VPN with W2K client and XP Pro host

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

I am trying to set up a VPN with a W2K client dialling in via a modem
to a XP Pro host that is connected to the internet via a Solwise
SAR110 router.

I have set up VPN client and Incoming connections host on the
respective machines, with the user accounts properly set up, and using
TCP/IP. The router has been configured to allow TCP and GRE (protocol
47) on port 1723 - for the local IP address I have used the private IP
address of the NIC that is connected to the router, and the global IP
address is the static IP address assigned by my ISP.

However, when I try to connect from the W2K PC I get "Error 721 - the
remote computer is not responding". On the XP the connection icon (2
blue computers) flashes, but that is all.

The result is the same if the XP's firewall is on or off. Also, the XP
has Norton Internet Security, but I get the same result even after
turning Security off.

Any suggestions?
Thank you in advance.
Geoff Pigott
19 answers Last reply
More about client host
  1. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    if you figured out the problem, can u share the solution please

    "Geoff Pigott" wrote:

    > I am trying to set up a VPN with a W2K client dialling in via a modem
    > to a XP Pro host that is connected to the internet via a Solwise
    > SAR110 router.
    >
    > I have set up VPN client and Incoming connections host on the
    > respective machines, with the user accounts properly set up, and using
    > TCP/IP. The router has been configured to allow TCP and GRE (protocol
    > 47) on port 1723 - for the local IP address I have used the private IP
    > address of the NIC that is connected to the router, and the global IP
    > address is the static IP address assigned by my ISP.
    >
    > However, when I try to connect from the W2K PC I get "Error 721 - the
    > remote computer is not responding". On the XP the connection icon (2
    > blue computers) flashes, but that is all.
    >
    > The result is the same if the XP's firewall is on or off. Also, the XP
    > has Norton Internet Security, but I get the same result even after
    > turning Security off.
    >
    > Any suggestions?
    > Thank you in advance.
    > Geoff Pigott
    >
  2. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Type in "netstat -an" from the command line... Do you see an entry
    listening on TCP Port 1723?
    ---
    Jeffrey Randow (Windows Networking MVP)
    jeffreyr-support@remotenetworktechnology.com

    Please post all responses to the newsgroups for the benefit
    of all USENET users. Messages sent via email may or may not
    be answered depending on time availability....

    Remote Networking Technology Support Site -
    http://www.remotenetworktechnology.com
    Windows Network Technology Community -
    http://www.microsoft.com/windowsserver2003/community/centers/networking/default.mspx
    Windows Home Networking Community -
    http://www.microsoft.com/windowsxp/expertzone/communities/wireless.mspx

    On 15 Nov 2004 06:09:18 -0800, geoff@lybreeze.plus.com (Geoff Pigott)
    wrote:

    >I am trying to set up a VPN with a W2K client dialling in via a modem
    >to a XP Pro host that is connected to the internet via a Solwise
    >SAR110 router.
    >
    >I have set up VPN client and Incoming connections host on the
    >respective machines, with the user accounts properly set up, and using
    >TCP/IP. The router has been configured to allow TCP and GRE (protocol
    >47) on port 1723 - for the local IP address I have used the private IP
    >address of the NIC that is connected to the router, and the global IP
    >address is the static IP address assigned by my ISP.
    >
    >However, when I try to connect from the W2K PC I get "Error 721 - the
    >remote computer is not responding". On the XP the connection icon (2
    >blue computers) flashes, but that is all.
    >
    >The result is the same if the XP's firewall is on or off. Also, the XP
    >has Norton Internet Security, but I get the same result even after
    >turning Security off.
    >
    >Any suggestions?
    >Thank you in advance.
    >Geoff Pigott
  3. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    This is what I get when I type netstat -an on the XP Pro VPN Host :-

    C:\Documents and Settings\Geoff>netstat -an

    Active Connections

    Proto Local Address Foreign Address State
    TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:1723 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:1031 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:1035 0.0.0.0:0 LISTENING
    TCP 192.168.7.2:139 0.0.0.0:0 LISTENING
    UDP 0.0.0.0:445 *:*
    UDP 0.0.0.0:500 *:*
    UDP 0.0.0.0:1036 *:*
    UDP 0.0.0.0:1701 *:*
    UDP 0.0.0.0:4500 *:*
    UDP 127.0.0.1:123 *:*
    UDP 127.0.0.1:1029 *:*
    UDP 127.0.0.1:1030 *:*
    UDP 127.0.0.1:1900 *:*
    UDP 192.168.7.2:123 *:*
    UDP 192.168.7.2:137 *:*
    UDP 192.168.7.2:138 *:*
    UDP 192.168.7.2:1900 *:*

    Does this tell you anything?
    Thanks for replying.
    Geoff


    Sara22 <Sara22@discussions.microsoft.com> wrote in message news:<E6D37004-2F98-4B18-88C4-ED0486F7532E@microsoft.com>...
    > if you figured out the problem, can u share the solution please
    >
    > "Geoff Pigott" wrote:
    >
    > > I am trying to set up a VPN with a W2K client dialling in via a modem
    > > to a XP Pro host that is connected to the internet via a Solwise
    > > SAR110 router.
    > >
    > > I have set up VPN client and Incoming connections host on the
    > > respective machines, with the user accounts properly set up, and using
    > > TCP/IP. The router has been configured to allow TCP and GRE (protocol
    > > 47) on port 1723 - for the local IP address I have used the private IP
    > > address of the NIC that is connected to the router, and the global IP
    > > address is the static IP address assigned by my ISP.
    > >
    > > However, when I try to connect from the W2K PC I get "Error 721 - the
    > > remote computer is not responding". On the XP the connection icon (2
    > > blue computers) flashes, but that is all.
    > >
    > > The result is the same if the XP's firewall is on or off. Also, the XP
    > > has Norton Internet Security, but I get the same result even after
    > > turning Security off.
    > >
    > > Any suggestions?
    > > Thank you in advance.
    > > Geoff Pigott
    > >
  4. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Geoff Pigott <geoff@lybreeze.plus.com> wrote:

    > This is what I get when I type netstat -an on the XP Pro VPN Host :-
    >
    > Does this tell you anything?

    It tells us that this PC has both PPTP and L2TP VPN servers waiting for
    incoming connections, but there are no incoming connections.

    >>> The router has been configured to allow TCP and GRE
    >>> (protocol 47) on port 1723 - for the local IP address I have used
    >>> the private IP address of the NIC that is connected to the router,

    Does your router actually support PPTP pass-through? (for the GRE protocol).

    What brand and model is the router?

    --
    Robin Walker
    rdhw@cam.ac.uk
  5. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    That is a good question, because I have searched in the router's
    configuration for the PPTP Passthrough, to no avail - probably because
    I don't know what ports/protocols/interfaces etc. it might be
    masquerading as!

    The router is a Solwise SAR110, which overall I am very pleased with -
    fairly easy to configure, and copious help pages.

    Do you know what I should be looking for re PPTP Passthrough?

    Thank you for your help.
    Geoff Pigott


    "Robin Walker" <rdhw@cam.ac.uk> wrote in message news:<cndahf$i2e$1@gemini.csx.cam.ac.uk>...
    > Geoff Pigott <geoff@lybreeze.plus.com> wrote:
    >
    > > This is what I get when I type netstat -an on the XP Pro VPN Host :-
    > >
    > > Does this tell you anything?
    >
    > It tells us that this PC has both PPTP and L2TP VPN servers waiting for
    > incoming connections, but there are no incoming connections.
    >
    > >>> The router has been configured to allow TCP and GRE
    > >>> (protocol 47) on port 1723 - for the local IP address I have used
    > >>> the private IP address of the NIC that is connected to the router,
    >
    > Does your router actually support PPTP pass-through? (for the GRE protocol).
    >
    > What brand and model is the router?
  6. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    I would...

    Look at the section starting on page 63, which deals with NAT, in the Quick Start Guide...

    http://www.solwise.co.uk/downloads/adsl.htm

    Apparently you can manually add a Protocol number in the Protocol field. See page 72 to start the
    process.

    Otherwise you might post to the Solwise support forums...

    http://www.solwiseforum.co.uk/

    Its very possible, as Robin mentioned, the device does not support PPTP VPN at all inbound...

    --
    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no rights...

    "Geoff Pigott" <geoff@lybreeze.plus.com> wrote in message
    news:12ffcbc4.0411170352.2637b51a@posting.google.com...
    > That is a good question, because I have searched in the router's
    > configuration for the PPTP Passthrough, to no avail - probably because
    > I don't know what ports/protocols/interfaces etc. it might be
    > masquerading as!
    >
    > The router is a Solwise SAR110, which overall I am very pleased with -
    > fairly easy to configure, and copious help pages.
    >
    > Do you know what I should be looking for re PPTP Passthrough?
    >
    > Thank you for your help.
    > Geoff Pigott
    >
    >
    > "Robin Walker" <rdhw@cam.ac.uk> wrote in message news:<cndahf$i2e$1@gemini.csx.cam.ac.uk>...
    >> Geoff Pigott <geoff@lybreeze.plus.com> wrote:
    >>
    >> > This is what I get when I type netstat -an on the XP Pro VPN Host :-
    >> >
    >> > Does this tell you anything?
    >>
    >> It tells us that this PC has both PPTP and L2TP VPN servers waiting for
    >> incoming connections, but there are no incoming connections.
    >>
    >> >>> The router has been configured to allow TCP and GRE
    >> >>> (protocol 47) on port 1723 - for the local IP address I have used
    >> >>> the private IP address of the NIC that is connected to the router,
    >>
    >> Does your router actually support PPTP pass-through? (for the GRE protocol).
    >>
    >> What brand and model is the router?
  7. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Geoff Pigott <geoff@lybreeze.plus.com> wrote:

    > That is a good question, because I have searched in the router's
    > configuration for the PPTP Passthrough, to no avail - probably because
    > I don't know what ports/protocols/interfaces etc. it might be
    > masquerading as!
    >
    > The router is a Solwise SAR110, which overall I am very pleased with -
    > fairly easy to configure, and copious help pages.
    >
    > Do you know what I should be looking for re PPTP Passthrough?

    I am not familar with this model of router. If its configuration does not
    explicitly support PPTP, then the possibnility is that you will not be able
    to use PPTP through it. PPTP does not use TCP or UDP ports, so normal
    port-forwarding will not work. PPTP uses a special IP protocol called GRE,
    which requires special custom treatment in a NAT router.

    --
    Robin Walker
    rdhw@cam.ac.uk
  8. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    I looked in the SetUp guide for the SAR110, but find very little
    relating to PPPTP Passthrough.
    So I phoned Solwise Tech.Support who were helpful - they said that the
    SAR110 does support PPTP Passthrough - you need to set up the GRE
    protocol on port 1723.
    However, they feel that the global ip address should be 0.0.0.0,
    whereas I had entered the static ip address assigned by PlusNet. Even
    so, regardless of which IP address I enter, I still get "Error 721 -
    the remote computer is not responding". The connection icon on the XP
    server's taskbar flashes during the connection attempt, so something
    is getting through.

    The GRE NAT Rule in the router is as follows :-
    Rule flavor RDR
    Interface name ppp-0
    Protocol GRE
    Local address from 192.168.7.2
    Local address to 192.168.7.2
    Global address from 0.0.0.0 (or 84.92.64.155)
    Global address to 0.0.0.0 (or 84.92.64.155)
    Destination port from 1723
    Destination port to 1723
    Local port 1723

    I will also post this on the Solwise forum, but if I can't solve this
    problem, can anyone recommend a reasonably priced router that does
    support PPPTP Passthrough on incoming traffic?

    I am grateful for your help.
    Geoff Pigott


    "Sooner Al" <SoonerAl@somewhere.net.invalid> wrote in message news:<O#XyWdKzEHA.3360@TK2MSFTNGP10.phx.gbl>...
    > I would...
    >
    > Look at the section starting on page 63, which deals with NAT, in the Quick Start Guide...
    >
    > http://www.solwise.co.uk/downloads/adsl.htm
    >
    > Apparently you can manually add a Protocol number in the Protocol field. See page 72 to start the
    > process.
    >
    > Otherwise you might post to the Solwise support forums...
    >
    > http://www.solwiseforum.co.uk/
    >
    > Its very possible, as Robin mentioned, the device does not support PPTP VPN at all inbound...
    >
    > --
    > Al Jarvi (MS-MVP Windows Networking)
    >
    > Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
    > The MS-MVP Program - http://mvp.support.microsoft.com
    > This posting is provided "AS IS" with no warranties, and confers no rights...
    >
    > "Geoff Pigott" <geoff@lybreeze.plus.com> wrote in message
    > news:12ffcbc4.0411170352.2637b51a@posting.google.com...
    > > That is a good question, because I have searched in the router's
    > > configuration for the PPTP Passthrough, to no avail - probably because
    > > I don't know what ports/protocols/interfaces etc. it might be
    > > masquerading as!
    > >
    > > The router is a Solwise SAR110, which overall I am very pleased with -
    > > fairly easy to configure, and copious help pages.
    > >
    > > Do you know what I should be looking for re PPTP Passthrough?
    > >
    > > Thank you for your help.
    > > Geoff Pigott
    > >
    > >
    > > "Robin Walker" <rdhw@cam.ac.uk> wrote in message news:<cndahf$i2e$1@gemini.csx.cam.ac.uk>...
    > >> Geoff Pigott <geoff@lybreeze.plus.com> wrote:
    > >>
    > >> > This is what I get when I type netstat -an on the XP Pro VPN Host :-
    > >> >
    > >> > Does this tell you anything?
    > >>
    > >> It tells us that this PC has both PPTP and L2TP VPN servers waiting for
    > >> incoming connections, but there are no incoming connections.
    > >>
    > >> >>> The router has been configured to allow TCP and GRE
    > >> >>> (protocol 47) on port 1723 - for the local IP address I have used
    > >> >>> the private IP address of the NIC that is connected to the router,
    > >>
    > >> Does your router actually support PPTP pass-through? (for the GRE protocol).
    > >>
    > >> What brand and model is the router?
  9. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Geoff Pigott <geoff@lybreeze.plus.com> wrote:

    > So I phoned Solwise Tech.Support who were helpful - they said that the
    > SAR110 does support PPTP Passthrough - you need to set up the GRE
    > protocol on port 1723.

    This does not make sense. GRE does not have ports: only TCP and UDP
    protocols have ports. GRE is IP protocol number 47.
    You need to port-forward both:
    a) TCP port 1723 (for PPTP)
    b) GRE, which is IP protocol number 47.
    They will be separate NAT rules: you will need two rules in all.

    > The GRE NAT Rule in the router is as follows :-
    > Rule flavor RDR
    > Interface name ppp-0
    > Protocol GRE
    > Local address from 192.168.7.2
    > Local address to 192.168.7.2
    > Global address from 0.0.0.0 (or 84.92.64.155)
    > Global address to 0.0.0.0 (or 84.92.64.155)
    > Destination port from 1723
    > Destination port to 1723
    > Local port 1723

    There is something wrong here. GRE does not have ports. This appears to be
    a configuration for TCP port 1723 (PPTP). How did you get the text "GRE"
    into the field called Protocol? Was it already there as an option, or is it
    something you have typed in?

    To forward GRE, you must set the Protocol field to 47, unless the text "GRE"
    was pre-defined to mean 47. The "ports" fields are meaningless for protocol
    47, so they should not really be there.

    --
    Robin Walker
    rdhw@cam.ac.uk
  10. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    To add the GRE Rule I clicked "Add a NAT Rule", then in the Protocol
    field I selected no. 47 from a listbox which contains ANY, TCP, UDP,
    ICMP then nos. 1 to 255. Once the Rule has been saved, the Protocol
    is then shown as "GRE".

    I now have the 2 NAT Rules set-up in the router as you suggested, one
    for TCP on Port 1723, with my XP machine's IP address as the Local IP
    address, and my external static IP address as the Global IP address.
    The second NAT Rule is GRE, where the only non-default entry is the
    Local IP address (192.168.7.2). The Global IP address range is 0.0.0.0
    to 0.0.0.0 and the ports range is 0 to 65535

    However, I am still getting "Error 721 - remote computer is not
    responding", even though as soon as I try to connect from the VPN
    client, the connection icon on the VPN host flashes (so it is
    detecting something!).

    I would like to crack this problem, but I am aware that I may need to
    seek a different router.

    Everything on the PC side is in order - the workgroup name is the
    same, the local IP addresses are both in the range 192.168.7.* (but
    not the same!), the subnets are 255.255.255.0, the user is defined on
    both machines with the same password, the client is trying to connect
    to the correct static IP address, and the VPN client/host wizards have
    been run (several times!) on the respective machines.

    Again, many thanks for your help.
    Geoff Pigott

    "Robin Walker" <rdhw@cam.ac.uk> wrote in message news:<cni6gf$dl8$1@gemini.csx.cam.ac.uk>...
    > Geoff Pigott <geoff@lybreeze.plus.com> wrote:
    >
    > > So I phoned Solwise Tech.Support who were helpful - they said that the
    > > SAR110 does support PPTP Passthrough - you need to set up the GRE
    > > protocol on port 1723.
    >
    > This does not make sense. GRE does not have ports: only TCP and UDP
    > protocols have ports. GRE is IP protocol number 47.
    > You need to port-forward both:
    > a) TCP port 1723 (for PPTP)
    > b) GRE, which is IP protocol number 47.
    > They will be separate NAT rules: you will need two rules in all.
    >
    > > The GRE NAT Rule in the router is as follows :-
    > > Rule flavor RDR
    > > Interface name ppp-0
    > > Protocol GRE
    > > Local address from 192.168.7.2
    > > Local address to 192.168.7.2
    > > Global address from 0.0.0.0 (or 84.92.64.155)
    > > Global address to 0.0.0.0 (or 84.92.64.155)
    > > Destination port from 1723
    > > Destination port to 1723
    > > Local port 1723
    >
    > There is something wrong here. GRE does not have ports. This appears to be
    > a configuration for TCP port 1723 (PPTP). How did you get the text "GRE"
    > into the field called Protocol? Was it already there as an option, or is it
    > something you have typed in?
    >
    > To forward GRE, you must set the Protocol field to 47, unless the text "GRE"
    > was pre-defined to mean 47. The "ports" fields are meaningless for protocol
    > 47, so they should not really be there.
  11. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Make two seperate rules.. One like the one you show below, but with
    TCP instead of GRE. Then make a second rule that has IP Protocol 47,
    but leave the Destination and Local Ports blank (or 0 if it won't take
    it).
    ---
    Jeffrey Randow (Windows Networking MVP)
    jeffreyr-support@remotenetworktechnology.com

    Please post all responses to the newsgroups for the benefit
    of all USENET users. Messages sent via email may or may not
    be answered depending on time availability....

    Remote Networking Technology Support Site -
    http://www.remotenetworktechnology.com
    Windows Network Technology Community -
    http://www.microsoft.com/windowsserver2003/community/centers/networking/default.mspx
    Windows Home Networking Community -
    http://www.microsoft.com/windowsxp/expertzone/communities/wireless.mspx

    On 18 Nov 2004 04:45:26 -0800, geoff@lybreeze.plus.com (Geoff Pigott)
    wrote:

    >I looked in the SetUp guide for the SAR110, but find very little
    >relating to PPPTP Passthrough.
    >So I phoned Solwise Tech.Support who were helpful - they said that the
    >SAR110 does support PPTP Passthrough - you need to set up the GRE
    >protocol on port 1723.
    >However, they feel that the global ip address should be 0.0.0.0,
    >whereas I had entered the static ip address assigned by PlusNet. Even
    >so, regardless of which IP address I enter, I still get "Error 721 -
    >the remote computer is not responding". The connection icon on the XP
    >server's taskbar flashes during the connection attempt, so something
    >is getting through.
    >
    >The GRE NAT Rule in the router is as follows :-
    >Rule flavor RDR
    >Interface name ppp-0
    >Protocol GRE
    >Local address from 192.168.7.2
    >Local address to 192.168.7.2
    >Global address from 0.0.0.0 (or 84.92.64.155)
    >Global address to 0.0.0.0 (or 84.92.64.155)
    >Destination port from 1723
    >Destination port to 1723
    >Local port 1723
    >
    >I will also post this on the Solwise forum, but if I can't solve this
    >problem, can anyone recommend a reasonably priced router that does
    >support PPPTP Passthrough on incoming traffic?
    >
    >I am grateful for your help.
    >Geoff Pigott
    >
    >
    >
    >"Sooner Al" <SoonerAl@somewhere.net.invalid> wrote in message news:<O#XyWdKzEHA.3360@TK2MSFTNGP10.phx.gbl>...
    >> I would...
    >>
    >> Look at the section starting on page 63, which deals with NAT, in the Quick Start Guide...
    >>
    >> http://www.solwise.co.uk/downloads/adsl.htm
    >>
    >> Apparently you can manually add a Protocol number in the Protocol field. See page 72 to start the
    >> process.
    >>
    >> Otherwise you might post to the Solwise support forums...
    >>
    >> http://www.solwiseforum.co.uk/
    >>
    >> Its very possible, as Robin mentioned, the device does not support PPTP VPN at all inbound...
    >>
    >> --
    >> Al Jarvi (MS-MVP Windows Networking)
    >>
    >> Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
    >> The MS-MVP Program - http://mvp.support.microsoft.com
    >> This posting is provided "AS IS" with no warranties, and confers no rights...
    >>
    >> "Geoff Pigott" <geoff@lybreeze.plus.com> wrote in message
    >> news:12ffcbc4.0411170352.2637b51a@posting.google.com...
    >> > That is a good question, because I have searched in the router's
    >> > configuration for the PPTP Passthrough, to no avail - probably because
    >> > I don't know what ports/protocols/interfaces etc. it might be
    >> > masquerading as!
    >> >
    >> > The router is a Solwise SAR110, which overall I am very pleased with -
    >> > fairly easy to configure, and copious help pages.
    >> >
    >> > Do you know what I should be looking for re PPTP Passthrough?
    >> >
    >> > Thank you for your help.
    >> > Geoff Pigott
    >> >
    >> >
    >> > "Robin Walker" <rdhw@cam.ac.uk> wrote in message news:<cndahf$i2e$1@gemini.csx.cam.ac.uk>...
    >> >> Geoff Pigott <geoff@lybreeze.plus.com> wrote:
    >> >>
    >> >> > This is what I get when I type netstat -an on the XP Pro VPN Host :-
    >> >> >
    >> >> > Does this tell you anything?
    >> >>
    >> >> It tells us that this PC has both PPTP and L2TP VPN servers waiting for
    >> >> incoming connections, but there are no incoming connections.
    >> >>
    >> >> >>> The router has been configured to allow TCP and GRE
    >> >> >>> (protocol 47) on port 1723 - for the local IP address I have used
    >> >> >>> the private IP address of the NIC that is connected to the router,
    >> >>
    >> >> Does your router actually support PPTP pass-through? (for the GRE protocol).
    >> >>
    >> >> What brand and model is the router?
  12. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    In article <12ffcbc4.0411191732.4e339457@posting.google.com>,
    geoff@lybreeze.plus.com says...
    > To add the GRE Rule I clicked "Add a NAT Rule", then in the Protocol
    > field I selected no. 47 from a listbox which contains ANY, TCP, UDP,
    > ICMP then nos. 1 to 255. Once the Rule has been saved, the Protocol
    > is then shown as "GRE".

    Some of the NAT routers I've used for PPTP sessions (inbound) require
    the user to setup TCP/47 inbound to the server in order for it to work.
    I know that 47 is not a port, but some of the NAT devices have to have
    TCP/47 mapped for GRE to work.

    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
  13. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Geoff Pigott <geoff@lybreeze.plus.com> wrote:

    > Everything on the PC side is in order - the workgroup name is the
    > same, the local IP addresses are both in the range 192.168.7.* (but
    > not the same!)

    Do you mean by this that you are using the same IP subnet range at both ends
    of the VPN link? If so, this is an error. You *must* use different
    sub-nets at each end of the link. If one end uses 192.168.7.*, the other
    end must use something different.

    --
    Robin Walker
    rdhw@cam.ac.uk
  14. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    I have the NAT Rules set-up as suggested - one for TCP and one for
    GRE, but I still get Error 721.

    I am now somewhat confused about the IP addresses. Both machines (VPN
    server and client) had IP addresses in the 192.168.7.x range, with a
    SubNet of 255.255.255.0 I have now changed the client to be
    192.168.0.1 - Please note that although the 2 PC's are currently
    side-by-side for set-up purposes, they are NOT connected via a LAN.

    However, my confusion stems from which component do the IP addresses
    relate to in a VPN connection? On the XP server side is it the NIC
    that the router is connected to, or is it Incoming Connections - they
    both have TCP/IP Properties. On the W2K client side, is it the VPN
    connection or the resident NIC (which is theoretically unused in this
    scenario, as I am dialling-in).

    Is it better to specify the IP addresses, or to have them assigned
    automatically by DHCP? The VPN server has an option in Incoming
    Connections to assign TCP/IP Addresses automatically, and similarly on
    the VPN client you can opt to "Obtain an IP address automatically".

    I feel that I now need to get this part right before worrying any
    further about the router.

    Many thanks.
    Geoff Pigott


    "Jeffrey Randow (MVP)" <jeffreyr-support@remotenetworktechnology.com> wrote in message news:<o4ktp0hbrbvjugsd5q9ink45814h76mj1g@4ax.com>...
    > Make two seperate rules.. One like the one you show below, but with
    > TCP instead of GRE. Then make a second rule that has IP Protocol 47,
    > but leave the Destination and Local Ports blank (or 0 if it won't take
    > it).
    > ---
    > Jeffrey Randow (Windows Networking MVP)
    > jeffreyr-support@remotenetworktechnology.com
    >
    > Please post all responses to the newsgroups for the benefit
    > of all USENET users. Messages sent via email may or may not
    > be answered depending on time availability....
    >
    > Remote Networking Technology Support Site -
    > http://www.remotenetworktechnology.com
    > Windows Network Technology Community -
    > http://www.microsoft.com/windowsserver2003/community/centers/networking/default.mspx
    > Windows Home Networking Community -
    > http://www.microsoft.com/windowsxp/expertzone/communities/wireless.mspx
    >
    > On 18 Nov 2004 04:45:26 -0800, geoff@lybreeze.plus.com (Geoff Pigott)
    > wrote:
    >
    > >I looked in the SetUp guide for the SAR110, but find very little
    > >relating to PPPTP Passthrough.
    > >So I phoned Solwise Tech.Support who were helpful - they said that the
    > >SAR110 does support PPTP Passthrough - you need to set up the GRE
    > >protocol on port 1723.
    > >However, they feel that the global ip address should be 0.0.0.0,
    > >whereas I had entered the static ip address assigned by PlusNet. Even
    > >so, regardless of which IP address I enter, I still get "Error 721 -
    > >the remote computer is not responding". The connection icon on the XP
    > >server's taskbar flashes during the connection attempt, so something
    > >is getting through.
    > >
    > >The GRE NAT Rule in the router is as follows :-
    > >Rule flavor RDR
    > >Interface name ppp-0
    > >Protocol GRE
    > >Local address from 192.168.7.2
    > >Local address to 192.168.7.2
    > >Global address from 0.0.0.0 (or 84.92.64.155)
    > >Global address to 0.0.0.0 (or 84.92.64.155)
    > >Destination port from 1723
    > >Destination port to 1723
    > >Local port 1723
    > >
    > >I will also post this on the Solwise forum, but if I can't solve this
    > >problem, can anyone recommend a reasonably priced router that does
    > >support PPPTP Passthrough on incoming traffic?
    > >
    > >I am grateful for your help.
    > >Geoff Pigott
    > >
    > >
    > >
    > >"Sooner Al" <SoonerAl@somewhere.net.invalid> wrote in message news:<O#XyWdKzEHA.3360@TK2MSFTNGP10.phx.gbl>...
    > >> I would...
    > >>
    > >> Look at the section starting on page 63, which deals with NAT, in the Quick Start Guide...
    > >>
    > >> http://www.solwise.co.uk/downloads/adsl.htm
    > >>
    > >> Apparently you can manually add a Protocol number in the Protocol field. See page 72 to start the
    > >> process.
    > >>
    > >> Otherwise you might post to the Solwise support forums...
    > >>
    > >> http://www.solwiseforum.co.uk/
    > >>
    > >> Its very possible, as Robin mentioned, the device does not support PPTP VPN at all inbound...
    > >>
    > >> --
    > >> Al Jarvi (MS-MVP Windows Networking)
    > >>
    > >> Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
    > >> The MS-MVP Program - http://mvp.support.microsoft.com
    > >> This posting is provided "AS IS" with no warranties, and confers no rights...
    > >>
    > >> "Geoff Pigott" <geoff@lybreeze.plus.com> wrote in message
    > >> news:12ffcbc4.0411170352.2637b51a@posting.google.com...
    > >> > That is a good question, because I have searched in the router's
    > >> > configuration for the PPTP Passthrough, to no avail - probably because
    > >> > I don't know what ports/protocols/interfaces etc. it might be
    > >> > masquerading as!
    > >> >
    > >> > The router is a Solwise SAR110, which overall I am very pleased with -
    > >> > fairly easy to configure, and copious help pages.
    > >> >
    > >> > Do you know what I should be looking for re PPTP Passthrough?
    > >> >
    > >> > Thank you for your help.
    > >> > Geoff Pigott
    > >> >
    > >> >
    > >> > "Robin Walker" <rdhw@cam.ac.uk> wrote in message news:<cndahf$i2e$1@gemini.csx.cam.ac.uk>...
    > >> >> Geoff Pigott <geoff@lybreeze.plus.com> wrote:
    > >> >>
    > >> >> > This is what I get when I type netstat -an on the XP Pro VPN Host :-
    > >> >> >
    > >> >> > Does this tell you anything?
    > >> >>
    > >> >> It tells us that this PC has both PPTP and L2TP VPN servers waiting for
    > >> >> incoming connections, but there are no incoming connections.
    > >> >>
    > >> >> >>> The router has been configured to allow TCP and GRE
    > >> >> >>> (protocol 47) on port 1723 - for the local IP address I have used
    > >> >> >>> the private IP address of the NIC that is connected to the router,
    > >> >>
    > >> >> Does your router actually support PPTP pass-through? (for the GRE protocol).
    > >> >>
    > >> >> What brand and model is the router?
  15. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Geoff Pigott <geoff@lybreeze.plus.com> wrote:

    > I am now somewhat confused about the IP addresses. Both machines (VPN
    > server and client) had IP addresses in the 192.168.7.x range, with a
    > SubNet of 255.255.255.0 I have now changed the client to be
    > 192.168.0.1 - Please note that although the 2 PC's are currently
    > side-by-side for set-up purposes, they are NOT connected via a LAN.

    How are they connected, then? This is relevant to the issue in hand.

    > However, my confusion stems from which component do the IP addresses
    > relate to in a VPN connection? On the XP server side is it the NIC
    > that the router is connected to, or is it Incoming Connections - they
    > both have TCP/IP Properties. On the W2K client side, is it the VPN
    > connection or the resident NIC (which is theoretically unused in this
    > scenario, as I am dialling-in).

    Once the VPN is set up, there will be two new IP addresses in play: one for
    the virtual NIC in the client, and one for the server end of the VPN
    connection. Give names to the various IP addresses as follows:

    SW stands for the WAN IP address of the router in front of the PPTP server.
    SL stands for the LAN IP address of the PPTP server in its router's LAN.
    SV stands for the IP address of the server end of the VPN link.

    CW stands for the WAN IP address of the router in front of the PPTP client.
    CL stands for the LAN IP address of the PPTP client in its router's LAN.
    CV stands for the IP address of the client end of the VPN link.

    You discover SW and CW by inspecting the router status pages.

    You discover SL by using ipconfig on the server, and you discover CL by
    using ipconfig on the client (or you preset them manually to known addresses
    in the relevant router's subnet but outside its DHCP pool range).

    You discover SV and CV after the VPN conenction has been established by
    right-clicking on the VPN connection object, selecting Status, and clicking
    tab Details.

    When you initially make a VPN call, you specify SW.
    The router at SW port-forwards the call to SL.

    When the VPN link is up and running:

    - In the client, if you wish to make network calls to the server, you use
    SL. Astonishing, but true, and verified by me in practice. Using SV does
    not work. There is of course, no way you can discover SL at the time of
    connection other than by knowing it anyway.

    - In the server, if you wish to make network calls to the client, you use
    CV, which is logical.

    > Is it better to specify the IP addresses, or to have them assigned
    > automatically by DHCP? The VPN server has an option in Incoming
    > Connections to assign TCP/IP Addresses automatically,

    This depends on the nature of your local computing environment, whether a
    DHCP server is available, and whether it issues addresses which work. In
    your case, the server is behind a NAT router, so allowing it to issue DHCP
    addresses to the VPN llink is viable. Alternatively you may if you wish,
    preconfigure static IP addresses to the VPN link: if you do, they must be
    within the subnet range of the server's router LAN, but outside its DHCP
    allocation pool range.

    > and similarly on
    > the VPN client you can opt to "Obtain an IP address automatically".

    Leave the client like this.

    --
    Robin Walker
    rdhw@cam.ac.uk
  16. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    "Robin Walker" <rdhw@cam.ac.uk> wrote in message news:<cnslc3$6h9$1@gemini.csx.cam.ac.uk>...
    > Geoff Pigott <geoff@lybreeze.plus.com> wrote:
    >
    > > I am now somewhat confused about the IP addresses. Both machines (VPN
    > > server and client) had IP addresses in the 192.168.7.x range, with a
    > > SubNet of 255.255.255.0 I have now changed the client to be
    > > 192.168.0.1 - Please note that although the 2 PC's are currently
    > > side-by-side for set-up purposes, they are NOT connected via a LAN.
    >
    > How are they connected, then? This is relevant to the issue in hand.
    >

    As I am currently in the process of trying to set-up the VPN locally
    before using it for real, I have the 2 PC's side-by-side. The XP
    server is connected to the Broadband line via the Solwise router, and
    the W2K client dials-in using the analog line via a 56K modem.

    Thank you for your detailed description of IP addresses etc. I'll work
    through these and get back to you.
    Thanks again.
    Geoff Pigott
  17. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Geoff Pigott <geoff@lybreeze.plus.com> wrote:
    > "Robin Walker" <rdhw@cam.ac.uk> wrote in message
    > news:<cnslc3$6h9$1@gemini.csx.cam.ac.uk>...
    >> Geoff Pigott <geoff@lybreeze.plus.com> wrote:
    >>
    >>> I am now somewhat confused about the IP addresses. Both machines
    >>> (VPN server and client) had IP addresses in the 192.168.7.x range,
    >>> with a SubNet of 255.255.255.0 I have now changed the client to be
    >>> 192.168.0.1 - Please note that although the 2 PC's are currently
    >>> side-by-side for set-up purposes, they are NOT connected via a LAN.
    >>
    >> How are they connected, then? This is relevant to the issue in hand.
    >
    > As I am currently in the process of trying to set-up the VPN locally
    > before using it for real, I have the 2 PC's side-by-side. The XP
    > server is connected to the Broadband line via the Solwise router, and
    > the W2K client dials-in using the analog line via a 56K modem.

    That makes all previous replies invalid, as we thought you were trying to
    set up a VPN, not a dial-up RAS connection. These are different things.
    With dial-up, there is no need to configure the routers to do anything.

    --
    Robin Walker
    rdhw@cam.ac.uk
  18. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Sorry for any confusion, but I was (and still am) under the impression
    that RAS involves the remote user dialling-in via a modem or ISDN to
    an incoming port on a remote server, whereas a VPN involves using the
    internet to connect to a remote server. On a VPN the initial client
    connection is to your ISP, and this can be via dial-up modem, ISDN or
    Broadband. Once connected to your ISP, you then dial-in to your VPN
    server, usually using its static IP address.

    If the above is true, then a VPN is what I wish to set-up, as I want
    my VPN server to be connected to broadband, listening out for incoming
    connections from remote clients.

    Given the above, should my test VPN scenario of a W2K client
    dialling-in (via an ISP) to an XP server on broadband be achievable?

    I feel that I am probably not alone in wanting to get to grips with
    VPN, not necessarily for financial gain, but to give more people in
    more SME's more opportunities to work from home a bit more, resulting
    in less miles driven, less pollution and less stress :-)

    Thank you,
    Geoff Pigott


    "Robin Walker" <rdhw@cam.ac.uk> wrote in message news:<cnv4g1$nh1$1@gemini.csx.cam.ac.uk>...
    > Geoff Pigott <geoff@lybreeze.plus.com> wrote:
    > > "Robin Walker" <rdhw@cam.ac.uk> wrote in message
    > > news:<cnslc3$6h9$1@gemini.csx.cam.ac.uk>...
    > >> Geoff Pigott <geoff@lybreeze.plus.com> wrote:
    > >>
    > >>> I am now somewhat confused about the IP addresses. Both machines
    > >>> (VPN server and client) had IP addresses in the 192.168.7.x range,
    > >>> with a SubNet of 255.255.255.0 I have now changed the client to be
    > >>> 192.168.0.1 - Please note that although the 2 PC's are currently
    > >>> side-by-side for set-up purposes, they are NOT connected via a LAN.
    > >>
    > >> How are they connected, then? This is relevant to the issue in hand.
    > >
    > > As I am currently in the process of trying to set-up the VPN locally
    > > before using it for real, I have the 2 PC's side-by-side. The XP
    > > server is connected to the Broadband line via the Solwise router, and
    > > the W2K client dials-in using the analog line via a 56K modem.
    >
    > That makes all previous replies invalid, as we thought you were trying to
    > set up a VPN, not a dial-up RAS connection. These are different things.
    > With dial-up, there is no need to configure the routers to do anything.
  19. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    I have finally come to a sort of conclusion on this problem.

    I was labouring under the impression that there was a problem with the
    modem/router (Solwise SAR110), but I have now determined that the
    problem lay in the fact that the VPN client was running W2K Pro. As an
    experiment I tried using a WinXP PC as the VPN client, still with a
    WinXP Pro PC as the VPN server, and hey presto! - it worked straight
    away. The Solwise modem/router (with port 1723 (TCP) and protocol 47
    (GRE) configured to pass-through the firewall) works perfectly.

    My only question now is :- does anyone know how to set-up a W2K Pro
    machine as a VPN client connecting to a VPN server running WinXP Pro?

    Thank you in anticipation.
    Geoff Pigott


    Geoff Pigott wrote:
    > Sorry for any confusion, but I was (and still am) under the
    impression
    > that RAS involves the remote user dialling-in via a modem or ISDN to
    > an incoming port on a remote server, whereas a VPN involves using the
    > internet to connect to a remote server. On a VPN the initial client
    > connection is to your ISP, and this can be via dial-up modem, ISDN or
    > Broadband. Once connected to your ISP, you then dial-in to your VPN
    > server, usually using its static IP address.
    >
    > If the above is true, then a VPN is what I wish to set-up, as I want
    > my VPN server to be connected to broadband, listening out for
    incoming
    > connections from remote clients.
    >
    > Given the above, should my test VPN scenario of a W2K client
    > dialling-in (via an ISP) to an XP server on broadband be achievable?
    >
    > I feel that I am probably not alone in wanting to get to grips with
    > VPN, not necessarily for financial gain, but to give more people in
    > more SME's more opportunities to work from home a bit more, resulting
    > in less miles driven, less pollution and less stress :-)
    >
    > Thank you,
    > Geoff Pigott
    >
    >
    >
    >
    > "Robin Walker" <rdhw@cam.ac.uk> wrote in message
    news:<cnv4g1$nh1$1@gemini.csx.cam.ac.uk>...
    > > Geoff Pigott <geoff@lybreeze.plus.com> wrote:
    > > > "Robin Walker" <rdhw@cam.ac.uk> wrote in message
    > > > news:<cnslc3$6h9$1@gemini.csx.cam.ac.uk>...
    > > >> Geoff Pigott <geoff@lybreeze.plus.com> wrote:
    > > >>
    > > >>> I am now somewhat confused about the IP addresses. Both
    machines
    > > >>> (VPN server and client) had IP addresses in the 192.168.7.x
    range,
    > > >>> with a SubNet of 255.255.255.0 I have now changed the client
    to be
    > > >>> 192.168.0.1 - Please note that although the 2 PC's are
    currently
    > > >>> side-by-side for set-up purposes, they are NOT connected via a
    LAN.
    > > >>
    > > >> How are they connected, then? This is relevant to the issue in
    hand.
    > > >
    > > > As I am currently in the process of trying to set-up the VPN
    locally
    > > > before using it for real, I have the 2 PC's side-by-side. The XP
    > > > server is connected to the Broadband line via the Solwise router,
    and
    > > > the W2K client dials-in using the analog line via a 56K modem.
    > >
    > > That makes all previous replies invalid, as we thought you were
    trying to
    > > set up a VPN, not a dial-up RAS connection. These are different
    things.
    > > With dial-up, there is no need to configure the routers to do
    anything.
Ask a new question

Read More

VPN Windows XP Product