Hi All,

What do I need to do to enable myself VPN access through my SAR130? My current setup is Laptop with wireless card to wireless router, ethernet to SAR130 and out to the world on BT Broadband.

From searching here on this topic it appears I need to do something with the NAT rules. Currently I have only the default rule although I've re-numbered it to 10 to give more flexibility.

Been playing with various rules and can get initial contact with the VPN server, but cannot complete the authentication process. Any help will be gratefully received.

Thanks, Ewen.

Most (all?) of the threads here (and in the SAR 110 group) have been about connecting from the PPP side of the SAR 130 to the Ethernet side.

If I understand correctly you are trying to go the other way.

Which OS and VPN software are you using on the laptop?

Which OS and VPN software is used on the VPN server? Are you trying to set up VPN with PPTP or L2TP/IPSec?

The laptop is running W2k (on an IBM Thinkpad T23) and I'm using an AT&T dialer to connect from home to my employer's (IBM) network via VPN. I've found various hints and tips on IBM internal websites but nothing clear enough (yet, got some threads going).

I appreciate that it's unlikely people will be able to give an exact answer, but an idea of what I'll need to do would be good.

Thanks,
Ewen.

Is anyone else successfully making VPN connections using the IBM kit? With W2K? You have SP4 on your W2K?

Is authenticaition refused or does it time out?

Are you using IP filtering on the SAR 130? Firewalling? If so, can you turn them off during testing (do you have a firewall on the laptop?).

Do you have the default NAT rule on the SAR 130? That's rule 1, a NAPT rule.

With IP filtering and firewalling off, with the default NAPT rule and with connection initiated from your laptop it ought to work "out of the box".

If it doesn't then it would be useful to know if the IBM kit wants to use PPTP or L2TP/IPSec. W2K will use either but will need a certificate for L2TP/IPSec to work.

I'm at work at the moment, but will know more tonight when I start playing again. I think it uses IPSec. It gets through to the server at first to retrieve a list of valid IP addresses but then can't authenticate on any of the addresses.

Other people have been able to do it. My next steps will be to disable all filtering and firewalls and try to get it sorted, then tighten up the rules.

Yes, got SP4.

Cheers,
Ewen.

AFAIK, if it is IPSec then you will need a certificate on your portable from the people who operate the kit at the IBM end.

Correct, and it is the authentication of the certificates that is the current problem. It all works fine if I swap out the SAR130 for a BT USB modem (no firewalls etc), so there is no problem establishing the connection from the laptop - there must be some sort of blocking going on in the setup of the SAR130. I don't know enough about NAT rules and firewalls to work out what the problem is.

Thanks again,
Ewen.

Ah, that's a useful bit of information. It does sound as if the problem must lay with the SAR 130, then.

Start Configuration Manager

Services, Firewall and disable everything

Services, IP Filter and set Security level to None

Admin, Commit & Reboot, Commit

If it still doesn't work, try opening a command prompt on the SAR 130 (via the serial console or telnet) and enter the command
delete alg port portno 1723 prot tcpthen
committhen re-test.

If you have any difficulty getting to a command prompt, reply in this thread.

Let us know how it goes.

Good luck!