From PPTP to L2TP/IPsec using RRAS - How?

  • Thread starter Thread starter Fox1977
  • Start date Start date
F

Fox1977

Guest
Hi folks,

I need a bit of help from all of the experts on here. I need to get a
VPN setup for a teleworker that is going to be working from home.
Managed to get so far but now a bit stuck.

Here's the setup:
Windows 2003 server running RRAS in our office, Draytek 2800 router.
RRAS is setup and configured for PPTP access using port forwarding
1723 on the router to the server. This works fine and it is pretty
stable.

I am trying to upgrade the VPN to L2TP/Ipsec in order to improve
security. The teleworker is trying to access my network using a 3g
modem from Switzerland and it looks like it is blocked. The provider
says they support IPSEC (Does this sound about right? Any
thoughts?). The idea is that i upgrade the VPN to ipsec.

How do i go about doing this? Is there something i can do in the RRAS
just to simply switch it?

I have looked on the net and I'm struggling to find any detailed
instructions. I know i need to install some kind of certificate
services and get a certificate for the server. I then need to setup
the port forwarding rules on the router. The stuff I have read then
says then to try and connect and as windows xp will try Ipesec as the
first protocol it should connect.

I also have a windows 2008 server in the office i could use for this.
Is there any advantage in using this for the VPN over 2003?

Anyone help out with any instructions or tips? Am i going along the
correct lines?

Thanks in advance.
 
Re: From PPTP to L2TP/IPsec using RRAS - How?

On Jun 28, 11:38 am, Fox1977 <fox...@gmail.com> wrote:
> Hi folks,
>
> I need a bit of help from all of the experts on here.
>
> I have looked on the net and I'm struggling to find any detailed
> instructions. I know i need to install some kind of certificate
> services and get a certificate for the server. I then need to setup
> the port forwarding rules on the router.


> Anyone help out with any instructions or tips? Am i going along the
> correct lines?
>
> Thanks in advance.

Have you seen this article from MS?
http://support.microsoft.com/kb/240262
 
Re: From PPTP to L2TP/IPsec using RRAS - How?



"SF" <solutionforge@gmail.com> wrote in message
news:fa6d8c9b-b96f-44c6-b778-a0c35c23451a@u6g2000prc.googlegroups.com...
> On Jun 28, 11:38 am, Fox1977 <fox...@gmail.com> wrote:
>> Hi folks,
>>
>> I need a bit of help from all of the experts on here.
>>
>> I have looked on the net and I'm struggling to find any detailed
>> instructions. I know i need to install some kind of certificate
>> services and get a certificate for the server. I then need to setup
>> the port forwarding rules on the router.
>
>
>> Anyone help out with any instructions or tips? Am i going along the
>> correct lines?
>>
>> Thanks in advance.
>
> Have you seen this article from MS?
> http://support.microsoft.com/kb/240262

Unless you already have a certificate server set up (and someone who knows
how to use it), I would stay with PPTP or used the preshared keys (as
described in the KB above).
 
Re: From PPTP to L2TP/IPsec using RRAS - How?

On Jun 28, 10:11 pm, SF <solutionfo...@gmail.com> wrote:
Just had a look at that and followed the instructions. Slightly
different on 2003 but followed it as best as a I could. Could get it
working but at least i managed to get a L2TP error back when i tried
to connect. Can't get the error now.

I will post more info tomorrow.

I noticed the IPsec passphrase setting in RRAS. If i set this on its
own and put the passphrase in the client will that get me an Ipsec vpn
or do i need to set the ipsec policy up?

Thanks for the help, much appreciated


> On Jun 28, 11:38 am, Fox1977 <fox...@gmail.com> wrote:


>
> > Hi folks,
>
> > I need a bit of help from all of the experts on here.
>
> > I have looked on the net and I'm struggling to find any detailed
> > instructions.  I know i need to install some kind of certificate
> > services and get a certificate for the server.  I then need to setup
> > the port forwarding rules on the router.
> > Anyone help out with any instructions or tips?  Am i going along the
> > correct lines?
>
> > Thanks in advance.
>
> Have you seen this article from MS?http://support.microsoft.com/kb/240262
 
Re: From PPTP to L2TP/IPsec using RRAS - How?

Just working through the guide

http://support.microsoft.com/kb/240262

Got to stage 10 and got a bit stuck. Doesn't seem to have this stage
in 2003.

Ive skipped that and carried on stages 12 and 13 i have put the same
IP address as the RRAS server but it is saying they cannot be the
same. Anyone any ideas?

Ive also setup ports 500 udp, 1000 udp and 4500 udp to forward to the
remote access server.

In the port settings in RRAS i have also set it to allow 5 L2TP
connections.

When i try and connect using L2TP now i am getting a 789 error.

Anyone any ideas? Really struggling with this. Thanks
 
Re: From PPTP to L2TP/IPsec using RRAS - How?

Here's my port forwarding rules:

udp 500
tcp 4500
tcp 10000
udp 4500

all of these forward onto the internal RRAS server
 
Re: From PPTP to L2TP/IPsec using RRAS - How?

On Jul 1, 3:36 pm, Fox1977 <fox...@gmail.com> wrote:
> Here's my port forwarding rules:
>
> udp 500
> tcp 4500
> tcp 10000
> udp 4500
>
> all of these forward onto the internal RRAS server

Before trouble shooting your firewall rules, are you able to connect
to this server internally?
 
Re: From PPTP to L2TP/IPsec using RRAS - How?

What ip should i try and connect to the RRAS? It has two local IP
addresses on the box as I use port forwarding on the router from the
public IP address. I will try and connect locally this morning.

Thanks

John


On Jul 2, 5:53 am, SF <solutionfo...@gmail.com> wrote:
> On Jul 1, 3:36 pm, Fox1977 <fox...@gmail.com> wrote:
>
> > Here's my port forwarding rules:
>
> > udp 500
> > tcp 4500
> > tcp 10000
> > udp 4500
>
> > all of these forward onto the internal RRAS server
>
> Before trouble shooting your firewall rules, are you able to connect
> to this server internally?
 
Re: From PPTP to L2TP/IPsec using RRAS - How?

Why does it have two addresses? A RRAS server only needs two NICs if it is
connected to the Internet. If is behind a router it only needs one.

"Fox1977" <foxj77@gmail.com> wrote in message
news:c4365812-ae5e-4502-827c-6903dde62e64@p25g2000hsf.googlegroups.com...
> What ip should i try and connect to the RRAS? It has two local IP
> addresses on the box as I use port forwarding on the router from the
> public IP address. I will try and connect locally this morning.
>
> Thanks
>
> John
>
>
> On Jul 2, 5:53 am, SF <solutionfo...@gmail.com> wrote:
>> On Jul 1, 3:36 pm, Fox1977 <fox...@gmail.com> wrote:
>>
>> > Here's my port forwarding rules:
>>
>> > udp 500
>> > tcp 4500
>> > tcp 10000
>> > udp 4500
>>
>> > all of these forward onto the internal RRAS server
>>
>> Before trouble shooting your firewall rules, are you able to connect
>> to this server internally?
>
 
Back
Top