VPN Connection Blocked by firewall

I am trying to setup a VPN server on a virtual server running Windows
Server 2003 Enterprise Edition SP1. The virtual server runs on a blade
server that also runs Windows Server 2003 Enterprise Edition SP1 that
runs Microsoft Virtual Server 2005 R2. The blade server is connected
to a D-Link DFL-200 firewall router. The virtual server has RRAS fully
setup and configured.

The firewall has been set to allow VPN connections. I have forwarded
all PPtP related ports (1723, 47) as well as IKE (500), L2TP
(1701),RAIDUS (1812), and various IPSEC ports. They all point to the
virtual server. Windows firewall is off on all machines.

I have set up the connection on a severalclient machine using the
external IP address of our network, and tried to run it, but the
connection fails. It finds the external IP address and accesses it,
but it doesn't get to authentication part. It says that the server
doesn't respond. When i try the connection in Vista it says that port
1723 is being blocked on some firewall. The router is the only
firewall being used, so it seems to me like that is where it's getting
blocked. However, I've checked the settings several times and tried
different things to no avail.

I've checked the router log and it does get the connection:
2007-04-03 22:07:15] <6>EFW: CONN: prio=1 rule=PPtP_Pass_Through
satdestrule=Rule_37
conn=open connipproto=GRE connrecvif=LAN connsrcip=192.168.1.137
connsrcid=0 conndestif=LAN
conndestip=(our external IP) conndestid=0

[2007-04-03 22:07:15] <6>EFW: CONN: prio=1 rule=PPtP
satdestrule=Rule_40 conn=open
connipproto=TCP connrecvif=LAN connsrcip=192.168.1.137
connsrcport=56389 conndestif=LAN
conndestip=(our external IP) conndestport=1723

I need to get the router to allowt he VPN connection and pass it to
the virtual server. Any ideas?

Have you ensured that the server is correctly set up to receive a VPN
connection? Can you connect from a client which is local to the RRAS server
(using its private IP address)?

If you are trying to connect using PPTP, all you need is TCP port 1723.
Importantly, your firewall must not block GRE. The log entry indicates that
this is all OK. It looks like the server just isn't configured correctly to
initiate a VPN connection.

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
>I am trying to setup a VPN server on a virtual server running Windows
> Server 2003 Enterprise Edition SP1. The virtual server runs on a blade
> server that also runs Windows Server 2003 Enterprise Edition SP1 that
> runs Microsoft Virtual Server 2005 R2. The blade server is connected
> to a D-Link DFL-200 firewall router. The virtual server has RRAS fully
> setup and configured.
>
> The firewall has been set to allow VPN connections. I have forwarded
> all PPtP related ports (1723, 47) as well as IKE (500), L2TP
> (1701),RAIDUS (1812), and various IPSEC ports. They all point to the
> virtual server. Windows firewall is off on all machines.
>
> I have set up the connection on a severalclient machine using the
> external IP address of our network, and tried to run it, but the
> connection fails. It finds the external IP address and accesses it,
> but it doesn't get to authentication part. It says that the server
> doesn't respond. When i try the connection in Vista it says that port
> 1723 is being blocked on some firewall. The router is the only
> firewall being used, so it seems to me like that is where it's getting
> blocked. However, I've checked the settings several times and tried
> different things to no avail.
>
> I've checked the router log and it does get the connection:
> 2007-04-03 22:07:15] <6>EFW: CONN: prio=1 rule=PPtP_Pass_Through
> satdestrule=Rule_37
> conn=open connipproto=GRE connrecvif=LAN connsrcip=192.168.1.137
> connsrcid=0 conndestif=LAN
> conndestip=(our external IP) conndestid=0
>
> [2007-04-03 22:07:15] <6>EFW: CONN: prio=1 rule=PPtP
> satdestrule=Rule_40 conn=open
> connipproto=TCP connrecvif=LAN connsrcip=192.168.1.137
> connsrcport=56389 conndestif=LAN
> conndestip=(our external IP) conndestport=1723
>
> I need to get the router to allowt he VPN connection and pass it to
> the virtual server. Any ideas?
>

I did try that (using the private IP), and it didn't work either.
However, I found out today that we're going a different direction on
this so I don't need this quetion answerd anymore. Thanks for you
assistance!