Guest Fox1977 Posted June 28, 2008 Posted June 28, 2008 Hi folks, I need a bit of help from all of the experts on here. I need to get a VPN setup for a teleworker that is going to be working from home. Managed to get so far but now a bit stuck. Here's the setup: Windows 2003 server running RRAS in our office, Draytek 2800 router. RRAS is setup and configured for PPTP access using port forwarding 1723 on the router to the server. This works fine and it is pretty stable. I am trying to upgrade the VPN to L2TP/Ipsec in order to improve security. The teleworker is trying to access my network using a 3g modem from Switzerland and it looks like it is blocked. The provider says they support IPSEC (Does this sound about right? Any thoughts?). The idea is that i upgrade the VPN to ipsec. How do i go about doing this? Is there something i can do in the RRAS just to simply switch it? I have looked on the net and I'm struggling to find any detailed instructions. I know i need to install some kind of certificate services and get a certificate for the server. I then need to setup the port forwarding rules on the router. The stuff I have read then says then to try and connect and as windows xp will try Ipesec as the first protocol it should connect. I also have a windows 2008 server in the office i could use for this. Is there any advantage in using this for the VPN over 2003? Anyone help out with any instructions or tips? Am i going along the correct lines? Thanks in advance.
Guest SF Posted June 28, 2008 Posted June 28, 2008 Re: From PPTP to L2TP/IPsec using RRAS - How? On Jun 28, 11:38 am, Fox1977 <fox...@gmail.com> wrote: > Hi folks, > > I need a bit of help from all of the experts on here. > > I have looked on the net and I'm struggling to find any detailed > instructions. I know i need to install some kind of certificate > services and get a certificate for the server. I then need to setup > the port forwarding rules on the router. > Anyone help out with any instructions or tips? Am i going along the > correct lines? > > Thanks in advance. Have you seen this article from MS? http://support.microsoft.com/kb/240262
Guest Bill Grant Posted June 29, 2008 Posted June 29, 2008 Re: From PPTP to L2TP/IPsec using RRAS - How? "SF" <solutionforge@gmail.com> wrote in message news:fa6d8c9b-b96f-44c6-b778-a0c35c23451a@u6g2000prc.googlegroups.com... > On Jun 28, 11:38 am, Fox1977 <fox...@gmail.com> wrote: >> Hi folks, >> >> I need a bit of help from all of the experts on here. >> >> I have looked on the net and I'm struggling to find any detailed >> instructions. I know i need to install some kind of certificate >> services and get a certificate for the server. I then need to setup >> the port forwarding rules on the router. > > >> Anyone help out with any instructions or tips? Am i going along the >> correct lines? >> >> Thanks in advance. > > Have you seen this article from MS? > http://support.microsoft.com/kb/240262 Unless you already have a certificate server set up (and someone who knows how to use it), I would stay with PPTP or used the preshared keys (as described in the KB above).
Guest Fox1977 Posted June 30, 2008 Posted June 30, 2008 Re: From PPTP to L2TP/IPsec using RRAS - How? On Jun 28, 10:11 pm, SF <solutionfo...@gmail.com> wrote: Just had a look at that and followed the instructions. Slightly different on 2003 but followed it as best as a I could. Could get it working but at least i managed to get a L2TP error back when i tried to connect. Can't get the error now. I will post more info tomorrow. I noticed the IPsec passphrase setting in RRAS. If i set this on its own and put the passphrase in the client will that get me an Ipsec vpn or do i need to set the ipsec policy up? Thanks for the help, much appreciated > On Jun 28, 11:38 am, Fox1977 <fox...@gmail.com> wrote: > > > Hi folks, > > > I need a bit of help from all of the experts on here. > > > I have looked on the net and I'm struggling to find any detailed > > instructions. I know i need to install some kind of certificate > > services and get a certificate for the server. I then need to setup > > the port forwarding rules on the router. > > Anyone help out with any instructions or tips? Am i going along the > > correct lines? > > > Thanks in advance. > > Have you seen this article from MS?http://support.microsoft.com/kb/240262
Guest Fox1977 Posted July 1, 2008 Posted July 1, 2008 Re: From PPTP to L2TP/IPsec using RRAS - How? Just working through the guide http://support.microsoft.com/kb/240262 Got to stage 10 and got a bit stuck. Doesn't seem to have this stage in 2003. Ive skipped that and carried on stages 12 and 13 i have put the same IP address as the RRAS server but it is saying they cannot be the same. Anyone any ideas? Ive also setup ports 500 udp, 1000 udp and 4500 udp to forward to the remote access server. In the port settings in RRAS i have also set it to allow 5 L2TP connections. When i try and connect using L2TP now i am getting a 789 error. Anyone any ideas? Really struggling with this. Thanks
Guest Fox1977 Posted July 1, 2008 Posted July 1, 2008 Re: From PPTP to L2TP/IPsec using RRAS - How? Here's my port forwarding rules: udp 500 tcp 4500 tcp 10000 udp 4500 all of these forward onto the internal RRAS server
Guest SF Posted July 2, 2008 Posted July 2, 2008 Re: From PPTP to L2TP/IPsec using RRAS - How? On Jul 1, 3:36 pm, Fox1977 <fox...@gmail.com> wrote: > Here's my port forwarding rules: > > udp 500 > tcp 4500 > tcp 10000 > udp 4500 > > all of these forward onto the internal RRAS server Before trouble shooting your firewall rules, are you able to connect to this server internally?
Guest Fox1977 Posted July 2, 2008 Posted July 2, 2008 Re: From PPTP to L2TP/IPsec using RRAS - How? What ip should i try and connect to the RRAS? It has two local IP addresses on the box as I use port forwarding on the router from the public IP address. I will try and connect locally this morning. Thanks John On Jul 2, 5:53 am, SF <solutionfo...@gmail.com> wrote: > On Jul 1, 3:36 pm, Fox1977 <fox...@gmail.com> wrote: > > > Here's my port forwarding rules: > > > udp 500 > > tcp 4500 > > tcp 10000 > > udp 4500 > > > all of these forward onto the internal RRAS server > > Before trouble shooting your firewall rules, are you able to connect > to this server internally?
Guest Bill Grant Posted July 2, 2008 Posted July 2, 2008 Re: From PPTP to L2TP/IPsec using RRAS - How? Why does it have two addresses? A RRAS server only needs two NICs if it is connected to the Internet. If is behind a router it only needs one. "Fox1977" <foxj77@gmail.com> wrote in message news:c4365812-ae5e-4502-827c-6903dde62e64@p25g2000hsf.googlegroups.com... > What ip should i try and connect to the RRAS? It has two local IP > addresses on the box as I use port forwarding on the router from the > public IP address. I will try and connect locally this morning. > > Thanks > > John > > > On Jul 2, 5:53 am, SF <solutionfo...@gmail.com> wrote: >> On Jul 1, 3:36 pm, Fox1977 <fox...@gmail.com> wrote: >> >> > Here's my port forwarding rules: >> >> > udp 500 >> > tcp 4500 >> > tcp 10000 >> > udp 4500 >> >> > all of these forward onto the internal RRAS server >> >> Before trouble shooting your firewall rules, are you able to connect >> to this server internally? >
Recommended Posts