External VPN Clients can't authenticate with Windows 2000 VPN Server.

  • Thread starter Thread starter JasonR
  • Start date Start date
J

JasonR

I am a VPN newbie so please point out all of my stupid mistakes so
that I may learn from them. I have a Windows 2000 Server with
SP4(with RRAS for VPN) sitting behind an ActionTec 1524 DSL
Modem\Gateway with Firmware 1.60.10.0.71(which means it now supports
GRE). I have 2 NICs in the Wi2k Server with 192.168.151.x private
network numbers. The DSL Modem port forwards UPD 500 and Protocol 47
GRE to one of the NICs(192.168.151.22), the other NIC(192.168.151.31)
is connected to the LAN. If I create an internal VPN connection using
192.168.100.22 as the VPN server address then I can connect without
any problems. The external users are a different story they have to
use the Modem address which for this example I will say is
68.10.10.10. I believe that the traffic is being passed to the
internal VPN NIC 192.168.151.22 but there is no response which is why
the clients receive the Error 800. We are using PPTP as our tunneling
protocol, I set it up on the server and the clients. How can I get
the VPN server to respond back through the tunnel? Is there a way I
can be sure that the VPN NIC is indeed receiving traffic? Do I need
to provide more information? Any help would be great and I thank
everybody in advance for that help.

Thank you
Jason
 
You need to make sure you have port forwarding on. On top of your Protocol
47 ( GRE ) and IKE ( UDP 500 ), you need to specify that ports TCP 1723 and
UDP 1701 are forwarded to 68.10.10.10. you can then use NetMon to verify
that the interface is receiving both PPTP and L2TP traffic from outside your
private LAN.
 
Thanks for the help Dusty, I can now log into the VPN server from an
external machine. The only problem now is that I can't see any of the
machines on the network. When I run an ipconfig I notice that the
subnet mask is 255.255.255.255 which I think is incorrect. It should
be 255.255.255.0 like the rest of the network. The VPN server will
assign this subnet mask if I have it set up for DHCP or if I create an
address pool. How can I change this to make it assign the correct
subnet mask?

thanks
 
The mask is fine. This is a point-to-point connection. Are you able to
ping other machines via IP Address? What IP is your client getting?
 
Back
Top