VPN server behind router help!!

I have posts about vpn issues over the past week or so, and I still do not
have a solution. I have a Linksys WRV54G router with Windows 2003 server.
I have set up remote access on the server and can access the server with a
VPN connection from inside the LAN. When I try to connect through the
router I get the 800 error, can't establish a VPN connection. I tried
another Linksys router, with the same result. I really have to get this
resolved for a client. What are others using for a router with the VPN
server?

Thanks for your help in advance!

Candace Sparks

Why are you using a Linksys for a client network? Linksys is made for home
use not business. You'll need to open the appropriate ports for the VPN (ie
esp, udp 500) in the firewall.

"Candace Sparks" <(E-Mail Removed)> wrote in message
news:ML2dnQuWU7s_GbzZRVn-(E-Mail Removed)...
> I have posts about vpn issues over the past week or so, and I still do not
> have a solution. I have a Linksys WRV54G router with Windows 2003 server.
> I have set up remote access on the server and can access the server with a
> VPN connection from inside the LAN. When I try to connect through the
> router I get the 800 error, can't establish a VPN connection. I tried
> another Linksys router, with the same result. I really have to get this
> resolved for a client. What are others using for a router with the VPN
> server?
>
> Thanks for your help in advance!
>
> Candace Sparks
>
>

What router would you recommend?


"Neteng" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Why are you using a Linksys for a client network? Linksys is made for home
> use not business. You'll need to open the appropriate ports for the VPN
> (ie
> esp, udp 500) in the firewall.
>
> "Candace Sparks" <(E-Mail Removed)> wrote in message
> news:ML2dnQuWU7s_GbzZRVn-(E-Mail Removed)...
>> I have posts about vpn issues over the past week or so, and I still do
>> not
>> have a solution. I have a Linksys WRV54G router with Windows 2003
>> server.
>> I have set up remote access on the server and can access the server with
>> a
>> VPN connection from inside the LAN. When I try to connect through the
>> router I get the 800 error, can't establish a VPN connection. I tried
>> another Linksys router, with the same result. I really have to get this
>> resolved for a client. What are others using for a router with the VPN
>> server?
>>
>> Thanks for your help in advance!
>>
>> Candace Sparks
>>
>>
>
>

It is not a matter of just "forwarding",...the NAT Device you buy has to be
able to do what most of them call "VPN Passthough". This is a special thing,
not all of them can do it,...you've been warned :-)

Go to the sites of the differnet manufactures and look at the specs page of
what you might want to buy and see if the device can do that.

But the tell you the truth, those NAT Devices aren't giving you anything
that RRAS/Server2003 doesn't already give you. Just forget the stupid NAT
Device and just use the Server2003 with RRAS.

The 2003 box *is* a NAT Device when configured properly,...there is no point
is doing a back-to-back NAT between two NAT Device unless you have a real
verifiable reason to run a Back-to-Back DMZ. So just use the Server2003 box
directly in place of the NAT Device and forget it.


--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com





"Candace Sparks" <(E-Mail Removed)> wrote in message
news:_(E-Mail Removed). ..
> What router would you recommend?

Candace-

Here is where Phillip and I disagree. NAT-T (also called VPN-Passthru on low
end devices) is for hosts that VPN inside, pass through a firewall, and
connect to a device outside. I personally would never put a server facing
the internet, no matter what it does (HTTP, DNS, NAT, etc). If you want a
router that can do it, any Cisco or Juniper can do it. If you want a
firewall, you can use a Juniper Netscreen, a Cisco PIX, or a Cisco router
with IOS Firewall Feature Set. A good device like those mentioned can do
VPN's better than a server 99% the time, so you might be able to take care
of two things (VPN and a respectable firewall).


"Phillip Windell" <@.> wrote in message
news:%(E-Mail Removed)...
> It is not a matter of just "forwarding",...the NAT Device you buy has to
be
> able to do what most of them call "VPN Passthough". This is a special
thing,
> not all of them can do it,...you've been warned :-)
>
> Go to the sites of the differnet manufactures and look at the specs page
of
> what you might want to buy and see if the device can do that.
>
> But the tell you the truth, those NAT Devices aren't giving you anything
> that RRAS/Server2003 doesn't already give you. Just forget the stupid NAT
> Device and just use the Server2003 with RRAS.
>
> The 2003 box *is* a NAT Device when configured properly,...there is no
point
> is doing a back-to-back NAT between two NAT Device unless you have a real
> verifiable reason to run a Back-to-Back DMZ. So just use the Server2003
box
> directly in place of the NAT Device and forget it.
>
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
>
>
>
> "Candace Sparks" <(E-Mail Removed)> wrote in message
> news:_(E-Mail Removed). ..
> > What router would you recommend?
>
>

WRV54G is VPN built-in VPN. So that is OK and it should work for pass-through. Since you can establish the VPN in the LAN, the problem must be router. I have seen some cases like this one. For example, you enabled the VPN on the router and also setup pass-through VPN. That could be the issue. Another case is forwarding 1723 to a wrong server. this case studies have more details.

Case Studies – VPN error 721 and 800

Case 1: When a user attempts to access the Windows VPN server that is behind a Linksys WRT54G, he receives VPN Error 800 or 721....

http://www.chicagotech.net/VPN/vpncase800.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Candace Sparks" <(E-Mail Removed)> wrote in message news:ML2dnQuWU7s_GbzZRVn-(E-Mail Removed)...
I have posts about vpn issues over the past week or so, and I still do not
have a solution. I have a Linksys WRV54G router with Windows 2003 server.
I have set up remote access on the server and can access the server with a
VPN connection from inside the LAN. When I try to connect through the
router I get the 800 error, can't establish a VPN connection. I tried
another Linksys router, with the same result. I really have to get this
resolved for a client. What are others using for a router with the VPN
server?

Thanks for your help in advance!

Candace Sparks

I would have to agree with Phillip. My 2003 server is facing the
internet with RRAs handling VPN connections. I would also agree with
Neteng that a Cisco box would be the best bet, but they are expensive,
and you already have the necessary equipment to accomplish this without
any further expense. My opinion, take the Linksys back and have a nice
dinner with the funds, Hook the server to your modem! :-)

Exactly, that's right. I wasn't trying to take away from the Cisco boxes
(I've got a CCNA for a reason), but I was trying to compare "apples to
apples". When you compare Server2003/RRAS/NAT to the cheap Linksys box they
are about the same capability and you don't have to buy anything else.


--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"zach" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> I would have to agree with Phillip. My 2003 server is facing the
> internet with RRAs handling VPN connections. I would also agree with
> Neteng that a Cisco box would be the best bet, but they are expensive,
> and you already have the necessary equipment to accomplish this without
> any further expense. My opinion, take the Linksys back and have a nice
> dinner with the funds, Hook the server to your modem! :-)
>