Vpn help

question i have a comcast business account and want to vpn into my network from home.

i set up the inbound on the computer at my business and tried setting up the outbound on my lap top at home. i set my computer at work with a static ip, fowarded port 1723 to the staic ip on the comcast business gateway website, and then used my external ip address i found from http://www.whatismyip.com/ but i still coundn't connect. used the same steps to set up a vpn at my house which works but its on a residantal account. what is different from the commerical vs the residental that could create this proplem? i didn't purchase a static ip i just changed the ipv4 settings.

Responses

VBSSP-RICH

Advocate

•

1.4K Messages

10 years ago

Hello dac004 and welcome,

I am not sure what type of VPN you are using but the following provides the categorical VPN ports summary that must be open:

" 1) If RRAS based VPN server is behind a firewall (i.e. a firewall is placed between Internet and RRAS server), then following ports need to be opened (bidirectional) on this firewall to allow VPN traffic to pass through: -

For PPTP:
- IP Protocol=TCP, TCP Port number=1723 <- Used by PPTP control path
- IP Protocol=GRE (value 47) <- Used by PPTP data path
For L2TP:
- IP Protocol Type=UDP, UDP Port Number=500 <- Used by IKEv1 (IPSec control path)
- IP Protocol Type=UDP, UDP Port Number=4500 <- Used by IKEv1 (IPSec control path)
- IP Protocol Type=ESP (value 50) <- Used by IPSec data path
For SSTP:

IP Protocol=TCP, TCP Port number=443 <- Used by SSTP control and data path

For IKEv2:
- IP Protocol Type=UDP, UDP Port Number=500 <- Used by IKEv2 (IPSec control path)
- IP Protocol Type=UDP, UDP Port Number=4500 <- Used by IKEv2 (IPSec control path)
- IP Protocol Type=ESP (value 50) <- Used by IPSec data path

2) If RRAS server is directly connected to Internet, then you need to protect RRAS server from the Internet side (i.e. only allow access to the services on the public interface that isaccessible from the Internet side). This can be done using RRAS static filters or running Windows Firewall on the public interface (or the interface towards the Internet side). In this scenario following ports need to be opened (bidirectional) on RRAS box to allow VPN traffic to pass through

For PPTP:
- IP Protocol=TCP, TCP Port number=1723 <- Used by PPTP control path
- IP Protocol=GRE (value 47) <- Used by PPTP data path
For L2TP:

IP Protocol Type=UDP, UDP Port Number=500 <- Used by IKEv1 (IPSec control path)
IP Protocol Type=UDP, UDP Port Number=4500 <- Used by IKEv1 (IPSec control path)
IP Protocol Type=UDP, UDP Port Number=1701 <- Used by L2TP control/data path
IP Protocol Type=50 <- Used by data path (ESP)

For SSTP:
IP Protocol=TCP, TCP Port number=443 <- Used by SSTP control and data path

For IKEv2:
IP Protocol Type=UDP, UDP Port Number=500 <- Used by IKEv2 (IPSec control path)
IP Protocol Type=UDP, UDP Port Number=4500 <- Used by IKEv2 (IPSec control path)
IP Protocol Type=UDP, UDP Port Number=1701 <- Used by L2TP control/data path
IP Protocol Type=50 <- Used by data path (ESP)

Note: Please DO NOT configure RRAS static filters if you are running on the same server RRAS based NAT router functionality. This is because RRAS static filters are stateless and NAT translation requires a stateful edge firewall like ISA firewall.

Do not forget: If you enable Windows firewall or RRAS static filters on the public interface and only enable VPN traffic to pass-through, then all the other traffic may be dropped. For example, if the same server is running as a mail server facing internet or a DNS server or a reverse web proxy server, then you need to enable the ports used by those services explicitly. "

Hope this helps you out.

0

Comcast_Jon

Administrator

•

1.5K Messages

10 years ago

VBSSP-Rich,

Thank you for sharing this great information with the community.

All of us at the community appreciate it.

Thank you for all your contributions!

0