One thing you have to be careful about with the Linksys products - if you have the SPI feature enabled, then all forwarding is disabled. In order for your set-up to work, you'll have to disable the SPI in the Filters page. You can leave the 'Block WAN Probing' enabled.
Regards, Amer Karim Nautilis Information Systems e-mail: [EMAIL PROTECTED] -----Original Message----- From: Gino Imbrunetti [mailto:[EMAIL PROTECTED]] Sent: May 14, 2002 11:13 To: [EMAIL PROTECTED] Subject: Too much security? Not sure if this is the right forum but here goes... I seem to have "too much security" when trying to set up a VPN between two offices. The setup: Remote user running Windows XP (or 2000, or 98, etc.) setting up a VPN to connect to a remote office. Corporate office with Windows 2000 Server running RAS on 192.168.0.51. Linksys BEFSR4 (Firmware ver 1.4) DSL router with forwarding set (1723 TCP and 500 UDP) to the .51 address, and PPTP and L2TP allowed on the LinkSys. Filters on the W2K RAS network interface set to accept from ANY IP address the required ports/protocols (1723 TCP, 500 UDP, TCP protocol 47), and the user trying to connect has been granted remote access (dial-in) in Acitive Directory. When trying to access RAS from the same subnet (say 192.168.0.221), I can authenticate and get right in to the server (and RAS shown that I am connected). When trying to access RAS from the 'net (216.xxx.xxx.xxx) I can't gain access. Remote scans shows port 1723 open for connection and, if I shut down the interface on the RAS server, port 1723 is now shown as closed (trying to verify if I am getting through the Linksys). Is the LinkSys the problem? Am I missing some ports/protocols in addition to 1723 TCP and 500 UDP? Thanks Gino Imbrunetti _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com
