Hi there.
I'm trying to configure VPN remote access on a Win2k server behind Wingate firewall, but till now I've only wasted my time:
- Win2k server is on the private LAN 10.10.0.x mask 255.255.255.0
- Win2k server is an Active Directory Domain member
- Wingate has an adapter on private LAN and another uon the public Internet whit public static IP address
- on Win2k server I've configured Remote Access Server and IAS Radius autentication service
Can someone explain the exact procedure to build a secure connection with L2PT protocol (port allowing, certificates...), both client and server sides ?
Thanks
Max
Win2k Remote Access
Moderator: Qbik Staff
3 posts
• Page 1 of 1
by erwin » Dec 14 04 8:19 am
Hi Max
Once you have both ends of your VPN configured with the appropriate security settings i.e. security certificate etc, connection details if using IPsec etc. that they require to connect together for the VPN, then configuring WinGate is fairly simple. There is quite a large chunk of info on the MS website regarding configuring L2tp VPNs.
The only thing required for WinGate to allow L2TP VPN traffic through to the RAS server hosting the VPN is to open the ports used redirect them to the internal IP of the RAS server.
You can do this by open up ENS in GateKeeper and selecting the port security tab. Click add to add a new port.
Once the port range configuration opens select the "Connections from the Internet and select the approriate protocol (UDP)and port (1701)(I think this is one of the ports LT2P with IPsec uses by default, BUT you will have to refer to MS documentation knowledge base on the exact specific ports/protocol used.
Then select the redirect packet option further down the page and enter the internal IP address of the RAS server. Remote vpn clients will specify the external IP of the WinGate server as the VPN to connect to, and this way all incoming L2TP VPN traffic from the Internet on this interface will be redirected to the RAS Server.
The new port mapping will then appear in the port security tab in GateKeeper once you've clicked OK.
WinGate will not require any other configuration to allow you to implement your MS L2tp VPN, as it is merely passing the traffic in this scenario.
Regards
Erwin
Once you have both ends of your VPN configured with the appropriate security settings i.e. security certificate etc, connection details if using IPsec etc. that they require to connect together for the VPN, then configuring WinGate is fairly simple. There is quite a large chunk of info on the MS website regarding configuring L2tp VPNs.
The only thing required for WinGate to allow L2TP VPN traffic through to the RAS server hosting the VPN is to open the ports used redirect them to the internal IP of the RAS server.
You can do this by open up ENS in GateKeeper and selecting the port security tab. Click add to add a new port.
Once the port range configuration opens select the "Connections from the Internet and select the approriate protocol (UDP)and port (1701)(I think this is one of the ports LT2P with IPsec uses by default, BUT you will have to refer to MS documentation knowledge base on the exact specific ports/protocol used.
Then select the redirect packet option further down the page and enter the internal IP address of the RAS server. Remote vpn clients will specify the external IP of the WinGate server as the VPN to connect to, and this way all incoming L2TP VPN traffic from the Internet on this interface will be redirected to the RAS Server.
The new port mapping will then appear in the port security tab in GateKeeper once you've clicked OK.
WinGate will not require any other configuration to allow you to implement your MS L2tp VPN, as it is merely passing the traffic in this scenario.
Regards
Erwin
- erwin
- Qbik Staff
- Posts: 408
- Joined: Sep 03 03 2:54 pm
Win2k Remote Access
by xonline » Dec 23 04 12:41 am
Hi Erwin and many thanks for your fast reply.
I've tried to apply your suggestions:
- redirected to LAN RAS 10.10.xxx.xxx traffic from Internet on ports 500 UDP and 1701 UDP whit notify enabled
- connected to Internet with a dial-up connection on telecom company
- connected to VPN using Wingate external adapter public ip
but I receive in the System tab the following message "Authentication failed - user Guest on 212.xxx.xxx.xxx requested NAT: 212.xxx.xxx.xxx:500 <-> 10.10.xxx.xxx:500" and it seems to me that packets are not forwarded to RAS.
What does it happens ???
Thanks
Max
I've tried to apply your suggestions:
- redirected to LAN RAS 10.10.xxx.xxx traffic from Internet on ports 500 UDP and 1701 UDP whit notify enabled
- connected to Internet with a dial-up connection on telecom company
- connected to VPN using Wingate external adapter public ip
but I receive in the System tab the following message "Authentication failed - user Guest on 212.xxx.xxx.xxx requested NAT: 212.xxx.xxx.xxx:500 <-> 10.10.xxx.xxx:500" and it seems to me that packets are not forwarded to RAS.
What does it happens ???
Thanks
Max
- xonline
- Posts: 6
- Joined: Aug 05 04 12:06 am
3 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 5 guests