Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > INBOUND PPTP through Linksys units?

Reply
Thread Tools

INBOUND PPTP through Linksys units?

 
 
Leythos
Guest
Posts: n/a
 
      10-22-2004
I've run into an interesting problem. I have several Windows 2003
servers setup for VPN access from remote locations, but they don't
finish the authentication. The traces indicate that 1723 and GRE make it
through the Linksys routers to the server, but only 1723 makes it out of
the remote network back to the remote clients - no GRE passes out of the
servers LAN through the Linksys to the remote user.

I spent over 2 hours on the phone with Microsoft Support last night and
the above is all we could see - no GRE outbound, no matter what settings
are used with the Linksys BEFVP41 unit.

I replaced the BEFVP41 unit with a BEFSR111 unit today, tried 3 versions
of firmware, and had the exact same results.

Reading on the web forums indicate that there was a change in firmware
some time ago that has broken INBOUND PPTP using any Linksys unit.

I was looking at the D-Link DI-804HV, D-Link claims that it supports
inbound PPTP sessions - and their configuration applications lists it as
the product to use for a 4 person network with inbound VPN (PPTP) access
needed.

Anyone got any feedback on making a current Linksys unit work with
INBOUND PPTP to a Windows 2003 server?

Feedback on the DI-804HV would also be appreciated.

--
--
http://www.velocityreviews.com/forums/(E-Mail Removed)
(Remove 999 to reply to me)
 
Reply With Quote
 
 
 
 
nemo outis
Guest
Posts: n/a
 
      10-23-2004
In article <(E-Mail Removed)>, Leythos <(E-Mail Removed)> wrote:

Not quite what you want, but I have no trouble with outbound
(i.e., client) VPN through a D-Link DI-604.

Regards,




 
Reply With Quote
 
 
 
 
Leythos
Guest
Posts: n/a
 
      10-23-2004
In article <_dled.3112$nl.497@pd7tw3no>, nemo (E-Mail Removed) (nemo
outis) says...
> In article <(E-Mail Removed)>, Leythos <(E-Mail Removed)> wrote:
>
> Not quite what you want, but I have no trouble with outbound
> (i.e., client) VPN through a D-Link DI-604.


Yea, the outbound PPTP works on all SOHO Routers that I've tested, and
the 604 is one of them. The real question is what SOHO units FULLY
support "in-bound" PPTP sessions.

Linksys use to support in-bound PPTP sessions, but that was many
firmware rev's ago. I have the BEFSR41, BEFSR31, BEFSR11, BEFVP41,
BEFSX41, and a couple others here. None of them, with the last 5
firmware updates, support PPTP IN-BOUND.

--
--
(E-Mail Removed)
(Remove 999 to reply to me)
 
Reply With Quote
 
Gary
Guest
Posts: n/a
 
      10-23-2004
Leythos wrote:

> Linksys use to support in-bound PPTP sessions, but that was many
> firmware rev's ago. I have the BEFSR41, BEFSR31, BEFSR11, BEFVP41,
> BEFSX41, and a couple others here. None of them, with the last 5
> firmware updates, support PPTP IN-BOUND.


I've had to backrev some Linksys firmware recently. But I imagine their
lack of inbound support is on purpose. The smallest Cisco PIX, the 501,
sells for just under $400. They'll terminate both PPTP and IPsec
tunnels. You can do the same with one of D-Link's SOHO boxes, too, though.

-Gary
 
Reply With Quote
 
Leythos
Guest
Posts: n/a
 
      10-23-2004
In article <ESAed.237575$wV.221604@attbi_s54>, (E-Mail Removed)sux
says...
> Leythos wrote:
>
> > Linksys use to support in-bound PPTP sessions, but that was many
> > firmware rev's ago. I have the BEFSR41, BEFSR31, BEFSR11, BEFVP41,
> > BEFSX41, and a couple others here. None of them, with the last 5
> > firmware updates, support PPTP IN-BOUND.

>
> I've had to backrev some Linksys firmware recently. But I imagine their
> lack of inbound support is on purpose. The smallest Cisco PIX, the 501,
> sells for just under $400. They'll terminate both PPTP and IPsec
> tunnels. You can do the same with one of D-Link's SOHO boxes, too, though.


The Linksys BEFVP41 unit will do more than 70 IPSec tunnels and the
BEFSX41 will do about 10 with the latest firmware. We're not having any
problems with them at any location (and we have some 6 way IPSec tunnels
running).

I tried the BEFVP41, BEFSX41, and the BEFSR11 units and was unable to
get the units to pass GRE outbound. I know this worked in the older (5+
rev's) firmware, but I guess you may be right about the CISCO take over
and it not working now.

There is a D-Link VPN router that specifically states it can do IN-BOUND
PPTP sessions to local devices behind it - I'm picking one up on Monday
to test.

--
--
(E-Mail Removed)
(Remove 999 to reply to me)
 
Reply With Quote
 
Gary
Guest
Posts: n/a
 
      10-25-2004
Leythos wrote:
> In article <ESAed.237575$wV.221604@attbi_s54>, (E-Mail Removed)sux
> says...
>
>>Leythos wrote:
>>
>>
>>>Linksys use to support in-bound PPTP sessions, but that was many
>>>firmware rev's ago. I have the BEFSR41, BEFSR31, BEFSR11, BEFVP41,
>>>BEFSX41, and a couple others here. None of them, with the last 5
>>>firmware updates, support PPTP IN-BOUND.

>>
>>I've had to backrev some Linksys firmware recently. But I imagine their
>>lack of inbound support is on purpose. The smallest Cisco PIX, the 501,
>>sells for just under $400. They'll terminate both PPTP and IPsec
>>tunnels. You can do the same with one of D-Link's SOHO boxes, too, though.

>
>
> The Linksys BEFVP41 unit will do more than 70 IPSec tunnels and the
> BEFSX41 will do about 10 with the latest firmware. We're not having any
> problems with them at any location (and we have some 6 way IPSec tunnels
> running).
>
> I tried the BEFVP41, BEFSX41, and the BEFSR11 units and was unable to
> get the units to pass GRE outbound. I know this worked in the older (5+
> rev's) firmware, but I guess you may be right about the CISCO take over
> and it not working now.


The odd thing is that I'm having trouble with the IPsec client on the
SX41 working with the IPsec server on the PIX. Another user has an RV082
which is a larger, Cisco branded unit that also includes an 8 port
switch and dual WAN ports for failover -- pretty cool in case you want
cable and DSL. If I have any better luck with it, I'll be sure to post
my results.

> There is a D-Link VPN router that specifically states it can do IN-BOUND
> PPTP sessions to local devices behind it - I'm picking one up on Monday
> to test.


Yes, the DFL-80 has an IPsec client that works with the PIX. It also has
a PPTP client and PPTP server. I've had good luck using both of those
with the PIX as server and Windows as client, respectively. I wish the
Linksys boxes had PPTP client. It would make my life much easier.

-Gary
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Absurd PPTP problems: PPTP out no longer works. Elia Spadoni Cisco 15 04-01-2008 07:40 AM
Re: Firewall (cheap) that supports PPTP inbound to firewall kenw@kmsi.net Computer Security 2 08-17-2004 07:55 PM
Re: Firewall (cheap) that supports PPTP inbound to firewall shopping.nowthor.com Computer Security 0 07-31-2004 04:11 PM
Can Linksys broadband/wifi routers run inbound/outbound access lists? Peter Cisco 7 12-09-2003 03:50 PM
Inbound PPTP through PIX Frank Pineau Cisco 1 12-02-2003 04:16 AM



Advertisments