Help! W2K VPN configuration behind firewall

dlbrewe_at_xspamxhotmail.com
Date: 07/11/03

• Next message: Kai Schreiber: "problems with lost permissions"
• Previous message: Graham Lidbury: "Re: Restrict access to CD Drives in Win NT"
• Next in thread: Michael Hart: "Re: Help! W2K VPN configuration behind firewall"
• Reply: Michael Hart: "Re: Help! W2K VPN configuration behind firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 11 Jul 2003 12:25:22 -0500

I'm having a problem getting my VPN setup to work. I'm using the W2K
VPN server and XP client. I have the server set up to assign a fixed
range of ip addresses, I'm using PPTP, and I'm not using a RADIUS
server. I'm sure my user acct is set to allow remote dialup. When I
test my configuration on our local LAN, everything looks ok, as far as
I can tell. I get authenticated, I can tell an IP address has been
assigned, etc. However, when I try to connect from outside our
firewall, the connection stalls at the "verfying username and
password" stage. I get a timeout w/ error 721 and the message that the
remote computer is not responding. The firewall is set to allow tcp
1723 to the VPN server. I may not understand something basic about the
way VPN works. The way I understand it, all traffic by the VPN client
is tunneled thru 1723 to the VPN server, which passes it on to the
network. The server also responds to traffic intended for the IP
addresses it has assigned, and routes it thru to the clients that have
established connections to it. However, it's like some traffic isn't
going thru the tunnel, and is blocked by the firewall. Is there
something I'm missing here? I'd appreciate any input as to how I can
get this to work.
dale b.

---

• Next message: Kai Schreiber: "problems with lost permissions"
• Previous message: Graham Lidbury: "Re: Restrict access to CD Drives in Win NT"
• Next in thread: Michael Hart: "Re: Help! W2K VPN configuration behind firewall"
• Reply: Michael Hart: "Re: Help! W2K VPN configuration behind firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Conecting to an external VPN ... but the VPN server is not mine.. ... There is no firewall client.. ... However, the connection still timesout.. ... (microsoft.public.isa.vpn) Re: Easy RRAS VPN question ... i.e. client listens on 1701 every time so it must be fixed. ... The firewall rules are applied to the LAN ... same way as if I were coming in over the internet. ... >L2TP also uses computer certificates on the VPN server and client. ... (microsoft.public.windows.server.networking) Re: which ports are in need to be opened to change password over V ... Do you have a firewall between your LAN clients and the DC? ... affect this would be filters between the VPN server and the DC. ... > I understand the client communicates via 1723 and gre for pptp. ... > required ports are in need to be open betweed a client an a DC to be> able ... (microsoft.public.windows.server.networking) Re: L2TP port? ... The problem I have is that I cannot redirect port 500 through my firewall. ... 2-my home client will connect L2TP fine, IF I connect a PPTP tunnel first. ... > This filter allows Internet Key Exchange traffic to the VPN server. ... (microsoft.public.isa.vpn) Re: Easy RRAS VPN question ... Well that is a huge disadvantage if you can not access the firewall to make ... interface for the VPN server if is configured as shown in the link below. ... > accessed from the internet. ... I have SP2 installed on the client so ... (microsoft.public.windows.server.networking)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.os.ms-windows.nt.admin.security  > 2003-07