Welcome to ISAserver.org

PPTP Site to Site with Vigor 2800 ADSL Router

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> VPN >> PPTP Site to Site with Vigor 2800 ADSL Router

Page: [1]

Message

<< Older Topic Newer Topic >>

PPTP Site to Site with Vigor 2800 ADSL Router - 19.Nov.2005 12:21:10 PM

kyleheath

Posts: 35
Joined: 3.Aug.2005
From: UK
Status: offline

Ive been trying to setup a PPTP site to site VPN with a Vigor 2800 adsl router, so far I have achieved the following

1. Vigor 2800 to ISA 2004 - I have created a LAN to LAN connection on the Vigor and using PAP/CHAP with a dial in enabled user I can establish a PPTP VPN connection to my SBS 2003 Server. However once connected I cannot ping from the remote client to the ISA Server, logging shows this as Denied by no specified rule. I understand that the ISA 2004 treats my remote network 192.168.100.0 as external and as a result denies my pings.

2. I have setup an ISA 2004 Site to Site VPN for PPTP and successfully had the Demand Dial Interface VPN my Vigor 2800 Router and esatablish a PPTP VPN, allowing ping as a test communication from the ISA to Remote Client and Remote Client to ISA. At this stage the Site to Site seems to be working as expected.

However the issue occurs when trying to establish the Site to Site from the remote client, the Vigor router cannot PPTP VPN the ISA server, the RRAS logs the event log error 20050, cannot negotiate network protocols. The Vigor is set to PAP/CHAP so I have set the ISA Site to Site to allwo these encryption types, and also I have allowed these in the RRAS and Remote Access Policy, but each time I get this error when trying to connect from the remote side.

I can only think that it is an ISA issue as I could establish the VPN prior to creating the Site to Site VPN, but once this is created I cannot. This means I have half a solution as I can start the link from the main site but not the remote site.

Ive been working on remote sites over ADSL for a while and found IPSEC just isnt consistent enough, and I have MTU issues often, so my plan was to use PPTP as this uses an MTU of 1400. Does anyone have any thoughs on this, or experience with a Vigor PPTP VPN?

Cheers

Kyle

Post #: 1

Featured Links*

RE: PPTP Site to Site with Vigor 2800 ADSL Router - 22.Jun.2006 2:00:26 PM

Owl

Posts: 3
Joined: 22.Jun.2006
Status: offline

Hi

I am having similar problems at the moment trying to setup a site to site VPN using a Vigor 2800 and the ISA 2004 SP2. Did you resolve your problem if so how?

Everytime I can see that the credentials are accepted (as per the ISA security event log) however under the system Event Log I get the following entry

EventID: 20050
The user xxx\yyyy connected to port VPN3-33 has been disconnected because no network protocols were sucessfully negotiated.

Thank you in advance for any replies or guidance offered.

(in reply to kyleheath)

Post #: 2

RE: PPTP Site to Site with Vigor 2800 ADSL Router - 3.Nov.2012 10:19:24 AM

oli.hall

Posts: 3
Joined: 3.Nov.2012
Status: offline

Soution to this problem:

In Your DrayTec router go to:
VPN and Remote Access>>LAN to LAN>>Profile Name: TCP/IP Network Settings, Remote Gateway IP.

Draytek state this should be set to 0.0.0.0 as it is configured automatically when connecting to another Draytek router.

What they forget to say is when connecting to an ISA/TMG server, you must set this manually to your Draytek router IP and not 0.0.0.0.

This solved the problem for me.

You must remember that in ISA, the name of Your VPN Network must be the same
as the username used in PPTP.

Draytek also have a username length limitation of 49 chr and password of 15 chr for Dial Out VPN. For Dial In VPN, username and password is max 11 chr. See:
http://www.draytek.com/user/SupportFAQDetail.php?ID=183

solution courtesy of Dariusz Kozicki

(in reply to kyleheath)

Post #: 3