Archived from groups: microsoft.public.windowsxp.work_remotely (
More info?)
One thing I do, and this is illustrated on my PocketPC VPN page that I pointed to you earlier, is to
have the VPN server assign an IP to the client that is in a different subnet than the server local
IP address...Meaning if the VPN server is on the local subnet of 192.168.0.X, then the client is
assigned an IP in the 192.168.100.X subnet for example. From your post over on the DSL Report VPN
forum it seems you have the following situation...
Server PC with XP Pro:
WAN IP: A.B.C.D (dynamic and with a DDNS myserver.no-ip.com)
LAN IP: 192.168.1.30.
Behind a Linksys BEFSR41 (v2)
PPTP and IPSec Pass Through are both enabled.
Port 1723 and port 3389 are both forwarded to 192.168.1.30.
Client PC with XP Home:
WAN IP: E.F.G.H (dynamic and with a DDNS myclient.no-ip.com)
LAN IP: 192.168.0.50
Behind a DLink DI-604
I have not done any forwarding on this router.
And your client gets a 192.168.1.X address when connected via the VPN tunnel.
Do these steps...
1. Change the assigned VPN client subnet on the server to 192.168.100.X, ie. provide a small range
of addresses in that subnet
for client use.
2. Forward TCP Port 1723 and enable GRE Protocol 47 traffic on the D-Link DI-604 router to the
private LAN IP of your XP Home VPN client machine. (This step may not be required, but it may
help)...
3. Disable port forwarding of TCP Port 3389 on the remote end, ie. the Linksys router.
You can disable IPSec Pass Through on the Linksys router also, since your only doing PPTP VPN...Lets
plug some holes...
--
Al Jarvi (MS-MVP Windows Networking)
Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program -
http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...
<invalid@invalid.com> wrote in message news:dmljc0loe0uvrb72uo2t0a0d40p3glltpo@4ax.com...
>
>
>
> Thank you very much for all your time and help with this issue. I was
> successful in establishing both a VPN and a RD connection at the same
> time but there are a couple of points I'd like to bring up if I may.
>
>
> On Fri, 11 Jun 2004 05:19:47 -0500, "Sooner Al"
> <SoonerAl@somewhere.net.invalid> wrote:
>
>>In order to do PPTP VPN through a firewall/NAT/router both TCP Port 1723 *AND* GRE Protocol 47
>>traffic need to be forwarded/enabled. Some firewall/NAT/router devices call the GRE Protocol 47
>>function "PPTP Pass Through", "VPN Pass Through"...
>
> I'm doing connections from home (client) to work (server). The router
> at work has an option for PPTP and ITPSec Pass Through which I have
> set to "allow" and apparently is the same functionality as the ports
> you mention above. Since the VPN connection completes, this part looks
> to be OK.
>
>
>>If you use a VPN tunnel and RD through the tunnel, then you don't need to forward/open TCP Port
>>3389.
>
> OK. I've seen that on other tutorials but see below what happened when
> I tried to do the Remote Desktop connection after the VPN was
> established.
>
>
>>The steps would be to initiate the VPN link using the public ISP assigned IP of the
>>firewall/NAT/router (which will redirect the tunnel to the VPN server) then the RD link using the
>>private LAN IP of the PC your trying to connect to.
>
> After the VPN connection was established, when I tried to use the
> server's LAN IP to do the Remote Connection I could not make it. The
> error (I forget the number) was saying that the server cannot accept
> the connection.
>
> When I then tried to do a RD on the server's public IP I could make
> it. It went through with no problem (because of port 3389 being open
> probably). Does this mean that the RD connection was not using the
> existing, established VPN connection?
>
> If the only way to do RD through a VPN tunnel is to use the server's
> LAN IP then what I got was two separate connections and certainly not
> a RD through a VPN tunnel. Correct?
>
> Whatever it was, the client PC was showing only one active connection
> to the server and not two (using a network utility I have), if that
> makes any difference whatsoever.
>
>
>>The client gets an IP of
>>192.168.1.11 assigned by the server. I would then use Remote Desktop (PocketPC Terminal Services
>>Client in my example) to call the PC with an address of 192.168.0.11 as an example...
>
> Let me repeat that just to make sure that I get it.
>
> The server has a LAN IP of 192.168.1.300
> and after the successful VPN connection
> it assigns the client PC a LAN IP of 192.168.1.400.
>
> What I tried was to do a RD from the client to
> 192.168.1.300, the server's LAN IP but I was not successful - the
> connection was refused. Did I use the right IP?
>
> Thank you very much.
>
> ==
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.703 / Virus Database: 459 - Release Date: 6/10/2004