
set user name = Notifications dialin = policy cbpolicy = none
set user name = Postmaster dialin = policy cbpolicy = none
set user name = stas dialin = policy cbpolicy = none
set user name = support dialin = policy cbpolicy = none
set user name = Yeli dialin = policy cbpolicy = none

popd
# End of Remote Access configuration.        
                                             
                                             
                                           
# -----------------------------------------
# Remote Access Diagnostics Configuration  
# -----------------------------------------
pushd ras diagnostics
set rastracing component = * state = disabled
set modemtracing state = disabled
set cmtracing state = disabled
set securityeventlog state = enabled
set loglevel events = warn

popd
# End of Remote Access Diagnostics Configuration.
                                                 
                                                 
                                           
# -----------------------------------------
# Remote Access IP Configuration            
# -----------------------------------------
pushd ras ip
delete pool
set negotiation mode = allow
set access mode = all
set addrreq mode = deny
set broadcastnameresolution mode = enabled
set addrassign method = auto
set preferredadapter name = "Local Area Connection 2"
popd
# End of Remote Access IP configuration.    
                                             
                                           
# -----------------------------------------
# Remote Access IPv6 Configuration          
# -----------------------------------------
pushd ras ipv6
 
set negotiation mode = deny
set access mode = all
set prefix prefix = ::
popd
# End of Remote Access IPv6 configuration.  
                                             
                                           
# -----------------------------------------
# Remote Access AAAA Configuration          
# -----------------------------------------
pushd ras aaaa
set authentication provider = windows
set accounting provider = windows
delete authserver name = *
delete acctserver name = *
 
popd
# End of Remote Access AAAA configuration.    
                                               
_________________________________________________________________                                              
 And  here's the everything.txt output:

#========================
# Interface configuration
#========================
pushd interface
reset all

popd
# End of interface configuration
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=disabled dhcpmediasense=disabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=192.168.68.254
add address name="Local Area Connection" address=192.168.68.1

popd
# End of IPv4 configuration
 
# ----------------------------------
# IPv6 Configuration
# ----------------------------------
pushd interface ipv6
reset

popd
# End of IPv6 configuration
 
# ----------------------------------
# ISATAP Configuration
# ----------------------------------
pushd interface isatap
 
popd
# End of ISATAP configuration
 
# ----------------------------------
# 6to4 Configuration
# ----------------------------------
pushd interface 6to4
reset
 
popd
# End of 6to4 configuration
 
# ----------------------------------
# ISATAP Configuration
# ----------------------------------
pushd interface isatap
 
popd
# End of ISATAP configuration

\#========================
\# Port Proxy configuration
\#========================
pushd interface portproxy
reset

popd
# End of Port Proxy configuration
 
# ----------------------------------
# TCP Configuration
# ----------------------------------
pushd interface tcp
reset
set global rss=enabled chimney=disabled autotuninglevel=normal congestionprovider=ctcp ecncapability=disabled timestamps=disabled

popd
# End of TCP configuration
 
# ----------------------------------
# Teredo Configuration
# ----------------------------------
pushd interface teredo
set state servername=teredo.ipv6.microsoft.com.
 
popd
# End of Teredo configuration
 
# ----------------------------------
# 6to4 Configuration
# ----------------------------------
pushd interface 6to4
reset
 
popd
# End of 6to4 configuration

# ------------------------------------
# Bridge configuration (not supported)
# ------------------------------------
# ------------------------------------
# End of Bridge configuration
# ------------------------------------
# ----------------------------------------
# Wired LAN Configuration
# ----------------------------------------
pushd lan

popd
# End of Wired LAN Configuration.

# ==========================================================
# Health Registration Authority configuration
# ==========================================================
pushd nap hra
popd
# End of NAP HRA configuration
# ==========================================================
# Network Access Protection client configuration
# ==========================================================
pushd nap client
# ----------------------------------------------------------
# Trusted server group configuration
# ----------------------------------------------------------
reset trustedservergroup
# ----------------------------------------------------------
# Cryptographic service provider (CSP) configuration
# ----------------------------------------------------------
set csp name = "Microsoft RSA SChannel Cryptographic Provider" keylength = "2048"
# ----------------------------------------------------------
# Hash algorithm configuration
# ----------------------------------------------------------
set hash oid = "1.3.14.3.2.29"
# ----------------------------------------------------------
# Enforcement configuration
# ----------------------------------------------------------
set enforcement id = "79617" admin = "disable" id = "79618" admin = "disable" id = "79619" admin = "disable" id = "79621" admin = "disable" id = "79623" admin = "disable"
# ----------------------------------------------------------
# Tracing configuration
# ----------------------------------------------------------
set tracing state = "disable" level = "basic"
# ----------------------------------------------------------
# User interface configuration
# ----------------------------------------------------------
reset userinterface
popd
# End of NAP client configuration
dump
    [exportPSK =] YES
 
    Creates a script that contains the current configuration. If saved to a
    file, this script can be used to restore altered configuration settings.
 
    exportPSK - To export the shared secrets for RADIUS clients and remote
               RADIUS servers (required).
 
    If you want to export the NPS server configuration, you must also export
    all shared secrets and SQL server logging settings. Export of NPS server
    configuration without shared secrets is not supported.
 
    The exported file contains unencrypted shared secrets for RADIUS
    clients and members of remote RADIUS server groups. Because of this, you
    should ensure that the file is stored in a secure location to prevent
    malicious users from accessing the file.
 
The syntax supplied for this command is not valid. Check help for the correct syntax.
                                           
# -----------------------------------------
# Remote Access Configuration              
# -----------------------------------------
pushd ras
set authmode mode = standard
delete authtype type = PAP
delete authtype type = MD5CHAP
delete authtype type = MSCHAP
delete authtype type = MSCHAPv2
delete authtype type = EAP
add authtype type = MSCHAP
add authtype type = MSCHAPv2
add authtype type = EAP
delete link type = SWC
delete link type = LCP
add link type = SWC
add link type = LCP
delete multilink type = MULTI
delete multilink type = BACP
add multilink type = MULTI
add multilink type = BACP
set conf confstate = enabled
set type ipv4rtrtype = lananddd ipv6rtrtype = none rastype = ipv4
set user name = Administrator dialin = policy cbpolicy = none
set user name = Avi dialin = policy cbpolicy = none
set user name = Aviv dialin = policy cbpolicy = none
set user name = eyal dialin = policy cbpolicy = none
set user name = Gal dialin = policy cbpolicy = none
set user name = Guest dialin = policy cbpolicy = none
set user name = Idan dialin = policy cbpolicy = none
set user name = info dialin = policy cbpolicy = none
set user name = iris dialin = policy cbpolicy = none
set user name = IUSR_SERVER2008 dialin = policy cbpolicy = none
set user name = Jobs dialin = policy cbpolicy = none
set user name = krbtgt dialin = policy cbpolicy = none
set user name = moti dialin = policy cbpolicy = none
set user name = nirs dialin = permit cbpolicy = none
set user name = Notifications dialin = policy cbpolicy = none
set user name = Postmaster dialin = policy cbpolicy = none
set user name = stas dialin = policy cbpolicy = none
set user name = support dialin = policy cbpolicy = none
set user name = Yeli dialin = policy cbpolicy = none

popd
# End of Remote Access configuration.        
                                             
                                             
                                           
# -----------------------------------------
# Remote Access Diagnostics Configuration  
# -----------------------------------------
pushd ras diagnostics
set rastracing component = * state = disabled
set modemtracing state = disabled
set cmtracing state = disabled
set securityeventlog state = enabled
set loglevel events = warn

popd
# End of Remote Access Diagnostics Configuration.
                                                 
                                                 
                                           
# -----------------------------------------
# Remote Access IP Configuration            
# -----------------------------------------
pushd ras ip
delete pool
set negotiation mode = allow
set access mode = all
set addrreq mode = deny
set broadcastnameresolution mode = enabled
set addrassign method = auto
set preferredadapter name = "Local Area Connection 2"
popd
# End of Remote Access IP configuration.    
                                             
                                           
# -----------------------------------------
# Remote Access IPv6 Configuration          
# -----------------------------------------
pushd ras ipv6
 
set negotiation mode = deny
set access mode = all
set prefix prefix = ::
popd
# End of Remote Access IPv6 configuration.  
                                             
                                           
# -----------------------------------------
# Remote Access AAAA Configuration          
# -----------------------------------------
pushd ras aaaa
set authentication provider = windows
set accounting provider = windows
delete authserver name = *
delete acctserver name = *
 
popd
# End of Remote Access AAAA configuration.    
                                               
                                               
# Routing Configuration
pushd routing
reset
popd
# IP Configuration
pushd routing ip
reset
set loglevel error
add preferenceforprotocol proto=LOCAL preflevel=1
add preferenceforprotocol proto=STATIC preflevel=3
add preferenceforprotocol proto=NONDOD preflevel=5
add preferenceforprotocol proto=AUTOSTATIC preflevel=7
add preferenceforprotocol proto=NetMgmt preflevel=10
add preferenceforprotocol proto=RIP preflevel=120
add interface name="Local Area Connection 2" state=enable
set filter name="Local Area Connection 2" fragcheck=disable
add interface name="Local Area Connection" state=enable
set filter name="Local Area Connection" fragcheck=disable
add interface name="Internal" state=enable
add interface name="Loopback" state=enable
popd
# End of IP configuration
 
# ----------------------------------
# DNS Proxy configuration            
# ----------------------------------
pushd routing ip dnsproxy
uninstall

popd
# End of DNS proxy configuration
 
# ----------------------------------
# IGMP Configuration                
# ----------------------------------
pushd routing ip igmp
uninstall
install
set global loglevel = ERROR

# IGMP configuration for interface "Local Area Connection 2"
delete interface name="Local Area Connection 2"
add interface name="Local Area Connection 2" igmpprototype=IGMPPROXY ifenabled=enable

# IGMP configuration for interface "Internal"
delete interface name="Internal"
add interface name="Internal" igmpprototype=IGMPRTRV3 ifenabled=enable robustvar=2 startupquerycount=2 startupqueryinterval=31 genqueryinterval=125 genqueryresptime=10 lastmemquerycount=2 lastmemqueryinterval=1000 accnonrtralertpkts=YES

popd
# End of IGMP configuration
 
# ----------------------------------
# NAT configuration                  
# ----------------------------------
pushd routing ip nat
uninstall

popd
 

# ----------------------------------
# DHCP Relay Agent configuration    
# ----------------------------------
pushd routing ip relay
uninstall
install
set global loglevel=ERROR
add dhcpserver server=192.168.68.1

#
#DHCP Relay Agent configuration for interface "Internal"
#
add interface name="Internal"
set interface name="Internal" relaymode=enable maxhop=4 minsecs=4
 
popd
# End of DHCP Relay configuration
 
# ----------------------------------
# RIP configuration                  
# ----------------------------------
pushd routing ip rip
uninstall

popd
# End of RIP configuration
 
# ----------------------------------
# Router Discovery Configuration    
# ----------------------------------
pushd routing ip routerdiscovery
uninstall
add interface name="Local Area Connection 2" disc=disable minint=7 maxint=10 life=30 level=0
add interface name="Local Area Connection" disc=disable minint=7 maxint=10 life=30 level=0
add interface name="Internal" disc=disable minint=7 maxint=10 life=30 level=0
add interface name="Loopback" disc=disable minint=7 maxint=10 life=30 level=0

popd

# ----------------------------------
# DHCP Allocator Configuration      
# ----------------------------------
pushd routing ip autodhcp
uninstall

popd
# End of DHCP Allocator Configuration
# IPv6 Configuration
pushd routing ipv6
set filter name="Local Area Connection 2" fragcheck=disable
set filter name="Local Area Connection" fragcheck=disable
popd
# End of IPv6 configuration
 
# ----------------------------------
# DHCPv6 Relay Agent configuration    
# ----------------------------------
pushd routing ipv6 relayv6
uninstall

popd
# End of DHCPv6 Relay configuration

                                           
# -----------------------------------------------------------------------
# Remote Access Demand Dial Configuration                                
# -----------------------------------------------------------------------
# This script is not guaranteed to work across machines with different    
# Physical Demand Dial devices like Modems. Before executing this script,
# all these devices should be installed with same name and on same port  
# -----------------------------------------------------------------------
# Known issues and limitations :
# 1. The user needs to set the password for dial out credentials either here
# in the script for every interface enumerated below or later on using the  
# MMC or "ro demanddial set credentials" command.                        
# 2. The user needs to manually set the EAP settings like PEAP or installing
# Smartcard or other Certificates on the machine                            
pushd ro demanddial
 
# -----------------------------------------
# WinHTTP Proxy Configuration
# -----------------------------------------
pushd winhttp
reset proxy
popd
# End of WinHTTP Proxy Configuration
 
0
 
LVL 12

Expert Comment

by:tgtran
ID: 33588948
From what I can see from the log, I believe:
1.  RAS VPN (PPTP) - {set type ipv4rtrtype = lananddd} listed in the RAS Configuration
2.  RAS is listening on NIC# 2 {set preferredadapter name = "Local Area Connection 2" }
3.  DHCP relay configured to use 192.168.68.1
4.  Authentication via MSCHAP & MSCHAPv2 through Windows
5.  LAN & Demand routing on NIC #1
6.  No IKE, IPSec, and such configured

You can verify by open RRAS, right-click on the server name and select "properties"



0
 

Author Comment

by:IT_Group1
ID: 33606425
tgtran thank you very much.
Can you please advise which ports are needed to be opened in firewall (Juniper) and in the Windows firewall.

Thx
0
 

Author Comment

by:IT_Group1
ID: 33606472
When opened port 1723, the connection is hanged (Verified user\pass takes LONG time).
Is there any other ports, maybe outbound?

Thx
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:IT_Group1
ID: 33606488
The received error is 800
0
 

Author Comment

by:IT_Group1
ID: 33606715
BTW, the gateway is Juniper-NS5GT , and i've just saw a few threads which speaks about a specific problem with GRE 47 over VIP in this unit (here's one for example: http://www.juniperforum.com/index.php?topic=3183.0)

Do you happen to know where can i post this question?
Needless to say i'll grant you the points anyway.

Thx
0
 
LVL 12

Accepted Solution

by:
tgtran earned 500 total points
ID: 33606954
Depending what ScreenOS you are on, but here is a good guide (Option 3):
http://blogostuff.blogspot.com/2006/06/netscreen-5gt-firewall-pptp.html
0
 

Author Comment

by:IT_Group1
ID: 33714922
Thx, still doesn't work.
Any ideas guys?
0
 
LVL 12

Expert Comment

by:tgtran
ID: 33717543
Do you mind posting the screen capture of the error window and possibly the config of the Netscreen
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now