Hello
Below is my company network schema:
I’d like connect to VPN Server (Windows 2003) from home, school etc.
What I’ve done:
I’ve made NAT, I’ve Forwarded tpc and udp ports to Windows machine TCP: 1723, UDP: 500,4500,1701.
Only how enable ESP (Protocol ID 50) and GRE (Protocol ID 74), I’d like use both L2TP and PPTP.
–
Best regards
One question: why not do the VPN on the router?
No need to forward ESP as NAT-T will be in use. This uses TCP4500 (you need to check this port). No need to forward UDP1701 as this is L2TP without ESP encapsulation.
Turn on connection tracking and PPTP / GRE service ports in /IP FIREWALL. This should sort GRE.
Regards
Andrew
Hello
Thank you for replay
One question: why not do the VPN on the router?
Unfortunately I can’t do this on the router, I know that will be better solution, i can do this only on the windows box.
When this server (VPN) is behind NAT, it will be work properly?
No need to forward ESP as NAT-T will be in use. This uses TCP4500 (you need to check this port). No need to forward UDP1701 as this is L2TP without ESP encapsulation.
So, what ports I must forward?
TCP: 1723
UDP: 500,4500
Turn on connection tracking and PPTP / GRE service ports in /IP FIREWALL. This should sort GRE.
Thanks, but what about ESP?
ROS supports both L2TP and pptp.
No need to forward ESP as NAT-T will be in use. This uses TCP:4500 (you need to check this port).
Seriously consider doing all this on the router. It’ll save the NAT-T overhead.
Ports required:
TCP 1723, 4500
UDP 500
Regards
Andrew
Thank you once again
This uses TCP:4500 (you need to check this port).
Ports required:
TCP 1723, 4500
UDP 500
Sorry but I’m not sure, should be 4500 TCP or UDP?
M$ on this article wrote 4500 UDP:
http://technet2.microsoft.com/WindowsServer/en/library/428c1bbf-2ceb-4f76-a1ef-0219982eca101033.mspx
–
Best regards
the only logical solution would be to tunnel to router …
indeed, all management of tunnels can be made in router, it is really easy, if you already have some prior knowladge
here is how to about pptp:
http://www.mikrotik.com/testdocs/ros/2.9/interface/pptp.php
l2pt:
http://www.mikrotik.com/testdocs/ros/2.9/interface/l2tp.php