VPN issues
First let me say thanks to clutch for helping me out on my last few threads. Appriciate it. Now that we have the network stable, we are trying to add in VPN. The VPN server is also a NAT router. Routing and Remote access closed off alot of ports, specifically the ports that Inet/Mail/FTP ran on.
First let me say thanks to clutch for helping me out on my last few threads. Appriciate it.
Now that we have the network stable, we are trying to add in VPN.
The VPN server is also a NAT router. Routing and Remote access closed off alot of ports, specifically the ports that Inet/Mail/FTP ran on. So I opened up all ports in R&RA.
I then gave my account remote access privs.
I tested the connection from the server (Creating a vpn connection from the server), and that worked, but I didn't put any faith in that test, since it was the server communicating with the server. I was hoping though, that if the firewall was misconfigured I would get an error. I didn't so I went home to test.
When I got home I got a "VPN Server is refusing connection". I assumed this was the work of WinRoute. So today we opened up the ports as suggested by MS (see below):
<I>If VPN traffic is traveling through a router or firewall, configure the router or firewall to pass PPTP (TCP Port 1723 and IP Protocol ID 47 [GRE - Generic Routing Encapsulation]) or L2TP over IPSec (UDP Port 500 and IP Protocol ID 50 [Encapsulating Security Payload]) traffic to and from the VPN server.</I>
The computer will not answer. I even tried disabling the Firewall/NAT software (WinRoute) and that got me no answer.
The Client machine is a Win ME box, with VPN adapter configured.
Any ideas fellas? Any other networking forum that deals with specifically this kind of problems that I could visit?
Thanks
Bo
Now that we have the network stable, we are trying to add in VPN.
The VPN server is also a NAT router. Routing and Remote access closed off alot of ports, specifically the ports that Inet/Mail/FTP ran on. So I opened up all ports in R&RA.
I then gave my account remote access privs.
I tested the connection from the server (Creating a vpn connection from the server), and that worked, but I didn't put any faith in that test, since it was the server communicating with the server. I was hoping though, that if the firewall was misconfigured I would get an error. I didn't so I went home to test.
When I got home I got a "VPN Server is refusing connection". I assumed this was the work of WinRoute. So today we opened up the ports as suggested by MS (see below):
<I>If VPN traffic is traveling through a router or firewall, configure the router or firewall to pass PPTP (TCP Port 1723 and IP Protocol ID 47 [GRE - Generic Routing Encapsulation]) or L2TP over IPSec (UDP Port 500 and IP Protocol ID 50 [Encapsulating Security Payload]) traffic to and from the VPN server.</I>
The computer will not answer. I even tried disabling the Firewall/NAT software (WinRoute) and that got me no answer.
The Client machine is a Win ME box, with VPN adapter configured.
Any ideas fellas? Any other networking forum that deals with specifically this kind of problems that I could visit?
Thanks
Bo
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
First off, NP
Second, I have *limited* exposure to this from a class that I went to. Now, if you are using IPSec, do you have the encryption keys set on the client? This may be a gross over simplification, but I believe that if you are using IPSec in any mode, you will at least need the keys set on client and server before you will get anything to work. In addition, do you know if Winroute will allow for IPSec to pass through? I know that the home Linksys routers will, but I have a PIX that will handle IPSec locally at work. Either way dictates where the key is entered. I hope this starts you out, but I am not entirely strong on this. If I see more info, I will throw it your way.
------------------
Regards,
clutch
Second, I have *limited* exposure to this from a class that I went to. Now, if you are using IPSec, do you have the encryption keys set on the client? This may be a gross over simplification, but I believe that if you are using IPSec in any mode, you will at least need the keys set on client and server before you will get anything to work. In addition, do you know if Winroute will allow for IPSec to pass through? I know that the home Linksys routers will, but I have a PIX that will handle IPSec locally at work. Either way dictates where the key is entered. I hope this starts you out, but I am not entirely strong on this. If I see more info, I will throw it your way.
------------------
Regards,
clutch
Update:
The problem was that certificate server was not installed. I didn't see that in any of the documentation I had on VPN. Nor did it say that you needed IIS installed. Gooo Sybex!
Anyhow once I did that connection was not refused, well in the same way. It took my login and password then spit out that "It could not connect, check server type and contact your ISP and/or Systems Administrator."
Tried re-installing RRAS, didn't work. Tried opening ports up on the firewall, didn't work. Tried shutting down the firewall, didn't work.
All outta ideas. I ordered a second dsl line that should be coming in soon. That will make it easier to test.
The problem was that certificate server was not installed. I didn't see that in any of the documentation I had on VPN. Nor did it say that you needed IIS installed. Gooo Sybex!
Anyhow once I did that connection was not refused, well in the same way. It took my login and password then spit out that "It could not connect, check server type and contact your ISP and/or Systems Administrator."
Tried re-installing RRAS, didn't work. Tried opening ports up on the firewall, didn't work. Tried shutting down the firewall, didn't work.
All outta ideas. I ordered a second dsl line that should be coming in soon. That will make it easier to test.