From: icc85@hotmail.com
"Either the tunnel is there or it isn't. No middle ground".
Actually John thats not entirely true.
If both subnets are the same PPTP will auth and bring up the tunnel but no
traffic will pass.
More than likely thats what he getting.
If both are 10.0.1.1 then this is what happens. Most of us have seen this
and always change our internal NAT to something
you just don't see on avg router deployment. For example his VPN svr could
be 10.0.23.1 or what have you.
ICC
"John Lewis" wrote in message
news:CCvHb.36246$ms2.5178@fe2.columbus.rr.com...
> A third party router can't block ports on the tunnel. Either the tunnel
is
> there or it isn't. No middle ground.
>
> What you are seeing is a routing issue.
>
> A VPN connection is a tunnel with two endpoints, and is not part of any
> network. Even though the addresses assigned to the tunnel fall within the
> range of your network, you will note if you do an 'ipconfig' at a command
> prompt that the mask is set to 255.255.255.255.
>
> The MS DUN/VPN client tries to take care of this by adding a route to the
> remote network on the client machine. The details of the server side
> network are not available to the client, so the client must assume a
netmask
> for the route. The MS client follows RFC 1918, so your 10.xx.xx.xx
network
> is assumed to have a mask of 255.0.0.0. This means the local network (in
> this case the hotel) network address is the same as the server network
> address, so a route is not added.
>
> If the network addresses are really different -- the mask on both sides is
> not 255.0.0.0 -- you could manually add a route on the client to the
server
> side network. You could also use CMAK to make a connectiod and cmroute to
> add the route to automate the whole deal.
>
>
>
> "Ran Hooper" wrote in message
> news:28928720.0312272207.4386b3e7@posting.google.com...
> > Can a third party router (a router in the middle of your tunnel, or
remote
> > user ISP router - outside of your control) be configured to block ports
> > within a VPN tunnel?
> >
> > Scenario:
> > Client has an application that pulls files off of a Windows server. We
> just
> > have the remote users PPTP VPN (Using XP) in to the router, and
everything
> > works fine. This past holiday the client was travelling and ordered some
> > kind of $9.99 per day broadband service at his hotel. He could establish
> the
> > VPN connection but the application or authenticatation didn't work. He
> > couldn't even ping the server.
> >
> > Things to consider:
> > His private side ip setup is 10.0.1.x
> > The hotel used 10.0.x.x
> >
> > Should this matter? He's trying to find a server at 10.0.1.x. It did
seem
> > like everything was trying to go out the hotel router when I had him do
a
> > tracert. I use 10.1.x.x at my shop and have no issues at all connecting
to
> > 10.0.0.x or 10.0.x.x etc. Wierd!
> >
> > He tracked down the Hotel IT and they claimed they weren't running a
> > firewall (yet they are issuing 10.0.x.x ip's). Idiots! They also stated
> > that outside contractors set it up.
> >
> > Of course I didn't get on the machine nor did he have enough patience to
> try
> > multiple things on the phone. I did try telneting into port 135 on the
> > server and no dice so I assumed something was filtering the ports. Then
it
> > occurred to me that nothing should interfere in the tunnel thus my first
> > question. Does the third party router even realize what ports you are
> using?
> > Is IPSEC handled differently than PPTP with regards to ports issues like
> > this appears to be?
> >
> > I know I can setup the router to filter the tunnel, but it's not
filtered.
> >
> > Thanks,
> > Ran Hooper
> > ran@qnet.com
>
>
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
