Trouble with VPN Connection...Please Help Me

[qdog007]

Hi all...Ok..long post...but please bear with me. Here's the deal: I am having problem setting up a VPN

connection using PPTP tunneling protocol.First of all, let me give you an overview of what my home network

setup looks like.

I have a Windows 2003 Server as a DC,DNS,and DHCP server. It has one NIC with a private IP

of 192.168.1.100. This NIC is connected to my Linksys Wireless Access Point(for WiFI connection around the

house). THe IP of the Linksys is 192.168.1.10. This WAP is connected to my VPN/NAT Server. The

VPN/NAT server is an old PC running WIndows 2003 Server with 2 NIC - one private and one public.

I have already setup VPN/NAT configuration for this machine in the Routing and Remote Access Console.

My VPN/NAT Server's public NIC is connected to a cable modem and it is getting a dynamic IP. I made

a note of this IP and it hasn't change a long time--might as well be static. This public IP

is 24.x.x.x

SO everything is fine as far as VPN Server connection is concern. Now on the Domain COntroller machine,

I create a user 'John Doe' and on his dial-in property, I check "ALLOW Acess" for remote login. So far so good.

Finally, I go to my laptop and create a VPN Client Connection using the wizard. I use the same

user's credential as before. The VPN Server IP is also configure correctly. Also

the authentication mode(MS-CHAPv2) and tunnel-type is the same as the VPN server.

Now the moment of truth, I use my dial-up modem to connect to the Internet and start up

my VPN connection. Error!! Oh no...."Remote computer not responding" I double check everything to

make sure the configuration matches...but still no connection.

Can someone please help?? If you need more info, I am more than willing to supply them. DO you see

any crucial steps that I am missing out here? Any kind of advice will be greatly appreciate.

Thank you!!

[cluberti]

I'm assuming that you're forwarding both the PPTP port (1723) and the GRE protocol to the server running RRAS? PPTP works OK with NAT, but you must connect to the public IP address of your cable modem, and the firewall/router/whatever on the network must be passing the PPTP packets to the destination device on the network, or it won't work.

[qdog007]

Hey..thanks for the response. My VPN/NAT server is connected to the cable modem and is also my firewall.

The Linksys used to be my NAT router, but now it simply serve as a Access Point between my VPN/NAT and Domain Controller machine. The setup is like this: DC---Linksys WAP--VPN/NAT Server--cable modem--Internet ISP.

On RRAS, my WAN/public Interface's properties seem to be pre-configured for VPN connection by default. On the "Service and Ports" tab, the following service to be provided to Internet users are checked:

IP Security(IKE NAT and IKE NAT Traversal), VPN Gateway(L2TP/IPSec), and VPN Gateway(PPTP). So I assume that my VPN Server is set to receive connection. Am I correct on this or do I need to configure more?

I check my public IP and it is 24.x.x.x and when I dial-up to the internet on my notebook, i can get to the internet using whatever public IP that ISP give me. But I still can't connect to my VPN server. ..can't connect to 24.x.x.x.

Why do you think the problem is? Is there anyway to find out if I am even able to reach my VPN server? Please..any advice is greatly appreciate. Thank you!!

Q

[cluberti]

On both the firewall and the Linksys WAP, are you forwarding port 1723 to the RRAS server?

[Arrow_Runner]

Here's part of your answer.

Instead of using your Public IP to VPN to, try connecting to the Private IP of your VPN server. I had to do this to determine that my router sucked and wouldn't forward the GRE traffic.

If you cannot connect to the private IP of your VPN server, then there must be something wrong in your configuration.

If you CAN connect to your private IP then you may have configured VPN on the wrong NIC.

I had this problem due to my router, which definitely won't be the cause for your problem.

Also, make sure that your DHCP address pool isn't all used up, that caused issues with my VPN server as well.

Good luck!

[qdog007]

Thanks Arrow...Thanks Club. I'll give both of your suggestions a try. Will be back to post update

[qdog007]

I still cannot get a VPN connection through my Public Interface. I have taken my network off the actual Internet and am configuring a home network environment. This is what my setup looks like. DC/DNS/DCHP computer (IP of 192.168.1.100) is connected to a hub which is then connected to my VPN's Private Interface (IP of 192.168.1.1). The VPN's Public Interface (static IP of 15.15.15.15) is connected to another hub which is then is connected to my VPN client (an XP machine configured with a static IP of 15.15.15.20). Obviously I am trying to simulate an Internet environment using the second hub. So again setup is: DC--hub--VPN--hub--vpn client.

On the VPN server, RRAS is configured for basic VPN parameters..using the Wizard. There is no NAT or any firewall to complicate the connection. It configure to use PPTP port only. The VPN client is set up using the VPN client connection wizard. The security parameter all matches with the VPN server(tunnel-type & authentication type). A vpn client account is created and given permission for remote access. When I try to connect to 15.15.15.15, I get an error code 800: vpn unreachable or security parameter is misconfigured. So I try to ping 15.15.15.15 and is able to do so on the XP machine.

The weird thing is that when I try to connect to 192.168.1.1 instead of 15.15.15.15, I was authenticated and got a VPN connection. So basically I can get a connection on the private interface but no the public interface. Can someone please explain what is going on here?? I pretty much set up my environment exactly as instructed in some of the tutorials, yet I still cannot connect. It doesn't make any sense to me. What am I missing here? Any advice is greatly appreciated. I really want this to work, but it is getting very frustrating. Thanks for reading.

Q

[qdog007]

Good News!! I am happy to report that I finally got the VPN client to connect to the public side of the VPN server. The problem was that ZoneAlarm Firewall was installed on the XP machine. It was preventing a connection to an IP of 15.15.15.15. To resolve this, I shutdown this firewall and got VPN connection. An alternative and probaby better solution is to configure ZoneAlarm's Firewall to 'trust' connection to 15.15.15.15.

Glad to resolve that issue. But that's only half the battle. Now, it's time to try this over the actual Internet. Hopefully, it will work without any problem. Thanks to all.

Q

[Arrow_Runner]

Cool, I'm glad to hear that was an easy fix, let us know how the rest goes.