-
October 21st, 2006, 07:58 PM
#1
Senior Member
RDP over VPN nonfunctional after installing 2wire router.
SBC called the other day to 'sell' me something, and being that it was a saturday morning, and I was doing nothing but having coffee and watching the birds at the feeder, I decided to listen instead of giving them the "i'm too busy" routine.
They offered the new high speed 3mbs dsl connection for $24.95 a month. And would upgrade me from my 700k connection that I was paying $35 a month for and throw in a wireless router for only $45..
I accepted the offer...
Well, I installed the new 2wire 2701HG-b and everything setup fine except for my remote desktop connection from home to work....
I use Ipsec over cisco vpn to connect to the network (which does connect), but when I try to open Remote desktop to my computer, (xp pro on both ends) I get the "computer not accepting connections" error....
I switched everything back to my regulard DSL modem and things work ok.
So, I know it has to be something to do with the router.
I did go into the firewall in the router and enable port forwarding for the vpn ports, but that didnt work..
I also tried DMZ mode, and it wouldnt let my vpn connection connect.
I made sure the defalut ports for remote desktop were added.
As far as the other end, we're using a pix 515E firewall with vpn set to group authentication. Everything is default.
I have read other users on the web requesting help with the same issue, but everyone reccomends setting up port forwarding for port 3389. But that doesnt seem to help my situation.
I also ran across an article on how to edit the regsitry entryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber
to change the setting to decimal and then add the remote desktop listening port, but I didn't think this would help, so I didnt attempt it...
Can anyone make a reccomendation?
There are many rewarding oppurtunities awaiting composure from like minds and great ideas. It in my objective to interconnect great things.
-
October 21st, 2006, 08:06 PM
#2
Is there any access lists on you router that might be blocking port 3389?
----------------------------------------------------------------------------------------------------------
"If I'd asked my customers what they wanted, they'd have said a faster horse." ~ Henry Ford
-
October 21st, 2006, 08:24 PM
#3
Senior Member
I haven't found a place in the router config for setting up access lists.
on the router at work, we do have access lists setup,
I'm scanning the remote ip with nmap right now to see if I can find a service tied to port 3389
There are many rewarding oppurtunities awaiting composure from like minds and great ideas. It in my objective to interconnect great things.
-
October 21st, 2006, 09:04 PM
#4
What wan ip are you getting on your router? Is it a private ip?
If so, then your modem is also a router and has a firewall on it. I think they're calling them "residential gateways" now. It is then assigning you a private ip via DHCP. You will have to log into the modem and disable that firewall and do a static NAT to your router.
http://www.2wire.com/pages/pdfs/8.pdf
They do this so people don't have to buy additional hardware (routers/firewalls) and to help protect their network's hosts of being a victim of the next big worm. It's actually pretty smart of them. Just wish they would document it better.
I've had that problem a couple of times already with the new "modems" that verizon are giving out around us.
Last edited by phishphreek; October 21st, 2006 at 09:13 PM.
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
October 22nd, 2006, 02:22 PM
#5
A simple test would be to telnet to port 3389 from your PC and hit enter a few times to see if you're even making it to the remote host. To me, this sounds like you've missed something in the path like an ACL on their hardware. RDC is a simple TCP shot so it should be relatively easy to spot the issue.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
October 22nd, 2006, 02:56 PM
#6
One thought, are you able to connect to anything else internal while using your VPNClient and IPSEC? I have seen cases where it would connect but you wouldn't be able to do anything (for different reasons, but I have seen it, you can tell be looking at your tx/rx packets, they'll usually be zero)...Have you tried tunnelling over a tcp/udp port rather than using IPSEC? I've gotten around restrictions on IPSEC before by doing that...
I haven't used that model before, but many of the ones I have used in the past will have specific options in there (and treat differently) IPSEC and GRE tunnels...but will be completely disregard sessions over tcp/udp (and go back to just the default ACL rules)...so you might look around for that (or try the tunneling over tcp/udp).
Regardless, once the tunnel is established, it should not be necessary to enable any port forwarding for specific protocols (since they are being transported over the tunnel), outside of your PIX that is...(ie, I am specifically referencing your local router).
/neb
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
October 22nd, 2006, 03:12 PM
#7
DSL Path MTU
Did you say DSL? Do they use PPPoE?
I'll bet you 10 antipoints your problem is with the Path MTU.
My coworker had the same issue a couple weeks back: dsl line, cisco vpn, cheap router.
Cisco's vpn client runs it's own ip stack, and tries to do path mtu discovery. The mtu is configurable in the vpn client. Set it to something like 1492.
I guess diagnosed/debugged this when my coworker explaied his situation to me; I asked him to do some packet captures to be able put the finger on the precise culprit, but he hasn't had time to run those yet. Still, setting the MTU of the vpn client worked.
Give it a try.
Ammo
Credit travels up, blame travels down -- The Boss
-
October 22nd, 2006, 03:36 PM
#8
Senior Member
make sure your 2wire router ip address is on a different subnet from your work computer.
-
March 9th, 2007, 04:34 PM
#9
Junior Member
Originally Posted by fraggin
SBC called the other day to 'sell' me something, and being that it was a saturday morning, and I was doing nothing but having coffee and watching the birds at the feeder, I decided to listen instead of giving them the "i'm too busy" routine.
They offered the new high speed 3mbs dsl connection for $24.95 a month. And would upgrade me from my 700k connection that I was paying $35 a month for and throw in a wireless router for only $45..
I accepted the offer...
Well, I installed the new 2wire 2701HG-b and everything setup fine except for my remote desktop connection from home to work....
I use Ipsec over cisco vpn to connect to the network (which does connect), but when I try to open Remote desktop to my computer, (xp pro on both ends) I get the "computer not accepting connections" error....
I switched everything back to my regulard DSL modem and things work ok.
So, I know it has to be something to do with the router.
I did go into the firewall in the router and enable port forwarding for the vpn ports, but that didnt work..
I also tried DMZ mode, and it wouldnt let my vpn connection connect.
I made sure the defalut ports for remote desktop were added.
As far as the other end, we're using a pix 515E firewall with vpn set to group authentication. Everything is default.
I have read other users on the web requesting help with the same issue, but everyone reccomends setting up port forwarding for port 3389. But that doesnt seem to help my situation.
I also ran across an article on how to edit the regsitry entryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber
to change the setting to decimal and then add the remote desktop listening port, but I didn't think this would help, so I didnt attempt it...
Can anyone make a reccomendation?
I know that this is an old thread but I had an older 2wire 1800 series modem and had no problems connecting with Cisco client software. I had to switch to the 2701 series and can no longer connect. Were you able to come up with a solution?
Thanks
-
March 9th, 2007, 09:00 PM
#10
Junior Member
2Wire is gay like that, call them back and tell them you want a Versalink. :P
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|