From PPTP to L2TP/IPsec using RRAS - How?

[Guest Fox1977]

Hi folks,

 

I need a bit of help from all of the experts on here. I need to get a

VPN setup for a teleworker that is going to be working from home.

Managed to get so far but now a bit stuck.

 

Here's the setup:

Windows 2003 server running RRAS in our office, Draytek 2800 router.

RRAS is setup and configured for PPTP access using port forwarding

1723 on the router to the server. This works fine and it is pretty

stable.

 

I am trying to upgrade the VPN to L2TP/Ipsec in order to improve

security. The teleworker is trying to access my network using a 3g

modem from Switzerland and it looks like it is blocked. The provider

says they support IPSEC (Does this sound about right? Any

thoughts?). The idea is that i upgrade the VPN to ipsec.

 

How do i go about doing this? Is there something i can do in the RRAS

just to simply switch it?

 

I have looked on the net and I'm struggling to find any detailed

instructions. I know i need to install some kind of certificate

services and get a certificate for the server. I then need to setup

the port forwarding rules on the router. The stuff I have read then

says then to try and connect and as windows xp will try Ipesec as the

first protocol it should connect.

 

I also have a windows 2008 server in the office i could use for this.

Is there any advantage in using this for the VPN over 2003?

 

Anyone help out with any instructions or tips? Am i going along the

correct lines?

 

Thanks in advance.

[Guest SF]

Re: From PPTP to L2TP/IPsec using RRAS - How?

 

On Jun 28, 11:38 am, Fox1977 <fox...@gmail.com> wrote:

> Hi folks,

>

> I need a bit of help from all of the experts on here.

>

> I have looked on the net and I'm struggling to find any detailed

> instructions. I know i need to install some kind of certificate

> services and get a certificate for the server. I then need to setup

> the port forwarding rules on the router.

 

> Anyone help out with any instructions or tips? Am i going along the

> correct lines?

>

> Thanks in advance.

 

Have you seen this article from MS?

http://support.microsoft.com/kb/240262

[Guest Bill Grant]

Re: From PPTP to L2TP/IPsec using RRAS - How?

 

 

 

"SF" <solutionforge@gmail.com> wrote in message

news:fa6d8c9b-b96f-44c6-b778-a0c35c23451a@u6g2000prc.googlegroups.com...

> On Jun 28, 11:38 am, Fox1977 <fox...@gmail.com> wrote:

>> Hi folks,

>>

>> I need a bit of help from all of the experts on here.

>>

>> I have looked on the net and I'm struggling to find any detailed

>> instructions. I know i need to install some kind of certificate

>> services and get a certificate for the server. I then need to setup

>> the port forwarding rules on the router.

>

>

>> Anyone help out with any instructions or tips? Am i going along the

>> correct lines?

>>

>> Thanks in advance.

>

> Have you seen this article from MS?

> http://support.microsoft.com/kb/240262

 

Unless you already have a certificate server set up (and someone who knows

how to use it), I would stay with PPTP or used the preshared keys (as

described in the KB above).

[Guest Fox1977]

Re: From PPTP to L2TP/IPsec using RRAS - How?

 

On Jun 28, 10:11 pm, SF <solutionfo...@gmail.com> wrote:

Just had a look at that and followed the instructions. Slightly

different on 2003 but followed it as best as a I could. Could get it

working but at least i managed to get a L2TP error back when i tried

to connect. Can't get the error now.

 

I will post more info tomorrow.

 

I noticed the IPsec passphrase setting in RRAS. If i set this on its

own and put the passphrase in the client will that get me an Ipsec vpn

or do i need to set the ipsec policy up?

 

Thanks for the help, much appreciated

 

> On Jun 28, 11:38 am, Fox1977 <fox...@gmail.com> wrote:

 

>

> > Hi folks,

>

> > I need a bit of help from all of the experts on here.

>

> > I have looked on the net and I'm struggling to find any detailed

> > instructions.  I know i need to install some kind of certificate

> > services and get a certificate for the server.  I then need to setup

> > the port forwarding rules on the router.

> > Anyone help out with any instructions or tips?  Am i going along the

> > correct lines?

>

> > Thanks in advance.

>

> Have you seen this article from MS?http://support.microsoft.com/kb/240262

[Guest Fox1977]

Re: From PPTP to L2TP/IPsec using RRAS - How?

 

Just working through the guide

 

http://support.microsoft.com/kb/240262

 

Got to stage 10 and got a bit stuck. Doesn't seem to have this stage

in 2003.

 

Ive skipped that and carried on stages 12 and 13 i have put the same

IP address as the RRAS server but it is saying they cannot be the

same. Anyone any ideas?

 

Ive also setup ports 500 udp, 1000 udp and 4500 udp to forward to the

remote access server.

 

In the port settings in RRAS i have also set it to allow 5 L2TP

connections.

 

When i try and connect using L2TP now i am getting a 789 error.

 

Anyone any ideas? Really struggling with this. Thanks

[Guest Fox1977]

Re: From PPTP to L2TP/IPsec using RRAS - How?

 

Here's my port forwarding rules:

 

udp 500

tcp 4500

tcp 10000

udp 4500

 

all of these forward onto the internal RRAS server

[Guest SF]

Re: From PPTP to L2TP/IPsec using RRAS - How?

 

On Jul 1, 3:36 pm, Fox1977 <fox...@gmail.com> wrote:

> Here's my port forwarding rules:

>

> udp 500

> tcp 4500

> tcp 10000

> udp 4500

>

> all of these forward onto the internal RRAS server

 

Before trouble shooting your firewall rules, are you able to connect

to this server internally?

[Guest Fox1977]

Re: From PPTP to L2TP/IPsec using RRAS - How?

 

What ip should i try and connect to the RRAS? It has two local IP

addresses on the box as I use port forwarding on the router from the

public IP address. I will try and connect locally this morning.

 

Thanks

 

John

 

 

On Jul 2, 5:53 am, SF <solutionfo...@gmail.com> wrote:

> On Jul 1, 3:36 pm, Fox1977 <fox...@gmail.com> wrote:

>

> > Here's my port forwarding rules:

>

> > udp 500

> > tcp 4500

> > tcp 10000

> > udp 4500

>

> > all of these forward onto the internal RRAS server

>

> Before trouble shooting your firewall rules, are you able to connect

> to this server internally?

[Guest Bill Grant]

Re: From PPTP to L2TP/IPsec using RRAS - How?

 

Why does it have two addresses? A RRAS server only needs two NICs if it is

connected to the Internet. If is behind a router it only needs one.

 

"Fox1977" <foxj77@gmail.com> wrote in message

news:c4365812-ae5e-4502-827c-6903dde62e64@p25g2000hsf.googlegroups.com...

> What ip should i try and connect to the RRAS? It has two local IP

> addresses on the box as I use port forwarding on the router from the

> public IP address. I will try and connect locally this morning.

>

> Thanks

>

> John

>

>

> On Jul 2, 5:53 am, SF <solutionfo...@gmail.com> wrote:

>> On Jul 1, 3:36 pm, Fox1977 <fox...@gmail.com> wrote:

>>

>> > Here's my port forwarding rules:

>>

>> > udp 500

>> > tcp 4500

>> > tcp 10000

>> > udp 4500

>>

>> > all of these forward onto the internal RRAS server

>>

>> Before trouble shooting your firewall rules, are you able to connect

>> to this server internally?

>