How do I configure VPN Client behind various routers

[spikorama]

I travel for work and need access to the company computer. I have Win2K AS with a functioning RAS. I use the built in RAS Client in WinXP Pro. I am able to reach and use the Win2K resources when I use AOL to access the Internet.

Often times, I am in a client's office behind their firewall / router configuration and it prohibits me from gaining access to my server. I get Error 721:

Is there a way to configure the RAS Client to just use common ports that are open on most firewall / router configuration.

This is very frustrating and any help someone could give would be greatly appreciated.

Thanks in advance.

 

[John Lewis]

If you are using L2TP, this may be of interest

http://support.microsoft.com/default.aspx?scid=kb;en-us;818043

Otherwise, you should not need any ports opened, except that the firewall must be a 'stateful' firewall and existing and related connections must be allowed/forwarded in. Your outbound traffic, of course, must be allowed.

You do need protocols opened. Will depend upon which implementation you are using, but options such as pptp passthrough, ipsec passthrough must be enabled. Some (generally older) devices do not allow for this. Others may need a firmware upgrade.

At present, there is no way to change the ports used my the VPN connection. You're pretty much stuck with what is there.

 

[spikorama]

Hey mhkwood!

Thanks for the suggestion. I downloaded the update, installed it, I'm still getting the same results. I don't see anything different. The update information mentioned a 'plug-in' that monitors the state of the VPN. I didn't see any new choices or programs to run. I created a new VPN connection but it still performs like the last one.

My problem is that I never know what kind of a firewall / router I'm going to be behind when I'm working in the client's offices. Most of the time, they don't have a full time IT person so nobody knows anything about 'stateful' or passthrough.

I'm pretty sure my stuff on the other end is configured because I can get through to it on AOL when I'm in the hotel and often on the local area network in the client's building. It's just that in some offices, I must be behind some old klunker of a router or they have it shut down so tight, I'm not able to exchage info with my server properly.

Did I miss anything on the update? I just double clicked it, accepted the EUA.

Thanks again.

 

[Toddsmp]

Hey,
I just installed that update on two systems and after the install/reboot, you need to run mmc and add the IPSEC Monitor and IPSec Security policies. I think this is the functionality that was part of the update. Not sure it it would help, but I've been battling a FVS318 VPN, and there is a PDF out there that walks you through the use of this new plug-in. the url is

http://home.stny.rr.com/ranch/reference

Has some stuff relevent to the FVS318 Demon, but also the pdf that goes into great detail about the new mmc plug-ins.

Tek-tips member Darrenzo deserves the kudos on this document it helps alot, even if he's in England. (My wife is a Brit, so I'm allowed to bash)

IT Leads the way,
Todd

 

[spikorama]

Cool, I'll check it out. Right now I'm in a hotel using Wayport and have no problem using my VPN. I'll go into the client's office tomorrow and see if this helps out.