Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: question about Microsoft vpn or alternatives

From: "Gregory M. Brown" <gbrown () alvalearning com>
Date: Tue, 14 Oct 2003 13:29:36 -0600
Be sure to verify that within the properties of the VPN connectoid that
the client for microsoft networks is there.  This error is indicative of
that piece missing.  I'm assuming you have only one user that is having
issues.  If only one user is having a problem, you can also check to
insure that he has dial in permission via AD or User Mangler in NT4.
gb

-----Original Message-----
From: M. Lucas [mailto:m.lucas () taos-it nl] 
Sent: Monday, October 13, 2003 12:31 AM
To: Johnny Tam
Cc: security-basics () securityfocus com
Subject: Re: question about microsoft vpn or alternatives

On Fri, 2003-10-10 at 17:38, Johnny Tam wrote:

Hello all
I have a windows 2000 server configured for
VPN (PPTP) and Terminal Services App Mode.
Everything is working on the server and there has
been no problem with ports being blocked, etc since
it is directly connected to the internet.

I have a remote client that cannot connect to
the vpn server. It only goes until Verifying
Password and then just gives out an error 721.

From my initial testing on why this "could"
happen. I found out that the client is not
directly connected to the internet although he
has a real IP 10.xxx.xxx.xxx. By that,
I mean he goes through at least one or two
nodes up him that could possibly filter a lot
of ports. Even ICMP (ping) inbound and outbound
is prohibited, you just get a request timed out
all the time but internet surfing etc is working ok.
If you do a traceroute from tracert, it would
end up until
15  zzz.CUSTOMER.DSL.ALTER.NET (66.66.66.66)  233.526
ms  235.943 ms  239.454 ms
16  * * *
17  * * *
18  * * *

(ip modified for privacy)

If I request those nodes above him to allow
ICMP, would that help? or NAT problem?

Are there any alternative VPN solution I can
use that won't have this kind of problem?
How is Cisco's implementation of VPN? 

Thank you for any helpful information


Take a look at his firewall and search for allowing GRE traffic.

I had the same issue this weekend ;)

Maurice Lucas



------------------------------------------------------------------------
---
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: