vpn and dsl-router

[Bjorn]

Hi guys

Following setup:
Router connected to hub-A, server connected to hub-A, the server has a
secondairy NIC, and secondairy NIC is connected to hub-B. hub-B is my
lan. My router is managed by my isp. I set up RRAS on my server so it
can accept vpn-connections. Server is a w2k.

The thing is, somehow it doesn't work. My isp manages the router so i
asked them to doublecheck and according to them everything is set up
fine on the router. I myself checked my server. I make a vpn with the
server when i directly connect to hub-A (from there the requests would
enter the network right ?) and it worked fine. So the server is
responding right ? But why isn't it working when i'm on the internet ?
Is there something i can check out ? Or do i have to get back at my
isp ?


Greetz,
Bjorn

 

[Pawan Agarwal \(MSFT\)]

Does your VPN server address have public ip address?
What is the error you get when you try to make VPN connection to your vpn
server from internet?

-Pawan

 

[Bjorn]

Error 800
Server is unreachable,... you know the rest i guess.

The router has a public ip address and the router forwards all traffic
to the ip address of that server. The configuration of the router is
done by my isp.

Greetz,
Bjorn

 

[Pawan Agarwal \(MSFT\)]

Yeah I expected that .
This seems to be routing issue (or name resolution issue if you are trying
to use name). You should ensure that the router default gateway for your RAS
Server.(which I think you will have already done) & make sure you are able
to ping from your client the public address of RAS Server (you might have to
open ICMP ports in the filters which will have been set if you will have
used the configuration wizard)

-Pawan

 

[Bjorn]

No name, i'm using the ip. Pinging the public ip gives me no result,
because i think my isp has enabled the firewall-function of the
router. Open icmp ports would be on the router right ? Well that's the
hard part. Router is managed by my isp and they are not really
listening to me when i say that something isn't right..

Greetz,
Bjorn

 

[Pawan Agarwal \(MSFT\)]

Ping may be disabled by VPN Server as well. When you configure RRAS VPN
Server using wizard and default configuration it puts filters to let just
VPN traffic through.
You can see that by trying to ping VPN server from client which is on the
same hub as the public address of VPN server. If ping fails that means that
you have filters.

Go to IP Routing --> General --><int name> --> properties --> Inbound &
outbound filters
There you will bunch of filters. You should open ports for icmp traffic
there.

try using tracert to see if ping is going atleast till your ISP.
& if your isp has enabled filters then are you sure they have not disabled
incoming vpn requests.

Try using Netmon tool on your public interface to see if you are recieving
PPP traffic from the client or not...

-Pawan

 

[Bjorn]

Hi,

I tried all these settings and nothing really worked. Ping was ok,
then i tried the portsettings and openend all the ports. And no
result. But i did discover another problem with this server. The
server is hit by a virus so we first have to resolve this mather and
my guess is, when this is ok the vpn will work

Greetz,
Bjorn


On Mon, 9 Feb 2004 21:26:39 +0530, "Pawan Agarwal \(MSFT\)"