Topic: VPN from an XP box to a 6.0.1-01 server via a DLink DSL-504T

[dave_d]

There must be some networking guru out there that can help me here!

I need to be able to establish a VPN connection between an XP-SP2 box and an SME server that's situated behind a DLink DSL-504T.

I configured the SME server user(s) to allow VPN, and I configured the server to allow 2 PPTP Clients.

I configured the DSL-504T to allow PPTP rules for the server (a static IP address in the LAN).

I then tried to create the VPN on the XP box and everything got as far as 'Verifying Username and password'.  The next thing I see is an "Error 619: A connection to the remote computer could not be established.....".  I guess that I must have some port or another closed where it ought to be open - but I can't figure out which it should be!!!  Internet searches have proved equally unproductive.

Any help would be appreciated!

Regards,

Dave

[boss_hog]

Hi Dave,
if I remember correctly, in the router you need to open the inbound port, and forward to server IP for the XP machine to get inside the local network. I think the port is 1723.
Good Luck

[boss_hog]

Ooops,
sorry about the back to back posts! Did you test different authentication schemes?
Good Luck

[dave_d]

Thanks Boss_hog!

I'm off to do the setup and do further tests today - I'll keep this thread posted.

Regards,

Dave

[dave_d]

Well ..... for anyone that's interested it seems that the problem is that the DLink DSL-5004T does not handle the GRE protocol in the direction I require.  To that end it seems that the device is a 'no go' device for this application.

DLink technical support staff were polite but not very hopeful that a solution would be forthcoming.

In the meantime I need to find another router.  Any suggestions, anyone????

     

Regards

Dave

[policymap]

I use Cisco 837, works perfectly in this setup,
but of course its expensive  

Regards
vj

[boss_hog]

Hey dave_d
i just wanted to drop this link below to you. Does the "web admin" for your router look like the one shown in the link?? And did you try the same steps that are outlined at this link?
http://www.portforward.com/dlink/dsl504t-portforwarding.htm

I am only checking to make sure that something simple or noty so simple didn't get over looked.
Oh by the way, did the tech support people mention why port forwarding wasn't possible? Does your ISP use custom firmware on the DLink, that would restrict you from forwarding?
Good Luck

[policymap]

just like to add that I have used many D-Link DSL-504 (without T) in this setup also, but with this router you have to put sme in DMZ.

vj

[dave_d]

Thanks Policymap and Boss_Hog,

A).   DLink gave me the same advice - but putting the SME server in the DMZ seems to defeat the whole purpose of putting the server behind a firewall.  I suppose it's possible to set the SME server up to have the same protection as offered by the DSL-504T, but as I'm not SURE of the default security setup in server only mode I've rather shied away from this solution.  On the other hand I suppose it's the Windoze boxes that need the protection  

B).  Yes Boss_hog, that's the 'web admin' page.  The problem is not one of port forwarding but of protocol handling.  It seems that some of the messages passing between VPN server and client use the GRE protocol as opposed to TCP or UDP.  You'll see that the port forwarding administration only allows for either or both of TCP/UDP to be specified in the port forwarding rule.  Hence, when a message arrives on port 1723 with the GRE protocol this seems to get stopped - despite the fact that the inbuilt PPTP rule specifies both port 1723 AND the GRE protocol (the only place I've seem the protocol mentioned in the DSL-504T)

I've come across another problem with this setup too.  I allowed port forwarding of port 22 (UDP,TCP) so that I could use Putty to access the server when I got back to my office.  Full of confidence I fired up Putty, entered the IP address, got the logon prompt, entered the username, entered the password and got logged on.  However, I get no prompt - and then Putty dies with the message "Network error: software caused connection abort".  I manage several SME servers all of which I can reach using this method - but not this one!  (I use different modem/routers at the other locations - DSL-504's to be exact).  Has anyone seem this problem before? - and if so, what needs to be done to fix it?  The logged on process seems to be quite happy in the SME box, BTW, and so I guess it's another routing problem.

Regards,

Dave

[policymap]

sorry dídn't realize that you where running in Server-Only "mode". Never put the sme directly on the net (or in d-link dmz) with Server-Only.

vj