how to i specify a single ip address to be used for all vpn traffic .
right now the vpn only works on my default preffered route. it will not
work on another ip address.
-
-
randyloveless
Member Candidate
- Posts: 207
- Joined:
- Location: california
- Contact:
-
-
andrewluck
Forum Veteran
- Posts: 700
- Joined:
- Location: Norfolk, UK
-
-
randyloveless
Member Candidate
- Posts: 207
- Joined:
- Location: california
- Contact:
sorry about that i wasnt thinking very well last night
ok
ip address on router are
64.x.x.2/26
64.x.x.3/26
64.x.x.4/26
gateway 64.x.x.1 preffered ip 64.x.x.2
now vpn works most of the time ,but only thru the 64.x.x.2
if i try to use 64.x.x.3 it fails with the 619 error
i also need to know if there is a better way to due client vpn pptp
i have a couple of client that when they go to different hotels , and they
dont have the passthru for the gre and vpn ports get the 619 error as well
it there a workaround or another way to get that client into his network .?
thanks randy
ok
ip address on router are
64.x.x.2/26
64.x.x.3/26
64.x.x.4/26
gateway 64.x.x.1 preffered ip 64.x.x.2
now vpn works most of the time ,but only thru the 64.x.x.2
if i try to use 64.x.x.3 it fails with the 619 error
i also need to know if there is a better way to due client vpn pptp
i have a couple of client that when they go to different hotels , and they
dont have the passthru for the gre and vpn ports get the 619 error as well
it there a workaround or another way to get that client into his network .?
thanks randy
-
-
andrewluck
Forum Veteran
- Posts: 700
- Joined:
- Location: Norfolk, UK
Randy
Think I understand you now. You have multiple IP addresses on the outside interface of the MT ?
It's usual for VPN gateways to only support connections on one IP address. Certainly the Cisco PIX does it this way. Why do you need your clients to connect to the others?
The GRE packets are the cause of most connection problems, TCP 1723 only if they're specifically blocked. The MS VPN client also does IPSEC over L2TP. MT support this but not in NAT-T mode so i there's any NAT being done this will fail. Same for IPSEC only.
Once I've eliminated those options I usually fall back on port forwarding over an SSH connection. This will require an SSH server on your network though.
Regards
Andrew
Think I understand you now. You have multiple IP addresses on the outside interface of the MT ?
It's usual for VPN gateways to only support connections on one IP address. Certainly the Cisco PIX does it this way. Why do you need your clients to connect to the others?
The GRE packets are the cause of most connection problems, TCP 1723 only if they're specifically blocked. The MS VPN client also does IPSEC over L2TP. MT support this but not in NAT-T mode so i there's any NAT being done this will fail. Same for IPSEC only.
Once I've eliminated those options I usually fall back on port forwarding over an SSH connection. This will require an SSH server on your network though.
Regards
Andrew
-
-
randyloveless
Member Candidate
- Posts: 207
- Joined:
- Location: california
- Contact:
andrew
thanks for the info. the reason for multiple ip's was for keeping everything
straight .
ie nat goes thru 64.x.x.2
vpn goes thru 64.x.x.3
had an issue a couple of months ago with p2p grabbing the 1700-1800
ports on our main 64.x.x.2 ip address . so i figured that it would be better
to move the vpn ip address and only allow those ports in and out
thanks for the info. the reason for multiple ip's was for keeping everything
straight .
ie nat goes thru 64.x.x.2
vpn goes thru 64.x.x.3
had an issue a couple of months ago with p2p grabbing the 1700-1800
ports on our main 64.x.x.2 ip address . so i figured that it would be better
to move the vpn ip address and only allow those ports in and out