In news:%(E-Mail Removed),
Homer Jay <(E-Mail Removed)> stated, which I commented on below:
> I am still suffering with my VPN setup............ and have no idea
> what else to try. I have a Netgear FVL328 which I am using to
> passthrough the VPN to my SBS 2003 server.
>
> I have tried using the PPTPSRV and PPTPCLNT tools, but get no
> response on the server end of things. So I double checked and do have
> TCP port 1723 open on my router, I also have the option "Enable VPN
> Passthrough" ticked (although from various sites I have read that
> this may only be for outbound connections, and not inbound, trying to
> extract info from Netgear on this).
> I checked again on a website www.canyouseeme.org to see if port 1723
> was open, and it told me that it could not connect. Leading me to
> believe the port is still blocked (where I do not know, it's open on
> the router, and I have MS Firewall turned off on the server).
>
> The VPN works fine when I am connected on the same LAN, when trying to
> connect from outside I get the 800 error. I have also made changes to
> the MTU on the router which also had no effect.
>
> I found an archived topic at
> http://www.msusenet.com/archive/topi...t-2258534.html where the OP
> found a solution/workaround which involved a tweak to their Netgear
> router (a diff model, but I had hoped it might provide some help) but
> they did not post a link to where they found the solution, or any
> info as to what the solution might be.
>
> I also tried placing the server temporarily in the DMZ and attempted
> to connect that way, but the connection was still refused with an 800
> error. I am pretty much at a total loss right now as to what the
> problem is and how to fix it, any help at this point will prevent me
> from tearing out my hair in frustration. I really have no idea what
> to check next.
> Thanks.
Seeting up PPTP is rather simple. Since you've already confirmed that it
works internally but not from an external source, it points to a firewall
misconfiguration.
Below are the firewalls rules that must be opened and passed thru to the SBS
box to allow PPTP VPN traffic. Keep in mind, this is not for L2TP IPSec
traffic, since that is different. RRAS would need to be setup differently to
allow L2TP/IPSec VPNs. Since you implied you are using the Windows VPN
client, and you already mentioned TCP 1723, I am assuming you are using
PPTP.
PPTP ports that must be allowed:
TCP 1723
Protocol ID 47 (GRE)
(Keep in mind Protocol ID 47 is NOT a TCP OR a UDP Port number , rather it
is a Protocol ID number - please do not confuse a port and protocol ID.
Protocol ID 47 for PPTP VPNs is also called "GRE" - Gerneric Encapsulation
protocol).
They are the two ports/protocols that must be opened. Changing the MTU may
cause Internet Explorer browsing problems internally. I would suggest to set
it back to default.
To open Protocol ID 47, you will need to refer to your documentation for the
Netgear FVL328 router. It may be setup or referred to as in the
configuration page of the router as "GRE" or "VPN Passthrough" to the SBS
box. VPN Passthrough, if that is the option, will open Protocol ID 47 for
you. Check the docs. If it cannot perform this function, then I would
suggest to change the router to one that can, such as a Cisco PIX or
Watchguard.
In *SOME* cases with some VPN routers, if you allow VPN Passthrough, it will
automatically open TCP 1723 and GRE (Protocol ID 47). Once again, PLEASE
check your router's docs.
TCP 1723 is for the traffic/connection to the VPN server. Protocol ID 47 is
the actual tunnel. If it is connecting and hanging for what seems like a
long time and then times out without creating the connection, then Protocol
ID 47 is being blocked.
--
Ace
Innovative IT Concepts, Inc
Willow Grove, PA
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer
Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164
Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."
The only constant in life is change...
Similar Threads
Linear Mode
