Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

From PPTP to L2TP/IPsec using RRAS - How?

Status
Not open for further replies.
Fox1977

Fox1977

IS-IT--Management
Dec 6, 2001
98
GB
Hi folks,

I need a bit of help from all of the experts on here. I need to get a VPN setup for a teleworker that is going to be working from home. Managed to get so far but now a bit stuck.

Here's the setup:
Windows 2003 server running RRAS in our office, Draytek 2800 router. RRAS is setup and configured for PPTP access using port forwarding 1723 on the router to the server. This works fine and it is pretty stable.

I am trying to upgrade the VPN to L2TP/Ipsec in order to improve security. The teleworker is trying to access my network using a 3g modem from Switzerland and it looks like it is blocked. The provider says they support IPSEC (Does this sound about right? Any thoughts?). The idea is that i upgrade the VPN to ipsec.

How do i go about doing this? Is there something i can do in the RRAS just to simply switch it?

I have looked on the net and I'm struggling to find any detailed instructions. I know i need to install some kind of certificate services and get a certificate for the server. I then need to setup the port forwarding rules on the router. The stuff I have read then says then to try and connect and as windows xp will try Ipesec as the first protocol it should connect.

I also have a windows 2008 server in the office i could use for this. Is there any advantage in using this for the VPN over 2003?

Anyone help out with any instructions or tips? Am i going along the correct lines?

Thanks in advance.
 
Sort by date Sort by votes
Windows 2003 server running RRAS in our office, Draytek 2800 router. RRAS is setup and configured for PPTP access using port forwarding 1723 on the router to the server"
Assuming ports have to be NATted to pass to the server, for IPSec, TCP or UDP, you'll need IP protocol 50 (ESP), port 500, and port 10000. For Nat-T, you need port 4500 opened.

Burt
 
Upvote 0 Downvote
Are they tcp or udp on the firewall settings?

Thanks for the help
 
Upvote 0 Downvote
IPSEC can be tcp or udp---depends on how it's set up. If it's TCP, then it's port 10000 usually. NAT-T is tcp, as well as tcp 500.

Burt
 
Upvote 0 Downvote
Here's my port forwarding rules:

udp 500
tcp 4500
tcp 10000
udp 4500

all of these forward onto the internal RRAS server
 
Upvote 0 Downvote
Just working through the guide


Got to stage 10 and got a bit stuck. Doesn't seem to have this stage in 2003.

Ive skipped that and carried on stages 12 and 13 i have put the same IP address as the RRAS server but it is saying they cannot be the same. Anyone any ideas?

Ive also setup the above port forwarding rules.

In the port settings in RRAS i have also set it to allow 5 L2TP connections.

When i try and connect using L2TP now i am getting a 789 error.

Anyone any ideas? Really struggling with this (as you can see). Thanks
 
Upvote 0 Downvote
Hi
If you plan to use L2TP for autentication keep in mind that you need a Certificate, you must install a Certificate Autority so that it can issue a Certificate to the remote user, the Certificate Autority will act as a mediator between the VPN Server and the Remote client for validation and Autentication, now if this is to much of a problem you can always go with PPTP, hope this helps.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
278
sircles
sircles
F
  • Locked
  • Solved
some IP Phone not working over site-to-site OpenVPN, packets modified on other side of tunnel
Replies
1
Views
2K
FrankSider12
F
RogerRuntings
  • Locked
  • Question
VPN at Head Office to allow agents working from home to communicate (VOIP) with an external dialer
Replies
3
Views
493
iggsterman
iggsterman
Randy_F
  • Locked
  • Question
Need to connect to a VPN on startup... how to run a script that will automatically reconnect
Replies
0
Views
248
Randy_F
Randy_F
raist3001
  • Locked
  • Question
Creating an IPSEC VPN tunnel between 2 DLINK DSR-250 help
Replies
0
Views
118
raist3001
raist3001

Part and Inventory Search

Sponsor

Back
Top