1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

vpn port 1723

Discussion in 'Networking' started by Bat_Manuel, Sep 24, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Bat_Manuel

    Bat_Manuel Thread Starter

    Joined:
    Sep 24, 2010
    Messages:
    9
    Im trying to set up a vpn. Im running windows sbs 2008 and when i run the vpn wizard it tells me that i "must manually open port 1723 and point it to the IP adress of the server". I have a Cisco rv 120w wireless-n vpn firewall router and i went to the port fowarding tab and set it up like so
    [​IMG]

    and I try the vpn wizard again and its still telling me the same thing. Am i setting it up wrong or what?
     

    Attached Files:

  2. Squashman

    Squashman Trusted Advisor

    Joined:
    Apr 4, 2003
    Messages:
    19,731
    I am slightly confused. You are port forwarding to use SBS as your VPN server even though your router has VPN capability?
     
  3. Bat_Manuel

    Bat_Manuel Thread Starter

    Joined:
    Sep 24, 2010
    Messages:
    9
    i thought thats what i need to set up the remote acsess for sbs. its my first time trying to set this up. but to answer question yes
     
  4. Squashman

    Squashman Trusted Advisor

    Joined:
    Apr 4, 2003
    Messages:
    19,731
    Could you give us the exact error the VPN wizard is giving you. Or just post a screen shot of it.
     
  5. Squashman

    Squashman Trusted Advisor

    Joined:
    Apr 4, 2003
    Messages:
    19,731
  6. Bat_Manuel

    Bat_Manuel Thread Starter

    Joined:
    Sep 24, 2010
    Messages:
    9
    [​IMG]

    This is what the vpn wizard is telling me. If i use the router to set up the vpn would it be slower or faster, or would it still be about the same?
     

    Attached Files:

  7. Squashman

    Squashman Trusted Advisor

    Joined:
    Apr 4, 2003
    Messages:
    19,731
    I guess I don't understand what your issue is. The Wizard told you to open the ports and you did that on the router. What seems to be the issue?

    I don't know which VPN would be faster. Will see if I can get our resident Cisco guru to answer that for you.
     
  8. zx10guy

    zx10guy Trusted Advisor

    Joined:
    Mar 30, 2008
    Messages:
    4,371
    Squashman got my attention.

    I can try to help with your PPTP setup but I haven't set one up personally. The VPNs I set up on a routine basis are IPSEC or SSL based. But the basic principles are the same.

    First, have you verified, your SBS server is configured properly to run as a PPTP VPN server and is answering incoming connections. You need to do this first before moving on to troubleshoot any network issues. I suggest testing the server with a locally attached client.

    If the SBS server is indeed running and working properly, you need to do the appropriate port forward configuration on your router to allow external connectivity. Based on your screenshot, it looks like you have the set up correctly. To verify full end to end connectivity, you can run a test from your client which doesn't invoke the VPN but just checks for basic TCP function. From your remote client, open a command prompt window. From the command prompt window, issue this command telnet [public IP address of your network with the VPN server] 1723. If you get the window to clear out and have a single blinking cursor in the upper left corner, then this means the network pathway is set up correctly and there is still something amiss with the VPN server configuration. If you get connection time outs, then something is still wrong with the network setup. To exit out of the single blinking cursor situation, type CTRL + ] . This will drop you into the telnet command line and just type quit to exit out. This only works with XP. For some reason, Microsoft decided not to include telnet as the base install for Vista and Win7.

    As far as which is better to set up the VPN server on (router/firewall or actual server), this depends. My guess would be your ISP connection is probably going to be limiting factor anyways. But in general, I like running my VPN servers on network appliances. One because the device is usually the edge device to your internal network. This lowers the complexity of your setup in having to do unnecessary port forwards or NAT rules. The other thing I like about network VPN appliances is that they are usually optimized to handle VPN overhead. There isn't any unnecessary overhead in running other OS specific services which won't be running on an VPN network device. As such you don't have to over purchase on your hardware to deal with running the OS and the VPN overhead. Also the complexity of the equipment is much less. I don't have hard drives and such to worry about with a network appliance. Network VPN appliances also have processors optimized to number crunch the encryption algorithms.

    With that said, I looked at the spec sheet for your router. It supports IPSEC VPNs which I prefer over PPTP as they are much much more secure. Not only do you get a stronger encryption payload algorithm in the use of 3DES or AES, but you also get better security in the encrypted traffic in negotiating the initial handshake between client and server. The option to run either MD5 or SHA-1 during the Phase 1 negotiating makes IPSEC very secure in ensuring the devices which are talking to each are supposed to be talking to each other. Now the spec says it supports 3DES which is 168bit encryption, the spec sheet doesn't state what level of AES is supports. I would assume it should support AES 256bit encryption. With that said, be aware the more complex encryption algorithms will tax your router much more and you may see a resultant performance impact. The number of concurrent client tunnels it supports (10) tells me it's not a very beefy VPN server device. You'll have to do some live testing to see if the router is adequate enough for your needs.
     
  9. Bat_Manuel

    Bat_Manuel Thread Starter

    Joined:
    Sep 24, 2010
    Messages:
    9
    well how would i go about using the cisco to creat a vpn? sorry im really new to vpn and remote acess
     
  10. zx10guy

    zx10guy Trusted Advisor

    Joined:
    Mar 30, 2008
    Messages:
    4,371
    You'll have to go through the user's manual. I'm not familiar with the Linksys/Cisco routers. But the principles should be the same as any other IPSEC VPN router/firewall. You need to configure the IKE Phase 1 parameters which involve using a passphrase and selecting the type of encryption (MD5 or SHA-1.) In addition, you'll need to select the type of DH group to use (1, 2, and 5.) Type 2 is typically what I see used for VPN client connections. Type 5 is more secure but I haven't seen any VPN client software which supports it. I typically see it configured for site to site VPN tunnels. Type 5 requires a lot more CPU overhead as the encryption algorithm is much more complex. The next configuration would be Phase 2 which is to configure the encryption level of the payload (your data.) DES is the most basic and less secure. 3DES is more secure but has given way to AES 192 and 256 level encryption. Again, typically, the higher the encryption level, the more overhead is required to encrypt and decrypt the payload.

    Other things which may be required to be configured is the local IP pool address space. This is the IP address assigned to your VPN client on the connected LAN for the remote client.

    I know how to do this for the actual Cisco routers and firewalls along with the Netgear VPN routers, but again can't provide much help with the Linksys/Cisco products.
     
  11. Squashman

    Squashman Trusted Advisor

    Joined:
    Apr 4, 2003
    Messages:
    19,731
    Did you perhaps look through the link to the Administrative manual for your device that I posted 4 days ago.
     
  12. Bat_Manuel

    Bat_Manuel Thread Starter

    Joined:
    Sep 24, 2010
    Messages:
    9
    Couldn't figure it out I just decided to go with a remote web workplace instead of a VPN
     
  13. JohnWill

    JohnWill Retired Moderator

    Joined:
    Oct 19, 2002
    Messages:
    106,409
    Did you get that working?
     
  14. Bat_Manuel

    Bat_Manuel Thread Starter

    Joined:
    Sep 24, 2010
    Messages:
    9
    The remote web workplace yes the VPN no
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/952155