NT VPN Problems

[jcostanz]

I have setup a vpn on a nt server with a linksys dsl router.
I can make a vpn connection to the server from the lan that the server is on using the local address of the server.
The problem is that if I type the address of the dsl modem/router I get nothing.
I have already forwarded port 1723 to the server.
I have 2 nics in the server from the previous setup.

What should I do?
thanks

 

[Guest_imported]

I was having the same problems with the Linksys and the Win2k VPN. I could get it to work when I enabled the DMZ Host for the server, but didn't want to leave it like that. I finally talked to someone at linksys that was a little bit helpful and he had me do the following: Disable dhcp on the linksys, disable block WAN request on the Filters tab, Forward port 1723 to the vpn server, re-enable dhcp (if you are using it on the linksys). I can connect now, but can't use the regular unc name to browse, I have to use \\ipaddress\sharename and use the server ip address from the details tab of the vpn connection on the client. I hope this helps!

 

[Niall22]

Everyone that is having trouble browsing the network once connected to a VPN, are you using WINS servers? If your network has WINS servers make sure to enter them in your remote PC's TCP/IP properties. Try that out if you haven't already. Niall

 

[my2Cents]

It's my understanding that the linksys didn't handle GRE(generic routing encapsulation) packets in the past, hence the reason for pptp not working from the outside thru the linksys to the NT server, authentication never happens. They've upgraded the firmware to handle this situation. Here is an excerpt from

http://www.linksys.com

Microsoft uses IP Protocol 47 [GRE] for this secure tunnel. Provided that the PPTP Pass Through is set to Enable on the Router's Filters page and port 1723 is forwarded to the VPN Server, the Router will allow authentication and remote access into your network.

 

[Guest_imported]

Any luck with this config : port forward 1723(pptp) and gre(47). I have had the same 721 error as above with no resolve. Has anyone corrected this?

Thanks

 

[Guest_imported]

jimiz,
please read VPN-Migrane's post on Jan 29, 2002.
cheers.

 

[edman]

I have just installed the Linksys VPN Router and am attempting to setup a remote computer to a NT4.0 Server for VPN capabilities. I have setup IPSec and configured Tunnel 1. The connection is not working. Using DMZ works fine but I need to get 5 remote computers logged in at the same time. I have forwarded port 1723 to the server. Has anyone done this procedure who could assist? I would really appreciate this. Also the remote computers are going to be windows xp and windows 98 client boxes.

 

[brock02]

I'm working on the linksys vpn router now and going through all the steps for win2k and even tried on winXP and can never get the thing to connect always get there is no error, Linksys,surprise surprise, was of absolutely no help, tried telling me that win2k or xp could not connect, even though it was advertised on the box, but if anybody has any suggestions on what I'm missing, I'd appreciate, also tried setting port forwarding for our own bussiness and can't forward to NT server even with 1723 and dmz on. VPN's give me headaches.

 

[Guest_imported]

For those of you who are having browsing issues:
Are you running Win2K Server? if so, do you have DNS running?
(If you have AD installed then you are running DNS) , try to query your DNS, check if your VPN client got the right settings for your DNS server.
Do you have WINS ?
Is NetBIOS enabled?

Need help? Funraps@yahoo.com

 

[Guest_imported]

Hey guys you might wanna have a look at this for some ideas

http://infosecana.home.att.net/dumb_pptp_testing_tricks.htm

Good luck

 

[ALittleHelp]

I am having the same problem here as allot of people with the linksys routers, NT4 and a VPN. According to Microsoft, under the advanced IP addressing tab you need to enable PPTP filtering on the adapter before the VPN will work but in doing so you disable the server from LAN communication and requires a second NIC..Can anyone clarify this?

 

[jaknoll1]

I am trying to VPN into a NT 4.0 server running RRAS from a Windows 2000 workstation on a separate LAN and domain. I have not been able to get the VPN connection up and running from any workstation on the 2000 LAN. I can, however, get the VPN to work every time if I take the computer(s) off the
LAN, dial into my ISP, and start the VPN connection. Does anyone have any ideas as to what to do?

 

[Guest_imported]

Make sure you have turned on remote access administer on. check netstat as you attempt to log on to see if you are attempting to establish a connection. The problem is most likely the NT setup

 

[BlindJustice]

Okay, lets see. Where do we start. First, for the person that is using the Linksys BEFVP41 router. This model will only use IPSEC for VPN. That means you must use Win 2000, XP, or third party VPN software. If you use Win 2000 then you will have to click start run secpol.msc. This will pull up Local Security Settings. Right Click on IP Security Policies On Local Machines right, select create IP Security Policy. IP Security Policy wizard pops up, select next, Create a name for your Policy (Win2ktoLink). Well before I waste anyones time let me know if you need me to step you through the whole process. It is time consuming. You can also find the information on Linksys.com

As for the Linksys BEFSR41. I am using NT4.0 service pack 6a, RAS, PPTP, with Win 2000, Win 98 clients. Some users will log on by dialing up ISP then VPN through PACBELL DSL static IP's to BEFSR41 router using port forwarding. Some will use Pacbell DSL via BEFSR41 router to Pacbell DSL BEFSR41 router to the NT 4.0 server. Others will dial up directly to the NT 4.0 servers modem.

Problems
The first thing is to check your NT settings. Win 98 appears to be the simplest and easiest client to work with in this situation. 98 has less settings. If you are getting 721 errors etc. where you are not logging in. First of course check your connections (cables). Then in 98 my computer, dial up networking, make new connection, give your connection a name then pick the adapter, Microsoft vpn adapter if dialing out using DSL/cable or pick your modem if dialing out using your modem. Follow the wizard filling in the necessary information. When your finished you will see your icon in the dial up window. At that time right click on icon and select properties. Then put the destination IP address (try not to use hostname, this is for people that are using the vpn adapter). Now select the Server types tab. Remove the enable software compression check mark. We have found most of the time removing this fixes most of the problems with not being able to connecting your VPN.

Problem we are having
We can connect to the server. It provides us with an IP address from the server pool. RAS shows us connected but we cannot ping or access the server, folders or anything else. It appears to be a routing issue or wins, dns, etc. Anyones help would be apprecaited.

Thanks,

 

[Guest_imported]

Guys, lots of good stuff here. I too was having VPN problems - running win2K client and Win NT4.0 server, all with latest SPs. I could login etc (am forwarding GRE & PPTP on my router to my NT server), but couldn't browse or connect to shares. I can connect to shares now though, just used the server IP address instead of the logical name (192.168.1.20\sharename) this connected and let me browse the share over the net. Possibly this is as I'm only allowing TCP/IP and not NetBios? Anyway- I'm happy! Using a Zyxel single port router connected to ADSL and the client was connecting via a separate internet connection (ISDN).
All the best
Adam

 

[Guest_imported]

I am getting a vpn error -> Error 721 : The remote computer is not responding. I am baffled as it was working 3 weeks ago, and nothing has changed.

 

[ken0bi]

I'm having this same problem with win2k server pptp(verifying username and pass), but only on one computer. And even that one can connect every now and then. But i've tested it with win me/2k and two different isps but there is only this one xp computer that doesn't work. And according to the ISP they're not filtering any traffic. Any information on if this is a XP or ISP problem would be nice..
Since i'm able to connect from other places outside the lan i presume this is not a server configuration problem. And because both client and server uses same ISP i think it's not a ISP problem either.
The client has WinXP and it is using TeleWell USB adsl modem.

btw, using wrong login information will make the client ask for the correct one but after that it just hangs..

 

[ken0bi]

I'm having this same problem with win2k server pptp(verifying username and pass), but only on one computer. And even that one can connect every now and then. But i've tested it with win me/2k and two different isps but there is only this one xp computer that doesn't work. And according to the ISP they're not filtering any traffic. Any information on if this is a XP or ISP problem would be nice..
Since i'm able to connect from other places outside the lan i presume this is not a server configuration problem. And because both client and server uses same ISP i think it's not a ISP problem either.
The client has WinXP and it is using TeleWell USB adsl modem.

btw, using wrong login information will make the client ask for the correct one but after that it just hangs..

 

[Guest_imported]

same thing same setup as everyone else... tried everything... not working... HELP!

2nics
linksys router
can connect within but not from internet

 

[carlab]

I am having the same problem as some of the people posted above. I have an NT network with a netopia router (R5300 we have a fractional T1) where offices VPN in daily. 2 offices are running W2K where they have no router their end and we have that working. 2 offices have an NT backup server and a netopia router on a DSL and we can not get the VPN working, we get "error 629" each time.

Any suggestions?

Thanks

Carla

 

[ucallwa]

Authentication!
Just because you are validating on your companies VPN servers, does not mean you are validating on the domain.

Win9x works great, if you cancel past the network logon instead of hitting ok, or putting in a password and hitting ok, Win9x doesnt need to be added to the domain to have full functionality.

Win2000 and XP - These require your credentials to be fully cached to your local machine. Two ways you can do this, first boot up while connected to the LAN of your company, username password and domain, then when you go home you are still logging in the same way, even though you are off the LAN. Once you have your credentials cached you are good to go, connect with VPN and you can even reset your passwords while your connected and it will cache to your local machine, but if you have your it folks reset your password (like using usermanager or another utility) then you are screwed again. Another way to cache your credentials is if your company has a dial in, you can check mark the log in through dial up and go that route.

normal syptoms of not being fully authenticated is not being able to hit network resources like printers and drives, and depending on how your network is you may be able to hit a exchage server for your mail (after a password/domain prompt) and your intranet (constantly bugs you for domain/password/userid).
A awsome work around is to use citrix, if your company has a citrix server for you to use, you can download the client from

http://www.citrix.com.