VPN server behind router that performs NAT

  • Thread starter Egbert Nierop \(MVP for IIS\)
  • Start date
E

Egbert Nierop \(MVP for IIS\)

Hi,

Is it possible, to serve a VPN connection to external access through the
internet, while my router (a adsl router in fact) does not support to
'forward' IP protocol 47 (as the KB says)?
I only can port-forward port 1723 (I have a SiteCom modem)...

(The modem supports NAT/NAPT and dynamic NAPT)...
 
B

Bill Grant

You will not be able to use PPTP through a router which cannot handle GRE
(IP protocol 47). PPTP (tcp port 1723) only sets up and maintains the
tunnel. The actual encrypted data travels as the payload of packets with a
GRE headers.

If anything in the path (router, firewall etc) blocks GRE, the
connection will soon time out because no data is transferred.
 
E

Egbert Nierop \(MVP for IIS\)

Bill Grant said:
You will not be able to use PPTP through a router which cannot handle GRE
(IP protocol 47). PPTP (tcp port 1723) only sets up and maintains the
tunnel. The actual encrypted data travels as the payload of packets with a
GRE headers.

If anything in the path (router, firewall etc) blocks GRE, the
connection will soon time out because no data is transferred.
Click to expand...

Ok clear

If I enable 'bridge filtering' on that modem,
I have the following
forward destination mac:[my mac address of W2k server] MAC type: 002f
(hexedecimal for 47).
Would that do the trick?

Thanks...
 
B

Bill Grant

I doubt if that is what is required. GRE is a protocol, not a port. It
isn't forwarded, it is just allowed, permitted or enabled (depending on the
router manufacturer's terminology).Microsoft RRAS uses allow, Cisco uses
permit and so on.

Egbert Nierop (MVP for IIS) said:
Bill Grant said:
You will not be able to use PPTP through a router which cannot handle GRE
(IP protocol 47). PPTP (tcp port 1723) only sets up and maintains the
tunnel. The actual encrypted data travels as the payload of packets
Click to expand...
with
a
GRE headers.

If anything in the path (router, firewall etc) blocks GRE, the
connection will soon time out because no data is transferred.
Click to expand...

Ok clear

If I enable 'bridge filtering' on that modem,
I have the following
forward destination mac:[my mac address of W2k server] MAC type: 002f
(hexedecimal for 47).
Would that do the trick?

Thanks...
Click to expand...
 
E

Egbert Nierop \(MVP for IIS\)

Hi Bill,

I did not say that GRE was a port. I know about the types of protocols...
But my modem uses the terminlogie as stated (such as MAC type)... in a menu
called 'bridging'

I suspect that MAC type is the same as 'protocol'. What do you think?

Bill Grant said:
I doubt if that is what is required. GRE is a protocol, not a port. It
isn't forwarded, it is just allowed, permitted or enabled (depending on the
router manufacturer's terminology).Microsoft RRAS uses allow, Cisco uses
permit and so on.

Egbert Nierop (MVP for IIS) said:
Bill Grant said:
You will not be able to use PPTP through a router which cannot
Click to expand...
handle
GRE
(IP protocol 47). PPTP (tcp port 1723) only sets up and maintains the
tunnel. The actual encrypted data travels as the payload of packets
Click to expand...
with
a
GRE headers.

If anything in the path (router, firewall etc) blocks GRE, the
connection will soon time out because no data is transferred.
Click to expand...

Ok clear

If I enable 'bridge filtering' on that modem,
I have the following
forward destination mac:[my mac address of W2k server] MAC type: 002f
(hexedecimal for 47).
Would that do the trick?

Thanks...
Click to expand...
Click to expand...
 
B

Bill Grant

I don't think that has anything to do with it, to be frank. That all
sounds like forwarding details.

If you can't find anything about GRE by name or by IP protocol number,
look for things like PPTP pass-through or even VPN pass-through mode. They
all seem to be used by various manufacturers to describe allowing GRE.

Egbert Nierop (MVP for IIS) said:
Hi Bill,

I did not say that GRE was a port. I know about the types of protocols...
But my modem uses the terminlogie as stated (such as MAC type)... in a menu
called 'bridging'

I suspect that MAC type is the same as 'protocol'. What do you think?

Bill Grant said:
I doubt if that is what is required. GRE is a protocol, not a port. It
isn't forwarded, it is just allowed, permitted or enabled (depending on the
router manufacturer's terminology).Microsoft RRAS uses allow, Cisco uses
permit and so on.

You will not be able to use PPTP through a router which cannot handle
GRE
(IP protocol 47). PPTP (tcp port 1723) only sets up and maintains the
tunnel. The actual encrypted data travels as the payload of packets with
a
GRE headers.

If anything in the path (router, firewall etc) blocks GRE, the
connection will soon time out because no data is transferred.

Ok clear

If I enable 'bridge filtering' on that modem,
I have the following
forward destination mac:[my mac address of W2k server] MAC type: 002f
(hexedecimal for 47).
Would that do the trick?

Thanks...
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

VPN behind adsl router 4
cannot access VPN server behind the RRAS 3
Re: Running PPTP behind NAT router 2
How do I pass GRE/!P47 thru the NAT (for VPN)? 3
VPN incoming & outgoing connections 2
VPN not working through hardware NAT 7
configuring a wifi router to work with a DSL modem... 4
VPN on Windows Server 2003 behind a D-Link DI-524 Router 5

Top