RE: question about Microsoft vpn or alternatives
From: Gregory M. Brown (gbrown_at_alvalearning.com)
Date: 10/14/03
- Previous message: Jennifer Fountain: "All-in-One device for authentication and encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 14 Oct 2003 13:29:36 -0600 To: <m.lucas@taos-it.nl>, "Johnny Tam" <mypunsotang@yahoo.com>
Be sure to verify that within the properties of the VPN connectoid that
the client for microsoft networks is there. This error is indicative of
that piece missing. I'm assuming you have only one user that is having
issues. If only one user is having a problem, you can also check to
insure that he has dial in permission via AD or User Mangler in NT4.
gb
-----Original Message-----
From: M. Lucas [mailto:m.lucas@taos-it.nl]
Sent: Monday, October 13, 2003 12:31 AM
To: Johnny Tam
Cc: security-basics@securityfocus.com
Subject: Re: question about microsoft vpn or alternatives
On Fri, 2003-10-10 at 17:38, Johnny Tam wrote:
> Hello all
> I have a windows 2000 server configured for
> VPN (PPTP) and Terminal Services App Mode.
> Everything is working on the server and there has
> been no problem with ports being blocked, etc since
> it is directly connected to the internet.
>
> I have a remote client that cannot connect to
> the vpn server. It only goes until Verifying
> Password and then just gives out an error 721.
>
> From my initial testing on why this "could"
> happen. I found out that the client is not
> directly connected to the internet although he
> has a real IP 10.xxx.xxx.xxx. By that,
> I mean he goes through at least one or two
> nodes up him that could possibly filter a lot
> of ports. Even ICMP (ping) inbound and outbound
> is prohibited, you just get a request timed out
> all the time but internet surfing etc is working ok.
> If you do a traceroute from tracert, it would
> end up until
> 15 zzz.CUSTOMER.DSL.ALTER.NET (66.66.66.66) 233.526
> ms 235.943 ms 239.454 ms
> 16 * * *
> 17 * * *
> 18 * * *
>
> (ip modified for privacy)
>
> If I request those nodes above him to allow
> ICMP, would that help? or NAT problem?
>
> Are there any alternative VPN solution I can
> use that won't have this kind of problem?
> How is Cisco's implementation of VPN?
>
> Thank you for any helpful information
Take a look at his firewall and search for allowing GRE traffic.
I had the same issue this weekend ;)
Maurice Lucas
------------------------------------------------------------------------
--- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
- Previous message: Jennifer Fountain: "All-in-One device for authentication and encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
