Server 2003 VPN help needed
Results 1 to 6 of 6

Thread: Server 2003 VPN help needed

  1. #1
    Senior Member
    Join Date
    Jan 2004
    Posts
    228

    Server 2003 VPN help needed

    I wasn't sure where to put this post. It is an operating system question, but it is also security. Here is my issue. I'm trying to set up a VPN on Server 2003. The VPN will go through a Linksys router and the clients will be running XP Pro.

    I was looking all over the internet for good step by step directions on how to set up VPN with L2TP using IPSec as well as go over how clients connect.

    Physical issue:
    A friend of mine told me that VPN isn't possible with Linksys routers. Something about Cisco buying them out and disabling the feature in the IOS. I looked things up and found that the ports needed were, 25; 80; 123; 443 and 4125. I'm wondering if I can just port foward all of those to the Server and have it work?

    I could really use a lot of help on this one. Also, if someone knows of a great book, I might be able to run down to the book store to check it out.

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Unless they have changed it in a newer version of the firmaware there is PPTP and IPSec passthrough available on linksys routers. I can't confirm that from here because mine is a Netgear here. If you fiddle with that you might get it working though I have to admit I have never really researched what exactly they do.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    Not overly sure where you found that port list... but for IPSec you'll definately need UDP 500 open.

    25 = SMTP... only needed if you have a Mail Server
    80 = HTTP... Only needed if you have a Web Server
    123 = NTP (I Believe)... Only needed if you have a Time Server
    443 = HTTPS... Only needed if you're running HTTPS
    4125 = Never Heard of it.

    IPSec = UDP Port 500 (IKE) and Protocol 50 (ESP) (51 to for AH??? it'd been too long)

    You'll have to go into your Advanced Options --> Port Forwarding and Forward 500 (Check the UDP Box) to the server.... Then (to allow protocol 50) you'll hav to do as Tiger Shark mentioned and enable IPSec Passthrough.

    Also are you doing the new NAT Traversal VPN that 2003 offers (might make life easier for you to test with if you have friends that are behind a NAT firewall)... Then you'll also need port 4500 (UDP) open..

    If you are doing NAT-T then check out this tutorial http://www.isaserver.org/tutorials/natt2003.html

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  4. #4
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    I never had success with Linksys and vpn...so this may be an issue.

    As HT said ...I dont think you need all those ports open....going to look that up..... unless you want to make all those services public.

    Once a remote machine VPNs in...they recieve an internal address and then are able to connect to internal services such as mail, file sharing etc......so no need to make those services ..external...or available to the public.

    I have vpn working with out all those ports open. So the only ports you need to open are the ones for VPN and authentication....depending on pptp ot ipsec

    Users must have remote\mobile user access permissions on the server. Is this an SBS???

    What is the model of your linksys...and firmware version???

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  5. #5
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by morganlefay
    I never had success with Linksys and vpn...so this may be an issue.
    Hey Hey,

    While I've never had success with an IPSec VPN and a Linksys (prolly cuz I've never set it up).... I've got PPTP VPN running through our Linksys router here (The last time firmware was released for it was June 2001) and I've also got it running through my slightly newer (but not much) Linksys router at home... From behind either Router I can successfully connect to the VPN behind the opposite router... One is running on SBS 2000 and the other is server 2003 Enterprise..

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  6. #6
    Senior Member
    Join Date
    Jan 2004
    Posts
    228
    Thanks a lot guys. I got some older firmware for my router that enables VPN passthrough and port fowarded the ports that you all mentioned. I actually used my old 2000 Server book and followed its directions on how to set things up and it worked like a charm. I set up both PPTP and L2TP connections and I'm using IPSec for L2TP. A friend of mine was able to connect from Maui, I'm on Oahu right now, so I know it works correctly. I still have to deal with a name resolution issue I have now. He can access my network, but only with IP addresses. I'll try and set up a DHCP relay agent later today or tomorrow to deal with this. Not sure if it will make a difference though, but I'm still using the router to handle DHCP. I'll probably set up the Server as a DHCP Server as well so I can take advantage of DDNS.

    Thanks a lot for all the help.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •