INBOUND PPTP through Linksys units?

Discussion in 'Computer Security' started by Leythos, Oct 22, 2004.

  1. Leythos

    Leythos Guest

    I've run into an interesting problem. I have several Windows 2003
    servers setup for VPN access from remote locations, but they don't
    finish the authentication. The traces indicate that 1723 and GRE make it
    through the Linksys routers to the server, but only 1723 makes it out of
    the remote network back to the remote clients - no GRE passes out of the
    servers LAN through the Linksys to the remote user.

    I spent over 2 hours on the phone with Microsoft Support last night and
    the above is all we could see - no GRE outbound, no matter what settings
    are used with the Linksys BEFVP41 unit.

    I replaced the BEFVP41 unit with a BEFSR111 unit today, tried 3 versions
    of firmware, and had the exact same results.

    Reading on the web forums indicate that there was a change in firmware
    some time ago that has broken INBOUND PPTP using any Linksys unit.

    I was looking at the D-Link DI-804HV, D-Link claims that it supports
    inbound PPTP sessions - and their configuration applications lists it as
    the product to use for a 4 person network with inbound VPN (PPTP) access
    needed.

    Anyone got any feedback on making a current Linksys unit work with
    INBOUND PPTP to a Windows 2003 server?

    Feedback on the DI-804HV would also be appreciated.

    --
    --

    (Remove 999 to reply to me)
    Leythos, Oct 22, 2004
    #1
    1. Advertising

  2. Leythos

    nemo outis Guest

    In article <>, Leythos <> wrote:

    Not quite what you want, but I have no trouble with outbound
    (i.e., client) VPN through a D-Link DI-604.

    Regards,
    nemo outis, Oct 23, 2004
    #2
    1. Advertising

  3. Leythos

    Leythos Guest

    In article <_dled.3112$nl.497@pd7tw3no>, nemo (nemo
    outis) says...
    > In article <>, Leythos <> wrote:
    >
    > Not quite what you want, but I have no trouble with outbound
    > (i.e., client) VPN through a D-Link DI-604.


    Yea, the outbound PPTP works on all SOHO Routers that I've tested, and
    the 604 is one of them. The real question is what SOHO units FULLY
    support "in-bound" PPTP sessions.

    Linksys use to support in-bound PPTP sessions, but that was many
    firmware rev's ago. I have the BEFSR41, BEFSR31, BEFSR11, BEFVP41,
    BEFSX41, and a couple others here. None of them, with the last 5
    firmware updates, support PPTP IN-BOUND.

    --
    --

    (Remove 999 to reply to me)
    Leythos, Oct 23, 2004
    #3
  4. Leythos

    Gary Guest

    Leythos wrote:

    > Linksys use to support in-bound PPTP sessions, but that was many
    > firmware rev's ago. I have the BEFSR41, BEFSR31, BEFSR11, BEFVP41,
    > BEFSX41, and a couple others here. None of them, with the last 5
    > firmware updates, support PPTP IN-BOUND.


    I've had to backrev some Linksys firmware recently. But I imagine their
    lack of inbound support is on purpose. The smallest Cisco PIX, the 501,
    sells for just under $400. They'll terminate both PPTP and IPsec
    tunnels. You can do the same with one of D-Link's SOHO boxes, too, though.

    -Gary
    Gary, Oct 23, 2004
    #4
  5. Leythos

    Leythos Guest

    In article <ESAed.237575$wV.221604@attbi_s54>, sux
    says...
    > Leythos wrote:
    >
    > > Linksys use to support in-bound PPTP sessions, but that was many
    > > firmware rev's ago. I have the BEFSR41, BEFSR31, BEFSR11, BEFVP41,
    > > BEFSX41, and a couple others here. None of them, with the last 5
    > > firmware updates, support PPTP IN-BOUND.

    >
    > I've had to backrev some Linksys firmware recently. But I imagine their
    > lack of inbound support is on purpose. The smallest Cisco PIX, the 501,
    > sells for just under $400. They'll terminate both PPTP and IPsec
    > tunnels. You can do the same with one of D-Link's SOHO boxes, too, though.


    The Linksys BEFVP41 unit will do more than 70 IPSec tunnels and the
    BEFSX41 will do about 10 with the latest firmware. We're not having any
    problems with them at any location (and we have some 6 way IPSec tunnels
    running).

    I tried the BEFVP41, BEFSX41, and the BEFSR11 units and was unable to
    get the units to pass GRE outbound. I know this worked in the older (5+
    rev's) firmware, but I guess you may be right about the CISCO take over
    and it not working now.

    There is a D-Link VPN router that specifically states it can do IN-BOUND
    PPTP sessions to local devices behind it - I'm picking one up on Monday
    to test.

    --
    --

    (Remove 999 to reply to me)
    Leythos, Oct 24, 2004
    #5
  6. Leythos

    Gary Guest

    Leythos wrote:
    > In article <ESAed.237575$wV.221604@attbi_s54>, sux
    > says...
    >
    >>Leythos wrote:
    >>
    >>
    >>>Linksys use to support in-bound PPTP sessions, but that was many
    >>>firmware rev's ago. I have the BEFSR41, BEFSR31, BEFSR11, BEFVP41,
    >>>BEFSX41, and a couple others here. None of them, with the last 5
    >>>firmware updates, support PPTP IN-BOUND.

    >>
    >>I've had to backrev some Linksys firmware recently. But I imagine their
    >>lack of inbound support is on purpose. The smallest Cisco PIX, the 501,
    >>sells for just under $400. They'll terminate both PPTP and IPsec
    >>tunnels. You can do the same with one of D-Link's SOHO boxes, too, though.

    >
    >
    > The Linksys BEFVP41 unit will do more than 70 IPSec tunnels and the
    > BEFSX41 will do about 10 with the latest firmware. We're not having any
    > problems with them at any location (and we have some 6 way IPSec tunnels
    > running).
    >
    > I tried the BEFVP41, BEFSX41, and the BEFSR11 units and was unable to
    > get the units to pass GRE outbound. I know this worked in the older (5+
    > rev's) firmware, but I guess you may be right about the CISCO take over
    > and it not working now.


    The odd thing is that I'm having trouble with the IPsec client on the
    SX41 working with the IPsec server on the PIX. Another user has an RV082
    which is a larger, Cisco branded unit that also includes an 8 port
    switch and dual WAN ports for failover -- pretty cool in case you want
    cable and DSL. If I have any better luck with it, I'll be sure to post
    my results.

    > There is a D-Link VPN router that specifically states it can do IN-BOUND
    > PPTP sessions to local devices behind it - I'm picking one up on Monday
    > to test.


    Yes, the DFL-80 has an IPsec client that works with the PIX. It also has
    a PPTP client and PPTP server. I've had good luck using both of those
    with the PIX as server and Windows as client, respectively. I wish the
    Linksys boxes had PPTP client. It would make my life much easier.

    -Gary
    Gary, Oct 25, 2004
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Frank Pineau

    Inbound PPTP through PIX

    Frank Pineau, Dec 2, 2003, in forum: Cisco
    Replies:
    1
    Views:
    751
    Rik Bain
    Dec 2, 2003
  2. Peter
    Replies:
    7
    Views:
    1,086
    Peter
    Dec 9, 2003
  3. shopping.nowthor.com

    Re: Firewall (cheap) that supports PPTP inbound to firewall

    shopping.nowthor.com, Jul 31, 2004, in forum: Computer Security
    Replies:
    0
    Views:
    416
    shopping.nowthor.com
    Jul 31, 2004
  4. Replies:
    2
    Views:
    497
  5. Elia Spadoni
    Replies:
    15
    Views:
    2,838
Loading...

Share This Page