PPTP VPN through RRAS on Windows 2003

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

How do I configure RRAS to pass though PPTP traffic?
We have a Windows 2003 server that is acting as a Wireless Router. The test
network server TESTSERV1 is dual-homed with an IP of 192.168.1.3 and has an
on-board Wireless NIC (192.168.2.10) that connects to a DSL wireless router
(192.168.2.1) the default gateway is the wireless router. The wired network
clients are on 192.168.1.0 and go to TESTSERV1 (192.168.1.3) which routes
them to the DSL Router (192.168.2.1) to use our test DSL link.

This all works fine, except for PPTP. When we are testing our PPTP server,
clients with a 192.168.2.0 IP address (well, it's just one Wireless client)
can establish a PPTP session by going out over the DSL line, and in to our
main PPTP server which has a public IP. Our PPTP server works fine for all
remote clients, and we know that it is all working from that end - it's only
our test network that is not working.
The problem is that all clients who are on our test 192.168.1.0 network
cannot establish a PPTP session, because they are going through the RRAS on
the Windows 2003 server TESTSERV1 that has the Wireless card in it. They can
resolve the PPTP server address, but they cannot authenticate or register on
the remote network. All 192.168.1.0 clients can access the Internet through
the Wireless router and DSL link.

What do I need to configure on the Routing and Remote Access to be a
pass-though PPTP router, and not terminate the PPTP connection on itself? All
I can see in RRAS is how to make the RRAS server a PPTP server, but not how
to make it pass TCP/1725 traffic?

Thanks
 
ChristianWickham said:
What do I need to configure on the Routing and Remote Access to be a
pass-though PPTP router, and not terminate the PPTP connection on itself? All
I can see in RRAS is how to make the RRAS server a PPTP server, but not how
to make it pass TCP/1725 traffic?

I don't think it is possible. TCP/1725 isn't the problem, the problem is
GRE packets, aka Protocl 47,..note that is a protocol number not a port
number. "VPN Pass-through" is a specific function designed to handle
this,..I don't believe RRAS can do that in a Static-Nat or a 1-to-1-NAT
situation. But I am willing to be wrong about that.

However it will pass the stuff just fine in a Remote Access VPN situation if
the client making the call is behind the RRAS/NAT box the VPN Destination is
on the outside.
 
Back
Top