d1ce849a   
   From: mike-newsgroup2008@-DELETETHISPART-.upcraft.com   
      
   daveh551 wrote:   
   > It seems like this should be a fairly common topic, and probably   
   > addressed elsewhere, but searching this and other groups as well as   
   > googling has failed to yield anything useful. I posted this in   
   > comp.security.firewalls, but maybe this is a more appropriate group   
   >   
   > My home network is on a FiOS internet connection, which runs through a   
   > Verizon (ActionTec) wireless router/switch.(WI1524WR or something like   
   > that) I have 3 machines, a Windows 2000 server acting as domain   
   > controller, a Compaq desktop running Windows XP Pro (SP2), and a  Dell   
   > laptop running Windows 2000 Pro (SP4). I am trying to configure the   
   > router to pass VPN requests through to the XP machine so I can access   
   > it with the laptop from outside. I have Windows configured to respond   
   > to VPN requests, and have the laptop configured to connect as a VPN   
   > client.  The connection made from inside the firewall (directly to the   
   > local hostname) works fine. I also have a second connection configured   
   > to go through the external IP, and connecting to it always fails with   
   > an Error 678: There was no answer. This is true whether I am   
   > connecting inside the house, or from a WiFi hot spot. The two VPN   
   > connections (local and remote) are configured identically except for   
   > the hostname, so I believe the VPN client and server setups are   
   > correct.  I think it has to be the router configuration for VPN   
   > passthrough. (The FiOS IP is dynamic, but I've got it set up to route   
   > through dyndns.org).   
   >   
   > The "Port Forwarding" screen on the router is showing setup to pass   
   > the following protocols through to the XP desktop:   
   > (I'm not sure exactly what all of these mean, I just configured from   
   > bits and pieces I found in different articles, using the configuration   
   > menus available on the router)   
   > GRE   
   > L2TP-UDP Any ->1701   
   > IPSec - UDP 500-> 500   
   > ESP   
   > AH   
   > TCP Any -> 1723   
   >   
   > When I attempted to connect over the VPN connection from a WiFi   
   > hotspot, this is what appeared in the router security log (newest is   
   > on top, so read from the bottom)   
   >   
   > Apr 3 10:00:54 2008     Inbound Traffic Connection closed       TCP   
   > 192.168.1.152 1723 <--> 71.170.239.192 1723 [71.97.118.241 45717]   
   > CLOSED/SYN_SENT clink0 Incoming STATIC   
   >   
   > Apr 3 10:00:54 2008     Outbound Traffic        Connection   
   > closed       TCP   
   > 71.97.118.241 45717<--> 71.97.118.241 45717[192.168.1.152 1723 ]   
   > SYN_SENT/CLOSED br0 Outgoing   
   >   
   > Apr 3 10:00:53 2008     Outbound Traffic        Connection   
   > opened       TCP   
   > 71.97.118.241 45734<--> 71.97.118.241 45734[192.168.1.152 1723 ]   
   > CLOSED/CLOSED br0 Outgoing   
   >   
   > Apr 3 10:00:53 2008     Inbound Traffic Accepted - Service      TCP   
   > 71.97.118.241:45734->192.168.1.152:1723 on clink0   
   >   
   > Apr 3 10:00:53 2008     Inbound Traffic Connection opened       TCP   
   > 192.168.1.152 1723 <--> 71.170.239.192 1723 [71.97.118.241 45734]   
   > CLOSED/SYN_SENT clink0 Incoming STATIC   
   >   
   > (192.168.1.152 is the local IP of the XP desktop. 71.170.239.192 is   
   > the external (FiOS) IP of the router, 71.97.118.241 is the IP of the   
   > hotspot where I was sending from.)   
   >   
   > Can anyone tell me what I am doing wrong and what to do to fix it?   
   >   
   > Thanks.   
      
   I assume the hotspot was also running on some kind of router.   
      
   Your IP address on the hotspot may have also been in the 192.168.1.xxx   
   range.   
      
   I would change the range of internal IP addresses that you are using at   
   home because it will frequently collide with the range of IP's on other   
   peoples routers.   
      
      
      
   --   
   WARNING!  Email address has been altered for spam resistance.   
   Please remove the -deletethispart-. section before replying directly.   
   Mike Drechsler (mike-newsgroup2008@-deletethispart-.upcraft.com)   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)