We are trying to get a PPTP VPN to a W2K VPN Server running using an II400 box in firewall/NAT mode only and it fails on authentication.
Our II400 config is this:
---------------------
dns add server xxx.xxx.xxx.6
dns add server xxx.xxx.xxx.7
dns suffix ourhome.com
name ourISP
time CST6CDT
filter eth2 allow tcp source xxx.xxx.xxx.197:1723 dest 192.168.10.28:1723
filter eth2 allow 47 source xxx.xxx.xxx.197 dest 192.168.10.28
ifconfig eth1 ipaddress 192.168.10.1 255.255.255.0
ifconfig eth2 ipaddress xxx.xxx.xxx.194 255.255.255.248
ifconfig eth2 xlate out
hostname eth2
ip forwarding on
nat add xxx.xxx.xxx.197:1723 192.168.10.28:1723 tcp
nat add xxx.xxx.xxx.197:47 192.168.10.28:47 ip
nat add xxx.xxx.xxx.195:80 192.168.10.4:80 tcp
nat add xxx.xxx.xxx.195:20 192.168.10.4:20 tcp
nat add xxx.xxx.xxx.195:21 192.168.10.4:21 tcp
route add default eth2 xxx.xxx.xxx.193
dnsproxyd start
identd start
snmpd start
socksd start
tcpserver
telnetd start
webproxy start
webserver start
----------------
xxx.xxx.xxx.193 is the Cisco 2600 router, in full pass-thru mode, at the ISP.
xxx.xxx.xxx.194 is the IP of the II400
xxx.xxx.xxx.195 is a working webserver we host
xxx.xxx.xxx.197 is the IP we allocated to connect to for the VPN.
192.168.10.28 is the W2K VPN server w/RRAS running.
I have added PPTP 1723 to Port Mappings in the II400.
The W2K server is set up A-OK as I can connect via VPN withing the network boundaries.
When I do the MS PPTPCLNT/PPTPSRV test, I connect on port 1723 but the GRE protocol is not passed. Likewise, I fail on MS error 721 when it tries to authenticate name and pswd using the VPN connection externally.
So, I think the II400 is not passing 47 (GRE) through. Have I got is set up correctly? Can it be used for this type of VPN PPTP tunnel using GRE??
Our II400 config is this:
---------------------
dns add server xxx.xxx.xxx.6
dns add server xxx.xxx.xxx.7
dns suffix ourhome.com
name ourISP
time CST6CDT
filter eth2 allow tcp source xxx.xxx.xxx.197:1723 dest 192.168.10.28:1723
filter eth2 allow 47 source xxx.xxx.xxx.197 dest 192.168.10.28
ifconfig eth1 ipaddress 192.168.10.1 255.255.255.0
ifconfig eth2 ipaddress xxx.xxx.xxx.194 255.255.255.248
ifconfig eth2 xlate out
hostname eth2
ip forwarding on
nat add xxx.xxx.xxx.197:1723 192.168.10.28:1723 tcp
nat add xxx.xxx.xxx.197:47 192.168.10.28:47 ip
nat add xxx.xxx.xxx.195:80 192.168.10.4:80 tcp
nat add xxx.xxx.xxx.195:20 192.168.10.4:20 tcp
nat add xxx.xxx.xxx.195:21 192.168.10.4:21 tcp
route add default eth2 xxx.xxx.xxx.193
dnsproxyd start
identd start
snmpd start
socksd start
tcpserver
telnetd start
webproxy start
webserver start
----------------
xxx.xxx.xxx.193 is the Cisco 2600 router, in full pass-thru mode, at the ISP.
xxx.xxx.xxx.194 is the IP of the II400
xxx.xxx.xxx.195 is a working webserver we host
xxx.xxx.xxx.197 is the IP we allocated to connect to for the VPN.
192.168.10.28 is the W2K VPN server w/RRAS running.
I have added PPTP 1723 to Port Mappings in the II400.
The W2K server is set up A-OK as I can connect via VPN withing the network boundaries.
When I do the MS PPTPCLNT/PPTPSRV test, I connect on port 1723 but the GRE protocol is not passed. Likewise, I fail on MS error 721 when it tries to authenticate name and pswd using the VPN connection externally.
So, I think the II400 is not passing 47 (GRE) through. Have I got is set up correctly? Can it be used for this type of VPN PPTP tunnel using GRE??
