W2k VPN and Dlink DSL-504 Router 1

[da644]

Hi Everyone.

I'm trying to setup a VPN using a W2K server and a DSL-504 Router. I have configured the W2K server and I have configured the router to port forward on TCP Port 1723. I have ticked the box in the router configuration to IP Masquerade Pass Through both IPsec and PPTP (I believe this actives the GRE IP Portocol 47). However, when I try to contact from a remote PC, e.g. my home PC, it never gets past the 'Verifying Username and Password' section. From a PC on the local LAN it connects ok. Anyone have any suggestion on what each configuration needs doing to the router. I have tried port forwarding extra tcp ports (1701, 4500, 500, etc... which I've seen talked about in other articles/discussion but this did not help.

Thanks.

Best Regards

Andrew.

 

[ChicagoTechNet]

what's the error code?

Robert Lin, MS-MVP, MCSE & CNE
Windows, Network, Internet, VPN, Routing and How to at

http://www.ms-mvps.com

 

[da644]

Hi.

It sits on the 'Verifying Username and Password' screen for about 20 - 30 seconds and then I get a dialog box with the following message:

=======================================================
Disconnected

Error 721: The remote computer did not response. For further assistance, click More Info or search Help and Support Center for this error number.
=======================================================

Best Regards

Andrew.

 

[ChicagoTechNet]

I find many people have the same problem with D-link DLS-504 router. I believe this is router issue. To confirm that, you may want to test your vpn server by using a LAN client to access the server VPN. If the LAN VPN works fine, focus on the router settings such as NAT/firewall. good luck!

Robert Lin, MS-MVP, MCSE & CNE
Windows, Network, Internet, VPN, Routing and How to at

http://www.ms-mvps.com

 

[da644]

Hi.

I can connect using a Lan client to access the VPN, so I guess it is a router issue. Can you suggest any settings I can try?

Best Regards

Andrew.

 

[da644]

Hi.

Got this working, sort of. I can now connect (set the LAN IP address of the server up as the DMZ IP address), but once connected I don't see the network under My Network Places > Entire Network > Microsoft Windows Network, like I was expecting. I can gain access to the server to which I connected using the IP address 192.168.1.1 (192.68.0.1 on the LAN). I assume it has the .1 instead of the .0 as I set the IP address range of the VPN to be 192.168.1.1 - 255. Do I need to set something else up on the server to allow me to see the other machines?

Best Regards

Andrew.

 

[da644]

Hi

Ok, after much fiddling I've managed to get it work, I think it was a conflict between my local network and the remote network that was causing the main problem. I have changed my local network to a different IP range as they where both original using the same range (192.168.0.1 - 255). However, although I can now access the network without problem, I still cannot see the domain under 'My Network Places'. If I got run and type \\machinename I get access to the machine (after entering username and password), but it would be better if I could see the entire network from 'My Network Places'. Any suggestions or is this not possible?

Best Regards

Andrew.

 

[ChicagoTechNet]

Thank you for posting back with the result. Now, it comes to the name resultion issue. this may help. quoted from

http://www.ms-mvps.com/

Unable to browse through PPTP/VPN connection
Symptoms: 1. If the WINS server is on the same computer as the PPTP/VPN server, and you attempt to connect to a computer using a PPTP/VPN client, you may experience following problem: 1) The NetBIOS name of the computer to which you are attempting to connect is not resolved. 2) You may receive an error message similar to the following error message: "System error 53 has occurred. The network path was not found" when using net view or opening Network Knighthood.
2. If the WINS server is not on the same computer as the PPTP server and you attempt to connect to a computer using a PPTP client, you may be able to connect to computers on your local area network (LAN), but you may be unable to connect to network shares or resources on the PPTP server.
Resolutions: Inability to browse often means the client can't resolve NetBIOS names.
1. If this is a workgroup network, enable NetBIOS over TCP/IP on the server and clients.
2. If this is domain network and the WINS server is on the same computer as the PPTP/VPN server, move the WINS server to a different computer.
3. Add the NetBEUI protocol for your PPTP tunnel instead of, or in addition to, TCP/IP.
4. By default, most routers and firewalls prevent the transmission of NetBIOS names unless you enable UDP ports 137 and 138 and TCP port 139. Try to enable UDP ports 137 and 138 and TCP port 139 across all routers and firewalls between the PPTP/VPN client and PPTP/VPN server.
5. Make sure the client has correct DNS, WINS and Master Browser settings.
6. Make sure the default gateway points to the remote network rather than to the ISP.
7. Some ISP might block ports required for NetBIOS name broadcasts.
8. If WINS address is not distributed upon connection to VPN, LMHOSTS should be configured to enable Domain to be located.
9. If you try these techniques and the client still can't browse, try to use UNC to connect to the remote resources by ip, for example, use the net use h: \\serverip\sharename command.


Robert Lin, MS-MVP, MCSE & CNE
Windows, Network, Internet, VPN, Routing and How to at

http://www.ms-mvps.com

 

[da644]

Hi.

Got it working by simply joining my home computer to the domain which is fine.

Thanks for your help.

Best Regards

Andrew.

 

[ChicagoTechNet]

you are welcome and thaks for the update.

Robert Lin, MS-MVP, MCSE & CNE
Windows, Network, Internet, VPN, Routing and How to at

http://www.ms-mvps.com