View Full Version : Port Forwarding for VPN

16-05-2004, 07:51 PM
Hi there,

I have server 2003 running a remote access server, allowing people to connect to it and become (virtually) part of my network in a VPN.

My only problem is my router. What ports should I forward so that the information can be passed on to my server from the internet? I turned DMZ on, and everything could be accessed just fine, and then i turned it off (for security), and when others try and log in they get error messages about the server not responding...

Im currently forwarding ports

500 (UDP)


16-05-2004, 09:02 PM
Well if its a remote access server, what are they accessing? That will be the key.

17-05-2004, 12:23 AM
...... What do you mean?

17-05-2004, 01:39 AM
What sort of VPN are you wanting to use. If it's PPTP then you will need to forward TCP/1723, and Protocol 47 (GRE).
For IPSEC you will need UDP/500 and Protocol 50 (ESP).

17-05-2004, 05:46 PM
Yup ive got 50 + 51, and what port is GRE?

Yeah I use PPTP too, already forwarded that thouggh

17-05-2004, 11:04 PM
I'm forwarding the following ports to the server:

Prot Start End LAN IP

TCP 1723 1723
TCP 80 80
TCP 99 101
TCP 90 98
TCP 5678 5678
TCP 120 130
TCP 1700 1702
UDP 499 501
TCP 50 51

The people who log in say that it doesnt authenticate them, but they manage to connect, could this be a clue as to which port needs to be open?

18-05-2004, 01:11 PM
You are only forwarding the UDP and TCP protocols. GRE and ESP are protocols, not ports. If the DMZ function assigns a public IP address to your server then it is likely that your router cannot forward these protocols via NAT. What model router do you have? I can then tell you if it's possible to do this with your setup.

18-05-2004, 10:27 PM

Thanks for your help. As far as I know, my router cannot forward either of these protocols.

Man i feel so foolish, thanks for telling me! (No one else would)

I have a D-Link DSL 500.

It can forward SIP, PPTP, ICQ, H.323 and IPSec.