Folks...We have a small business with several servers (Windows and Linux) which we will like to access via a VPN. We want to use the PPTP client which comes with Windows.
I have installed VPN on a Window 2000 server. There are two methods for setting up a VPN server, one using RRAS and the other, simpler process using the "Network Connections/New Connection Wizard". Since we are not running a Domain Server, the later is easier.
However, I have tried both and can not connect to the VPN server from outside. From the internal LAN both setups work fine.
We are using an older Cisco 2620 router as our connection to the Internet. It is running IOS 12.0. It is listening on two public-side IP addresses, but we want to only use one of those addresses for the VPN. The following lines are in the configuration file, real IP's replaced with 1.2.3.4
access-list 113 permit tcp any host 1.2.3.4 eq 1723
access-list 113 permit gre any host 1.2.3.4
which we thought would be enough to get traffic to the Windows 2000 VPN server.
By the way, there are other services on that server which are getting their traffic, so we know the router can reach the server.
Now the questions,
1) What are we doing wrong? Is there an issue with the 2620 and passing VPN traffic to our LAN? Can this router be configured as a VPN endpoint thus eliminating the need for the Windows 2000 VPN server?
2) Assuming that we can not do this with the 2620, the could we switch out that router for a more modern one that will not break the bank? Will any of the current Linksys, Netgear, Belkin, etc routers do what we want to do for routing to specific servers depending on incoming port id's as well as allow the VPN tunnel to be created to the server?
Thanks.....RDK
I have installed VPN on a Window 2000 server. There are two methods for setting up a VPN server, one using RRAS and the other, simpler process using the "Network Connections/New Connection Wizard". Since we are not running a Domain Server, the later is easier.
However, I have tried both and can not connect to the VPN server from outside. From the internal LAN both setups work fine.
We are using an older Cisco 2620 router as our connection to the Internet. It is running IOS 12.0. It is listening on two public-side IP addresses, but we want to only use one of those addresses for the VPN. The following lines are in the configuration file, real IP's replaced with 1.2.3.4
access-list 113 permit tcp any host 1.2.3.4 eq 1723
access-list 113 permit gre any host 1.2.3.4
which we thought would be enough to get traffic to the Windows 2000 VPN server.
By the way, there are other services on that server which are getting their traffic, so we know the router can reach the server.
Now the questions,
1) What are we doing wrong? Is there an issue with the 2620 and passing VPN traffic to our LAN? Can this router be configured as a VPN endpoint thus eliminating the need for the Windows 2000 VPN server?
2) Assuming that we can not do this with the 2620, the could we switch out that router for a more modern one that will not break the bank? Will any of the current Linksys, Netgear, Belkin, etc routers do what we want to do for routing to specific servers depending on incoming port id's as well as allow the VPN tunnel to be created to the server?
Thanks.....RDK
Facebook
Twitter
Instagram