Security Basics mailing list archives

Re: question about microsoft vpn or alternatives

From: Ivan Hernandez <ivan.hernandez () globalsis com ar>
Date: Tue, 14 Oct 2003 10:44:06 -0300

PPTP uses the GRE Protocol (IP Protocol number 47) and i have found thatsome NAT's does not route it as it does not know what it is. You can ofcourse turn to IPSec, wich is widely known now, and will get you bettersupport.

That's my 2 cent's
Ivan Hernandez

Johnny Tam wrote:

Hello all
I have a windows 2000 server configured for
VPN (PPTP) and Terminal Services App Mode.
Everything is working on the server and there has
been no problem with ports being blocked, etc since
it is directly connected to the internet.

I have a remote client that cannot connect to
the vpn server. It only goes until Verifying
Password and then just gives out an error 721.

From my initial testing on why this "could"
happen. I found out that the client is not
directly connected to the internet although he
has a real IP 10.xxx.xxx.xxx. By that,
I mean he goes through at least one or two
nodes up him that could possibly filter a lot
of ports. Even ICMP (ping) inbound and outbound
is prohibited, you just get a request timed out
all the time but internet surfing etc is working ok.
If you do a traceroute from tracert, it would
end up until
15  zzz.CUSTOMER.DSL.ALTER.NET (66.66.66.66)  233.526
ms  235.943 ms  239.454 ms
16  * * *
17  * * *
18  * * *

(ip modified for privacy)

If I request those nodes above him to allow
ICMP, would that help? or NAT problem?

Are there any alternative VPN solution I can
use that won't have this kind of problem?

How is Cisco's implementation of VPN?

Thank you for any helpful information

__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com

---------------------------------------------------------------------------
----------------------------------------------------------------------------




---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

question about microsoft vpn or alternatives Johnny Tam (Oct 10)
- Re: question about microsoft vpn or alternatives M. Lucas (Oct 14)
- Re: question about microsoft vpn or alternatives Ivan Hernandez (Oct 14)
- <Possible follow-ups>
- RE: question about Microsoft vpn or alternatives Gregory M. Brown (Oct 14)