Help! W2K VPN configuration behind firewall - Windows NT

This is a discussion on Help! W2K VPN configuration behind firewall - Windows NT ; I'm having a problem getting my VPN setup to work. I'm using the W2K VPN server and XP client. I have the server set up to assign a fixed range of ip addresses, I'm using PPTP, and I'm not using ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Help! W2K VPN configuration behind firewall

  1. Help! W2K VPN configuration behind firewall

    I'm having a problem getting my VPN setup to work. I'm using the W2K
    VPN server and XP client. I have the server set up to assign a fixed
    range of ip addresses, I'm using PPTP, and I'm not using a RADIUS
    server. I'm sure my user acct is set to allow remote dialup. When I
    test my configuration on our local LAN, everything looks ok, as far as
    I can tell. I get authenticated, I can tell an IP address has been
    assigned, etc. However, when I try to connect from outside our
    firewall, the connection stalls at the "verfying username and
    password" stage. I get a timeout w/ error 721 and the message that the
    remote computer is not responding. The firewall is set to allow tcp
    1723 to the VPN server. I may not understand something basic about the
    way VPN works. The way I understand it, all traffic by the VPN client
    is tunneled thru 1723 to the VPN server, which passes it on to the
    network. The server also responds to traffic intended for the IP
    addresses it has assigned, and routes it thru to the clients that have
    established connections to it. However, it's like some traffic isn't
    going thru the tunnel, and is blocked by the firewall. Is there
    something I'm missing here? I'd appreciate any input as to how I can
    get this to work.
    dale b.

  2. Re: Help! W2K VPN configuration behind firewall

    Basic IPsecis udp 500. some packages like cisco unified client for pix and
    the vpn concentrators can do tcp too. But your average vpn is UDP500 only.

    "Michael Hart" wrote in message
    news:xnNPa.1745$wU5.595@news-server.bigpond.net.au...
    > For a PPTP VPN you also have to allow IP protocol 47 (GRE) through.
    >
    > For an IPSec network you need ports 50 and 500 (I think). One of them is
    > UDP I think. Someone please correct this in the event that I am wrong.
    >
    > A windows 2000 server behind a routing gateway (NAT) with an XP client has
    > special problems
    >
    > http://support.microsoft.com/?kbid=810839
    >
    > Michael
    >
    >
    > wrote in message
    > news:8nrtgv4jca98ndnoha2ol7nkeeo9uefi3n@4ax.com...
    > > I'm having a problem getting my VPN setup to work. I'm using the W2K
    > > VPN server and XP client. I have the server set up to assign a fixed
    > > range of ip addresses, I'm using PPTP, and I'm not using a RADIUS
    > > server. I'm sure my user acct is set to allow remote dialup. When I
    > > test my configuration on our local LAN, everything looks ok, as far as
    > > I can tell. I get authenticated, I can tell an IP address has been
    > > assigned, etc. However, when I try to connect from outside our
    > > firewall, the connection stalls at the "verfying username and
    > > password" stage. I get a timeout w/ error 721 and the message that the
    > > remote computer is not responding. The firewall is set to allow tcp
    > > 1723 to the VPN server. I may not understand something basic about the
    > > way VPN works. The way I understand it, all traffic by the VPN client
    > > is tunneled thru 1723 to the VPN server, which passes it on to the
    > > network. The server also responds to traffic intended for the IP
    > > addresses it has assigned, and routes it thru to the clients that have
    > > established connections to it. However, it's like some traffic isn't
    > > going thru the tunnel, and is blocked by the firewall. Is there
    > > something I'm missing here? I'd appreciate any input as to how I can
    > > get this to work.
    > > dale b.

    >
    >




+ Reply to Thread