Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Configuring a Win2k Server / VPN Connection 3

Status
Not open for further replies.
Feb 20, 2001
13
US
I'm hoping someone may be able to help.

I'm attempting to allow a few remote users to access their company server from home using cable modem connections through a VPN using Win2k Professional. They would be logging into a Win2k Server, which is behind a Linksys NAT router using a static DSL IP.

Windows 2000 Server configuration:
- Linksys 4 Port NAT Router (Ports 1723 & 47 are forwarded to the Win2k Server), router is acting as the DHCP server.
- 1 3com NIC.

My question:

1) In configuring the Routing & Remote Access Server, do I (a) use the remote access server option, or (b) use the VPN server option? I ask this, because if I use the VPN option, don't I need dual NIC's or is there a way to do it with one NIC? Or if I use the remote access option, how do I configure Win2k Server and Win2k Pro clients?

I hope this makes sense, but I am not able to make a solid connection. I'm able to get it to start the connection, verifying user name & password, and than it just sits, and then errors out with a Error 721: The remote computer is not responding.

Has anyone else experienced this or done a configuration for a similar scenario?

Thanks in advance for any advice or help.

Sincerely,

Mike Johnson
 
Hi Mike

I am in the same situation and was hoping that you've found the asnwer.

My VPN server is behind a firewall and I would like to keep it that way.

I would like to use NAT on my fire wall to make this happen.

Any idea's guys

Thanks!!
 
Hi Asunker,

I was able to get this to work.....what is your configuration?

Mike
 
Mike,
I have a similar situation behind a Sprint DSL Cellpipe 50A router with a static IP. Can you lay out the details on your working connection. Thanks.
 
i have the same problem. I set the ports up but it will not go any further than verifying username and password. I can get it to work if i use the dmz port and direct it towards the vpn server. However, i want to restrict as many ports as possible to keep a reasonably secure firewall.

when it finally timesout i get the message error 721.
 
The problem is that the Cellpipe 50A will not work with VPN.
If you have a Sprint DSL call in to your local Sprint rep and have them change out the cellpipe with a Static modem
PPPOE or a Zyzel 642R router. VPN will work with this equipment. Jeter@LasVegas.com
J.Fisher CCNA
 
Jeter,
I talked to Sprint about the Cellpipe and they said they were testing the Zyxel 642R. After the test they told me that they could establish a "one way" VPN. It could send but not receive. Any thoughts on this? Thanks.
 
Mike my entire network is behind a firewall (gnatbox). I want my VPN server aslo behind a firewall with 1 NIC. Please let me know what was you solution.

Thanks
 
I would like to know how to configure a cisco 1605-R router for remote access vpn to a lAN with an NT server. There is a software firewall in the LAN. Just a basic vpn config will do. Thanks

Kassav
 
Hi Fellas ... whats this hangup on using on 1 NIC ? Use two NICs ... I too am looking for a solution but I have my foundation right.

<DSL Router L1: 206.x.x.x L2: 192.168.10.1>
goes to
<VPN Server L1: 192.168.10.2 L2: 192.168.0.1>
goes to any client
<Client 192.168.0.x>

I am looking for a secure VPN solution. I realize that I will have to set a DMZ in the router and point it to the VPN server. However I am concerned about security etc. What are the various ways to make sure that the remote users are authenticated right (Smart card is not a solution since it needs a reader ... any USB solution ? )

Max
 
Alladin has a USB token (which contains a certificate) and works fine as 'smartcard'

---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------------------------------------------
Peter Van Eeckhoutte
peter.ve@pandora.be
*:->* Did this post help? Click below to let me know !
 
Hi Peter:

Can you tell me more ... is Alladin a VPN product ?

Thanks !!!

Max
 
Alladin is a USB 'token'.
A certificate can be written to the token very easy,
it is Windows 2000 compatible

You can use it to log on, to encrypt, to do VPN
You must enter a pin code to activate the smartcard (USB token) ---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------------------------------------------
Peter Van Eeckhoutte
peter.ve@pandora.be
*:->* Did this post help? Click below to let me know !
 
mikejohnson, did you ever find out if you had to have 2 nics or not. And all you did was forward those two ports to your server, you didn't have to set up a DMZ or anything?
 
you don't need 2 network cards,
you can forward ports from a router to the internal network card (just plain forwarding will work... but if you want it safer, you should create a DMZ and a dedicated firewall....)
---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------------------------------------------
Peter Van Eeckhoutte
peter.ve@pandora.be
*:->* Did this post help? Click below to let me know !
 
asunker,

It seems to me that I have the same problem that you and mikejohnson had. Do mind letting me in on your guy's secret remedy? It would be greatly appreciated.

french44@hotmail.com
 
Hi all ... I would like to know of any VPN hardware (< $2000) that will support the use of smartcards.

I read on review about:
Merilus Firecard Plus and about the eSoft InstaGate EX2 ... both of these are around $1500 but do not support Smart cards.

A lot of our guys go to client sites and log into our system. We are concerned that some kid at the client site will steal the login info. The smartcard requirement will prevent that.

Please help.
 
I have the same problem. I have a linksys router. The ip address is in the DMZ and ports 1723 and 47 are forwarded to it. It works if I use the address inside the LAN. The router is acting as a gateway.

It just times out with the 721 error.

cstoelb
 
Ok. What I did was as follows. I'm using only 1 NIC. I forwarded all perdinent ports on the firewall to the VPN Server which is on a static address. Then I turned off the DHCP at the router level, and then turned on DHCP & WINS at the Win2k Server level. Everything started working fine after that. I'm able to authenticate and map drives. Keep in mind though. The ideal way to set up a VPN is using a dedicated server and dual NIC's. I'm only setting it up this way because 1 user needs secure access.

Hope that helps.
 
great, well done guys
(including myself ;-) ) ---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------------------------------------------
Peter Van Eeckhoutte
peter.ve@pandora.be
*:->* Did this post help? Click below to let me know !
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top