VPN server won't authenticate users across the internet

[sgprice78]

I set up a VPN server on a Win2k server machine and can connect to it just fine from within the internal network or from another LAN that is connected with a linux router, but I can't login from over the internet. The client will connect but takes forever with verifying the username/password, then returns "Error 619: The specified port is not connected". There is a static NAT mapping on our perimeter router to the internal VPN server. I've tried opening tcp port 1723 and allowing GRE to pass through the router to the VPN server. That didn't work so I allowed all IP traffic destined for our vpn server to pass through (just for testing), it STILL gave me the same error. I can ping and connect to other services on the vpn server from over the internet just fine.
Do I have to set up anything special on the router in order for it to handle PPTP tunnels?
We are using a Cisco 2600 router with IOS version 12.1.

 

[sgprice78]

The client machines that I am using to test connectivity over the network are being NAT'ed as well. Does PPTP work if the client has a dynamically NAT'ed IP?

 

[peterve]

it should.. only L2TP/IPSec doesn't work well through NAT
are you using port mapping to connect to your WIN2K server (because the linux server is the router ?)
If so, I would advise you to install the Win2K server as NAT server... it would solve your problem immediately
I have not failed, I just found 10000 ways that don't work

Peter Van Eeckhoutte
peter.ve@pandora.be

Did this post help ? Click below to let me know ;-)

 

[sgprice78]

I'm doing a direct one to one IP mapping on our cisco router, then it passes through the Linux router which doesn't do any NAT mapping at all. The client machines that I'm using are being mapped with dynamic port mapping.