Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[CompleteIT]

I have a SBS 2003 server currently being used for VPN connectivity for road warriors and have just installed a DIR-330 for a site to site connection. There is a previous post on here concerning this issue but the topic is locked and no resolution other that to call support which I did and did not seem to help. The server logs tell me it is a problem with the router is blocking GRE 47. How do I set this to be allowed to passthrough the router?

[Fatman]

I actually don't know/remember why that thread was locked.

However what I do need to know is the topology of this whole set-up.
Are we looking at

DIR-330<->Internet<->SBS Server

In which case I need to know what kind of router the SBS server is behind if any.

or

Internet<->DIR-330<->SBS Server

In which case I will ask as I asked in the other thread, why put a (very inexpensive) commercial router to do NAT in front of a fully qualified (very expensive) server OS that will do all your routing natively.

Also, if you called support what exactly did they tell you?

[CompleteIT]

Internet<->DIR-330<->SBS Server is the setup.
The device was purchased to connect two separate offices. VPN is already set up for the clients on the SBS server.  What we are trying to accomplish is to have a site to site connection between the two offices with two DIR-330 routers and leave the client authentication as it is, controlled by the server. The reasoning for this is that the DIR-330 does not supports Netbios over the VPN which is needed by the client systems. The site to site vpn connection is for our IP telephone system not for the users and there is no need for Netbios. I have been using a DI-724DU but when it is replaced with the DIR-330 Bye-Bye client connections. The server logs show that it is most likely GRE47 not passing thru the firewall on the router.

I spoke with the business support and They said I could try to move the forwarded ports up and down the list to see if that helped. They then tried to telnet to my server on TCP port 1723 and TCP port 47 and said it was an issue with the server not accepting data on port 47..........? (GRE 47 (IP47) is not TCP port 47 though on some older routers you forwarded TCP Port 47 to get it to work.)

 I asked them about VPN passthrough options in FW ver. 1.00 that are missing in the newer versions and I was told "it is on by default so it was removed". They then asked me to reboot the server which I could not do due to 15 - 20 people using software on the server and also because I was positive it was not part of the issue. I could swap back to the old router and everything worked as it should. I did not continue the conversation after that .

I reason I purchased the DIR-330 was due to the description on the dlink website "The DIR-330 can support IPSec, PPTP, and L2TP protocols, and can handle pass-through traffic as well." I think it may be time for a new Firmware for this device.

[CompleteIT]

Is there somewhere to download the FW V1.00 for this device I received the following from the previous poster on this topic

My Q: Did this ever get resolved ? I have the exact issue and the server log files show the GRE 47 is the issue.

Previous Poster: No, and Dlink even went as far to delete my polite response to the issue, as well as lock the thread.

The newest firmware doesn't even have a PPTP passthrough option to select, even though the emulator (firmware 1.00 which isn't available) on their website does.

I chose a different brand of router.

[Fatman]

No, FW 1.0 is not available.

As for the PM to the previous threads creator, I don't recall what happened a the end of that thread, however I don't believe I was the person to lock the thread.  I also know I certainly have never had to delete any posts, let alone a polite one.  That doesn't mean that someone else didn't, just that I wouldn't know who or why.

As for your set up, if the support agent asked you to reboot your server and that wasn't an option for you then he should have either offered a different avenue of troubleshooting or he should have offered to schedule a time when the server could be rebooted.  If you PM me the name of the agent and or case ID I may be able to look into this case.