VPN not working from outside lan

[aldi]

Hello guys,
I have a problem connecting to my VPN at work from home.
The VPN connection works fine from inside the LAN.
Maybe I'm not doing the right thing when trying from home.

The vpn server is running on w2k and it has the static ip: 10.0.0.7
The linksys router (BEFSR11) has an internal static address of 10.0.0.2 and an external static address 207.54.xxx.xxx

The settings on the advance page of the linksys router are:

Block WAP request = disable (the http server works fine
Multicast pass through = enable
IPSec Pass Through = enable
PPTP Pass Through = enable

The settings on the forwarding page of the linksys router are:

HTTP 80 TCP/ON UDP/OFF 10.0.0.7 ENABLED (works ok)
FTP 21 TCP/ON UDP/OFF 10.0.0.7 ENABLED (Works ok)
PPTP 1723 TCP/ON UDP/OFF 10.0.0.7 ENABLED
RDC 3389 TCP/ON UDP/OFF 10.0.0.7 ENABLED

When connecting from within the LAN I run the remote desktop connection (installed from xp disk to my win98)
then I enter the 10.0.0.7 to connect and it connects ok.

When trying to connect from home I first dial to my ISP then I run the Remote Desktop Connection and enter the public ip address 207.54.xxx.xxx but then it gives me the error: Could not connect to the remote server. try later.

Can you tell me please what is wrong here?

One thing that I thought to try was bypassing the router, but then how the connection is going to know which server to go?

I will appreciate your help very much,

Aldi

 

[jsentelle]

Have you tried making a VPN connection to the server and then running RDP? I do this all the time, and have no problems. You don't want port 3389 open to the whole world anyway, do you?

 

[aldi]

Hi jsentelle and thank you very much for responding!

I think I don't have things clear about VPN, because what I understand from what you say is that VPN is different from RDP is this correct? Could you please explain me or point me to where i can read about it.

The problem i have is that i cannot connect to the vpn server from outside the lan
Could you also tell me how to do a vpn connection?

Thanks in advance,

aldi

 

[Spirit]

Start at the beginning!

Can you ping 207.54.xxx.xxx?

Have you got the dial in permissions correct? Dial in access etc.

Do you have your sever accepting VPN connects?

What protocol is your server VPN using? And is this compatable and Configured on your laptop?

Are you running a firewall ifso have you got the correct ports open?

Further down the list you can get the better, let us know how you get on.

Iain

 

[jsentelle]

Yes aldi, the VPN connection and the remote desktop are two different things. You should troubleshoot them separately. I would first make sure you can connect to the VPN server from the outside. Is this 2000 Server? Give us some specifics as far as software and the steps you go through to make a successful connection on the inside, so we can have a clear idea of what's going on.............

 

[aldi]

Thank you spirit and thank you jsentelle,

Can you ping 207.54.xxx.xxx?
Yes i can ping the router at the server end

Have you got the dial in permissions correct? Dial in access etc.
Yes i have dial in permission to the PDC (winnt 4 server)

Do you have your sever accepting VPN connects?
How can i check this?

What protocol is your server VPN using? And is this compatable and Configured on your laptop?
Also please tell me how to check it.

Are you running a firewall ifso have you got the correct ports open?
We have a linksys befsr11 router with a nat firewall. it is connected to the outside (WAN) and connected to the inside with static ip (10.0.0.2) with the following settings

IPSec Pass Through = enable
PPTP Pass Through = enable

Also I'm forwarding the following protocols
(10.0.0.7 is the vpn server)

PPTP 1723 TCP/ON UDP/OFF 10.0.0.7 ENABLED
RDC 3389 TCP/ON UDP/OFF 10.0.0.7 ENABLED

jsentelle,

Yes the server is a win2k
I have a domain with a winnt 4.0 as the pdc.
The dial in permission is on the pdc.

Guys, how do i do a vpn connnection?

do i dial to my isp first and then run the vpn connection with the public ip 207.54.xxx.xxx?

the message i get at home is:

"You have been disconnected from the computer you dialed. Run the VPN connection and try again"

Apparently it connects and then it disconect right away.

Thank you guys and please help me to make my holidays.

aldi,

 

[N0ktar]

Is there a way to enable GRE Protocol 47? I know I had to add an access-list statement allowing GRE to flow on my PIX, not sure how you specify it on the linksys though. Maybe by using a proptocol number 47.

The Generic Route Encapsulation (GRE) protocol is used in conjunction with PPTP to create VPNs.

 

[aldi]

Thanks a lot NOktar,

The router has a forwarding page where i can enter the protocol # and the ip of the server to forward to.

Do this sounds right? Let me know please so i can add that entry to the router a give it a try.

Thanks again,

aldi

 

[N0ktar]

This should be it, try entering protocol number 47 and the IP address of your local VPN server.

 

[N0ktar]

More on GRE here:

http://support.microsoft.com/?kbid=241251

 

[aldi]

Thank you NOktar,

I'll add the entry to the router now and I'll try to connect later at home. I'll post an update on this tomorrow

Thanks for the link too

aldi

 

[jsentelle]

aldi,

NOktar is right, you must pass protocol 47 (GRE) through the firewall to the VPN server for authentication to take place. Also, I would look in the security logs on the PDC to see if the connection attempt is being seen by the server, or is just being dropped at the firewall. The disconnect message that Windows gives does not mean anything specific, only that the connection for some reason has been dropped.

Good Luck!!

 

[John Lewis]

Couple of things I've noticed in this thread. First, protocol 47 / GRE needs to be set for passthrough (PPTP passthrough), not to be forwarded. Forwarding the protocol can cause some problems. TCP port 1723 is the only thing that needs to be forwarded. An earlier post from the OP indicated that these settings were correct, but sounds like proto 47 may now be set to forward -- that needs to be changed back.

Next thing, I'm get the feeling that the VPN server has not been configured. Sounds like the server is W2K Server (not Pro), see

http://www.onecomputerguy.com/w2k/w2k_vpn/w2k_vpn.htm

Nice screen shots, and correct up to step 9, ignore the port forwarding and stick with what has been stated here -- forward TCP on port 1723 and enable PPTP passthrough.

"You have been disconnected from the computer you dialed. Run the VPN connection and try again"

Apparently it connects and then it disconect right away.

That message doesn't sound familiar. Maybe I've seen it and just didn't pay attention. There should be a 3 digit number kicked out with the error, assuming a Windows client -- what is it? How are you configuring the client, and what OS (including service packs) are you running there?

 

[Spirit]

I know this might sound daft, but if all else fails go into your VPN connection setup on the client and make sure the "Dial Another Network" (i.e. Your ISP) is not Checked.

Manually dial the internet then connect to the VPN. I know, tell me to shut up but sometimes its the silly little things that are easiest to miss!

Iain

 

[bierhunter]

Let's start with the basics.

Go to a command prompt and enter "ipconfig /all"

You should have two sets of information.

One for your internal NIC and one for your VPN virtual adapter.

You should have an IP address and gateway for each. Can you ping your VPN adapter's gateway? If you can, then you have a good connection to the VPN server.