Age Old Port Forwarding/VPN Question

Trying to get xp computers to connect to our server with VPN...have the IP
address, everything set up, but I'm getting an 800 message. My assumption is
my NAT/Basic Firewall is blocking this. What ports do I allow for VPN? And
is there a quick tutorial anywhere on how to do this? My 1800 page Server
2003 book hurts my head after too many hours...

If your NAT/Firewall is the only device between you and the Internet, then
you need a NAT/Firewall device that is also capable of acting as a VPN
Server. If you intend to use a Server behind the NAT device as the VPN
Server then it is more complex. VPN consists of unique Protocols and not
just ports,..so it is not simply a matter of forwarding a few ports,... the
NAT device needs special VPN Passthrough abilities that not all of them can
do. I suggest contacting the vendor of the NAT device to see what your
options are.


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"Tim Bott" <(E-Mail Removed)> wrote in message
news:BC24FAEC-53A0-4D10-A949-(E-Mail Removed)...
> Trying to get xp computers to connect to our server with VPN...have the IP
> address, everything set up, but I'm getting an 800 message. My assumption
is
> my NAT/Basic Firewall is blocking this. What ports do I allow for VPN?
And
> is there a quick tutorial anywhere on how to do this? My 1800 page Server
> 2003 book hurts my head after too many hours...

The NAT/Basic Firewall is the one built into Server 2K3. The only thing
between the server and the internet is a dumb ISDN router. It doesn't even
have options to block/forward ports, so I'm assuming everything is reaching
the server.

"Phillip Windell" wrote:

> If your NAT/Firewall is the only device between you and the Internet, then
> you need a NAT/Firewall device that is also capable of acting as a VPN
> Server. If you intend to use a Server behind the NAT device as the VPN
> Server then it is more complex. VPN consists of unique Protocols and not
> just ports,..so it is not simply a matter of forwarding a few ports,... the
> NAT device needs special VPN Passthrough abilities that not all of them can
> do. I suggest contacting the vendor of the NAT device to see what your
> options are.
>
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
> "Tim Bott" <(E-Mail Removed)> wrote in message
> news:BC24FAEC-53A0-4D10-A949-(E-Mail Removed)...
> > Trying to get xp computers to connect to our server with VPN...have the IP
> > address, everything set up, but I'm getting an 800 message. My assumption
> is
> > my NAT/Basic Firewall is blocking this. What ports do I allow for VPN?
> And
> > is there a quick tutorial anywhere on how to do this? My 1800 page Server
> > 2003 book hurts my head after too many hours...
>
>
>

"Tim Bott" <(E-Mail Removed)> wrote in message
news:932D7E76-533E-42A2-9666-(E-Mail Removed)...
> The NAT/Basic Firewall is the one built into Server 2K3. The only thing
> between the server and the internet is a dumb ISDN router. It doesn't
even
> have options to block/forward ports, so I'm assuming everything is
reaching
> the server.

That's fine. I've had one small network using RRAS/NAT as the edge device
and it has never had any significant "hacker" problems. ISDN operates a a
"dialup" connection which can be rather "fickle" and if it is a BRI ISDN
then the VPN will be painfully slow. If it is a PRI ISDN that operates at
maybe T1 speeds then it isn't so bad.

Here is how to deal with RRAS as a VPN Server:

I am assuming you want a Remote Access VPN and not a Site-to-Site VPN (they
are two different things). I included a link for 2000 as well, they both
pretty much operte the same way.

Microsoft Windows Server 2003 Remote Access/VPN Server Role
http://www.microsoft.com/technet/pro...r/default.mspx

Virtual Private Networking with Windows 2000: Deploying Remote Access VPNs
http://www.microsoft.com/windows2000.../vpndeploy.asp


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com