PDA

View Full Version : Port Forwarding for VPN



Growly
16-05-2004, 07:51 PM
Hi there,

I have server 2003 running a remote access server, allowing people to connect to it and become (virtually) part of my network in a VPN.

My only problem is my router. What ports should I forward so that the information can be passed on to my server from the internet? I turned DMZ on, and everything could be accessed just fine, and then i turned it off (for security), and when others try and log in they get error messages about the server not responding...

Im currently forwarding ports

1723
5678
500 (UDP)
120-130
90-98

Thanks,

kiki
16-05-2004, 09:02 PM
Well if its a remote access server, what are they accessing? That will be the key.

Growly
17-05-2004, 12:23 AM
...... What do you mean?

BIFF
17-05-2004, 01:39 AM
What sort of VPN are you wanting to use. If it's PPTP then you will need to forward TCP/1723, and Protocol 47 (GRE).
For IPSEC you will need UDP/500 and Protocol 50 (ESP).

Growly
17-05-2004, 05:46 PM
Yup ive got 50 + 51, and what port is GRE?

Yeah I use PPTP too, already forwarded that thouggh

Growly
17-05-2004, 11:04 PM
I'm forwarding the following ports to the server:

Prot Start End LAN IP

TCP 1723 1723 192.168.0.5
TCP 80 80 192.168.0.5
TCP 99 101 192.168.0.5
TCP 90 98 192.168.0.5
TCP 5678 5678 192.168.0.5
TCP 120 130 192.168.0.5
TCP 1700 1702 192.168.0.5
UDP 499 501 192.168.0.5
TCP 50 51 192.168.0.5


The people who log in say that it doesnt authenticate them, but they manage to connect, could this be a clue as to which port needs to be open?

BIFF
18-05-2004, 01:11 PM
You are only forwarding the UDP and TCP protocols. GRE and ESP are protocols, not ports. If the DMZ function assigns a public IP address to your server then it is likely that your router cannot forward these protocols via NAT. What model router do you have? I can then tell you if it's possible to do this with your setup.

Growly
18-05-2004, 10:27 PM
FINALLY!

Thanks for your help. As far as I know, my router cannot forward either of these protocols.

Man i feel so foolish, thanks for telling me! (No one else would)

I have a D-Link DSL 500.

It can forward SIP, PPTP, ICQ, H.323 and IPSec.