Results 1 to 7 of 7

Thread: Can you change the default VPN port on server 2003 and XP clients?

  1. #1
    Just Guessing Guest

    Can you change the default VPN port on server 2003 and XP clients?

    I would like to be able to VPN directly to multiple servers using the same
    router and network, but belonging to separate organizations. The only way I
    can think of doing this is if I can use a different VPN port for each server.
    Although I don't see any way to change port 1723. I don't want to upgrade
    the router, either. Thanks!

  2. #2
    Steve Riley [MSFT] Guest

    Re: Can you change the default VPN port on server 2003 and XP clients?

    There's no way to change the PPTP port.

    Normally, when your computer makes a VPN connection, your computer's default
    gateway is changed to the IP address of the VPN server. This is a security
    feature, as it prevents your computer from being misused as a kind of router
    between the remote network and the Internet.

    The only way to do what you want would be to disable this functionality.
    Then you could make multiple PPTP connections from your computer (PPTP is
    NATable, so your router should be able to handle this just fine). However,
    now your computer would be set up for "split-tunneling," which is not
    recommended at all. If an attacker got control of your computer, he could
    jump from the Internet to any of the networks you VPNed to.

    Short answer: connect to only one VPN at a time.

    --
    Steve Riley
    steve.riley@microsoft.com
    http://blogs.technet.com/steriley
    http://www.protectyourwindowsnetwork.com


    "Just Guessing" <JustGuessing@discussions.microsoft.com> wrote in message
    news:E6AF5D27-61B9-4C95-8B1D-7ADB078EAE87@microsoft.com...
    > I would like to be able to VPN directly to multiple servers using the same
    > router and network, but belonging to separate organizations. The only way
    > I
    > can think of doing this is if I can use a different VPN port for each
    > server.
    > Although I don't see any way to change port 1723. I don't want to upgrade
    > the router, either. Thanks!



  3. #3
    Just Guessing Guest

    Re: Can you change the default VPN port on server 2003 and XP clie

    Because the port can't be changed, this is neither here nor there - but
    because each server is owned by a different organization, no one person would
    establish more than one VPN connection.

    You wouldn't by any chance have a recommendation on how to do this? Router,
    software, or some other network wizardry?

    "Steve Riley [MSFT]" wrote:

    > There's no way to change the PPTP port.
    >
    > Normally, when your computer makes a VPN connection, your computer's default
    > gateway is changed to the IP address of the VPN server. This is a security
    > feature, as it prevents your computer from being misused as a kind of router
    > between the remote network and the Internet.
    >
    > The only way to do what you want would be to disable this functionality.
    > Then you could make multiple PPTP connections from your computer (PPTP is
    > NATable, so your router should be able to handle this just fine). However,
    > now your computer would be set up for "split-tunneling," which is not
    > recommended at all. If an attacker got control of your computer, he could
    > jump from the Internet to any of the networks you VPNed to.
    >
    > Short answer: connect to only one VPN at a time.
    >
    > --
    > Steve Riley
    > steve.riley@microsoft.com
    > http://blogs.technet.com/steriley
    > http://www.protectyourwindowsnetwork.com
    >
    >
    > "Just Guessing" <JustGuessing@discussions.microsoft.com> wrote in message
    > news:E6AF5D27-61B9-4C95-8B1D-7ADB078EAE87@microsoft.com...
    > > I would like to be able to VPN directly to multiple servers using the same
    > > router and network, but belonging to separate organizations. The only way
    > > I
    > > can think of doing this is if I can use a different VPN port for each
    > > server.
    > > Although I don't see any way to change port 1723. I don't want to upgrade
    > > the router, either. Thanks!

    >
    >


  4. #4
    Steve Riley [MSFT] Guest

    Re: Can you change the default VPN port on server 2003 and XP clie

    I was assuming that you were wanting to make multiple VPN connections from a
    single computer.

    Instead, I think you're describing a situation where multiple computers
    behind your router will be making VPN connections, each computer connecting
    to a different VPN server. Correct?

    Is your router a NAT router? Most NAT routers can properly handle this
    because they'll use different remapped source ports for the outgoing
    connections. Try it. If it doesn't work, then you'll need to look at either
    updating or replacing the router.

    --
    Steve Riley
    steve.riley@microsoft.com
    http://blogs.technet.com/steriley
    http://www.protectyourwindowsnetwork.com


    "Just Guessing" <JustGuessing@discussions.microsoft.com> wrote in message
    news:134B20DA-2AFB-487F-8B98-E5C1DCCAFED8@microsoft.com...
    > Because the port can't be changed, this is neither here nor there - but
    > because each server is owned by a different organization, no one person
    > would
    > establish more than one VPN connection.
    >
    > You wouldn't by any chance have a recommendation on how to do this?
    > Router,
    > software, or some other network wizardry?
    >
    > "Steve Riley [MSFT]" wrote:
    >
    >> There's no way to change the PPTP port.
    >>
    >> Normally, when your computer makes a VPN connection, your computer's
    >> default
    >> gateway is changed to the IP address of the VPN server. This is a
    >> security
    >> feature, as it prevents your computer from being misused as a kind of
    >> router
    >> between the remote network and the Internet.
    >>
    >> The only way to do what you want would be to disable this functionality.
    >> Then you could make multiple PPTP connections from your computer (PPTP is
    >> NATable, so your router should be able to handle this just fine).
    >> However,
    >> now your computer would be set up for "split-tunneling," which is not
    >> recommended at all. If an attacker got control of your computer, he could
    >> jump from the Internet to any of the networks you VPNed to.
    >>
    >> Short answer: connect to only one VPN at a time.
    >>
    >> --
    >> Steve Riley
    >> steve.riley@microsoft.com
    >> http://blogs.technet.com/steriley
    >> http://www.protectyourwindowsnetwork.com
    >>
    >>
    >> "Just Guessing" <JustGuessing@discussions.microsoft.com> wrote in message
    >> news:E6AF5D27-61B9-4C95-8B1D-7ADB078EAE87@microsoft.com...
    >> > I would like to be able to VPN directly to multiple servers using the
    >> > same
    >> > router and network, but belonging to separate organizations. The only
    >> > way
    >> > I
    >> > can think of doing this is if I can use a different VPN port for each
    >> > server.
    >> > Although I don't see any way to change port 1723. I don't want to
    >> > upgrade
    >> > the router, either. Thanks!

    >>
    >>


  5. #5
    Just Guessing Guest

    Re: Can you change the default VPN port on server 2003 and XP clie

    Each organization has it's own server. Each organization has remote workers
    wanting to VPN INTO their organization's server. The only issue is that all
    the servers are on one network with one router. Each server represents a
    different organization with different users AND A SEPARATE VPN SERVER. No
    one remote user will need to VPN into more than one server.

    Another way to word it: how do you connect from a remote location to a
    network that contains multiple VPN servers, but only one "average" router?
    How does the router distinguish between VPN server A and VPN server B?


    "Steve Riley [MSFT]" wrote:

    > I was assuming that you were wanting to make multiple VPN connections from a
    > single computer.
    >
    > Instead, I think you're describing a situation where multiple computers
    > behind your router will be making VPN connections, each computer connecting
    > to a different VPN server. Correct?
    >
    > Is your router a NAT router? Most NAT routers can properly handle this
    > because they'll use different remapped source ports for the outgoing
    > connections. Try it. If it doesn't work, then you'll need to look at either
    > updating or replacing the router.
    >
    > --
    > Steve Riley
    > steve.riley@microsoft.com
    > http://blogs.technet.com/steriley
    > http://www.protectyourwindowsnetwork.com
    >
    >
    > "Just Guessing" <JustGuessing@discussions.microsoft.com> wrote in message
    > news:134B20DA-2AFB-487F-8B98-E5C1DCCAFED8@microsoft.com...
    > > Because the port can't be changed, this is neither here nor there - but
    > > because each server is owned by a different organization, no one person
    > > would
    > > establish more than one VPN connection.
    > >
    > > You wouldn't by any chance have a recommendation on how to do this?
    > > Router,
    > > software, or some other network wizardry?
    > >
    > > "Steve Riley [MSFT]" wrote:
    > >
    > >> There's no way to change the PPTP port.
    > >>
    > >> Normally, when your computer makes a VPN connection, your computer's
    > >> default
    > >> gateway is changed to the IP address of the VPN server. This is a
    > >> security
    > >> feature, as it prevents your computer from being misused as a kind of
    > >> router
    > >> between the remote network and the Internet.
    > >>
    > >> The only way to do what you want would be to disable this functionality.
    > >> Then you could make multiple PPTP connections from your computer (PPTP is
    > >> NATable, so your router should be able to handle this just fine).
    > >> However,
    > >> now your computer would be set up for "split-tunneling," which is not
    > >> recommended at all. If an attacker got control of your computer, he could
    > >> jump from the Internet to any of the networks you VPNed to.
    > >>
    > >> Short answer: connect to only one VPN at a time.
    > >>
    > >> --
    > >> Steve Riley
    > >> steve.riley@microsoft.com
    > >> http://blogs.technet.com/steriley
    > >> http://www.protectyourwindowsnetwork.com
    > >>
    > >>
    > >> "Just Guessing" <JustGuessing@discussions.microsoft.com> wrote in message
    > >> news:E6AF5D27-61B9-4C95-8B1D-7ADB078EAE87@microsoft.com...
    > >> > I would like to be able to VPN directly to multiple servers using the
    > >> > same
    > >> > router and network, but belonging to separate organizations. The only
    > >> > way
    > >> > I
    > >> > can think of doing this is if I can use a different VPN port for each
    > >> > server.
    > >> > Although I don't see any way to change port 1723. I don't want to
    > >> > upgrade
    > >> > the router, either. Thanks!
    > >>
    > >>

    >


  6. #6
    Bill Grant Guest

    Re: Can you change the default VPN port on server 2003 and XP clie

    You would need a pool of public IP addresses (at least one public IP for
    each VPN server). You would then map one public IP to the private IP address
    of each VPN server on the LAN. In other words, you use one to one address
    mapping rather than port mapping from one IP.

    "Just Guessing" <JustGuessing@discussions.microsoft.com> wrote in message
    news:1B6DEB92-A44F-4628-8EA3-423F89E46D15@microsoft.com...
    > Each organization has it's own server. Each organization has remote
    > workers
    > wanting to VPN INTO their organization's server. The only issue is that
    > all
    > the servers are on one network with one router. Each server represents a
    > different organization with different users AND A SEPARATE VPN SERVER. No
    > one remote user will need to VPN into more than one server.
    >
    > Another way to word it: how do you connect from a remote location to a
    > network that contains multiple VPN servers, but only one "average" router?
    > How does the router distinguish between VPN server A and VPN server B?
    >
    >
    > "Steve Riley [MSFT]" wrote:
    >
    >> I was assuming that you were wanting to make multiple VPN connections
    >> from a
    >> single computer.
    >>
    >> Instead, I think you're describing a situation where multiple computers
    >> behind your router will be making VPN connections, each computer
    >> connecting
    >> to a different VPN server. Correct?
    >>
    >> Is your router a NAT router? Most NAT routers can properly handle this
    >> because they'll use different remapped source ports for the outgoing
    >> connections. Try it. If it doesn't work, then you'll need to look at
    >> either
    >> updating or replacing the router.
    >>
    >> --
    >> Steve Riley
    >> steve.riley@microsoft.com
    >> http://blogs.technet.com/steriley
    >> http://www.protectyourwindowsnetwork.com
    >>
    >>
    >> "Just Guessing" <JustGuessing@discussions.microsoft.com> wrote in message
    >> news:134B20DA-2AFB-487F-8B98-E5C1DCCAFED8@microsoft.com...
    >> > Because the port can't be changed, this is neither here nor there - but
    >> > because each server is owned by a different organization, no one person
    >> > would
    >> > establish more than one VPN connection.
    >> >
    >> > You wouldn't by any chance have a recommendation on how to do this?
    >> > Router,
    >> > software, or some other network wizardry?
    >> >
    >> > "Steve Riley [MSFT]" wrote:
    >> >
    >> >> There's no way to change the PPTP port.
    >> >>
    >> >> Normally, when your computer makes a VPN connection, your computer's
    >> >> default
    >> >> gateway is changed to the IP address of the VPN server. This is a
    >> >> security
    >> >> feature, as it prevents your computer from being misused as a kind of
    >> >> router
    >> >> between the remote network and the Internet.
    >> >>
    >> >> The only way to do what you want would be to disable this
    >> >> functionality.
    >> >> Then you could make multiple PPTP connections from your computer (PPTP
    >> >> is
    >> >> NATable, so your router should be able to handle this just fine).
    >> >> However,
    >> >> now your computer would be set up for "split-tunneling," which is not
    >> >> recommended at all. If an attacker got control of your computer, he
    >> >> could
    >> >> jump from the Internet to any of the networks you VPNed to.
    >> >>
    >> >> Short answer: connect to only one VPN at a time.
    >> >>
    >> >> --
    >> >> Steve Riley
    >> >> steve.riley@microsoft.com
    >> >> http://blogs.technet.com/steriley
    >> >> http://www.protectyourwindowsnetwork.com
    >> >>
    >> >>
    >> >> "Just Guessing" <JustGuessing@discussions.microsoft.com> wrote in
    >> >> message
    >> >> news:E6AF5D27-61B9-4C95-8B1D-7ADB078EAE87@microsoft.com...
    >> >> > I would like to be able to VPN directly to multiple servers using
    >> >> > the
    >> >> > same
    >> >> > router and network, but belonging to separate organizations. The
    >> >> > only
    >> >> > way
    >> >> > I
    >> >> > can think of doing this is if I can use a different VPN port for
    >> >> > each
    >> >> > server.
    >> >> > Although I don't see any way to change port 1723. I don't want to
    >> >> > upgrade
    >> >> > the router, either. Thanks!
    >> >>
    >> >>

    >>



  7. #7
    Steve Riley [MSFT] Guest

    Re: Can you change the default VPN port on server 2003 and XP clie

    Heh. Finally the architecture design is clear :)

    Bill's suggestion is correct. I'd also add each public address to a DNS
    server someplace, so that the client connections can use DNS names rather
    than IP addresses.

    So it would look like this:

    vpn.org1.com -> 1.0.0.1 (public) -> NAT router -> 10.0.0.1 (private) ->
    VPNserver1
    vpn.org2.com -> 2.0.0.2 (public) -> NAT router -> 10.0.0.2 (private) ->
    VPNserver2

    and so on.


    --
    Steve Riley
    steve.riley@microsoft.com
    http://blogs.technet.com/steriley
    http://www.protectyourwindowsnetwork.com


    "Bill Grant" <not.available@online> wrote in message
    news:e7FUpPvBIHA.3916@TK2MSFTNGP02.phx.gbl...
    > You would need a pool of public IP addresses (at least one public IP for
    > each VPN server). You would then map one public IP to the private IP
    > address of each VPN server on the LAN. In other words, you use one to one
    > address mapping rather than port mapping from one IP.
    >
    > "Just Guessing" <JustGuessing@discussions.microsoft.com> wrote in message
    > news:1B6DEB92-A44F-4628-8EA3-423F89E46D15@microsoft.com...
    >> Each organization has it's own server. Each organization has remote
    >> workers
    >> wanting to VPN INTO their organization's server. The only issue is that
    >> all
    >> the servers are on one network with one router. Each server represents a
    >> different organization with different users AND A SEPARATE VPN SERVER.
    >> No
    >> one remote user will need to VPN into more than one server.
    >>
    >> Another way to word it: how do you connect from a remote location to a
    >> network that contains multiple VPN servers, but only one "average"
    >> router?
    >> How does the router distinguish between VPN server A and VPN server B?
    >>
    >>
    >> "Steve Riley [MSFT]" wrote:
    >>
    >>> I was assuming that you were wanting to make multiple VPN connections
    >>> from a
    >>> single computer.
    >>>
    >>> Instead, I think you're describing a situation where multiple computers
    >>> behind your router will be making VPN connections, each computer
    >>> connecting
    >>> to a different VPN server. Correct?
    >>>
    >>> Is your router a NAT router? Most NAT routers can properly handle this
    >>> because they'll use different remapped source ports for the outgoing
    >>> connections. Try it. If it doesn't work, then you'll need to look at
    >>> either
    >>> updating or replacing the router.
    >>>
    >>> --
    >>> Steve Riley
    >>> steve.riley@microsoft.com
    >>> http://blogs.technet.com/steriley
    >>> http://www.protectyourwindowsnetwork.com
    >>>
    >>>
    >>> "Just Guessing" <JustGuessing@discussions.microsoft.com> wrote in
    >>> message
    >>> news:134B20DA-2AFB-487F-8B98-E5C1DCCAFED8@microsoft.com...
    >>> > Because the port can't be changed, this is neither here nor there -
    >>> > but
    >>> > because each server is owned by a different organization, no one
    >>> > person
    >>> > would
    >>> > establish more than one VPN connection.
    >>> >
    >>> > You wouldn't by any chance have a recommendation on how to do this?
    >>> > Router,
    >>> > software, or some other network wizardry?
    >>> >
    >>> > "Steve Riley [MSFT]" wrote:
    >>> >
    >>> >> There's no way to change the PPTP port.
    >>> >>
    >>> >> Normally, when your computer makes a VPN connection, your computer's
    >>> >> default
    >>> >> gateway is changed to the IP address of the VPN server. This is a
    >>> >> security
    >>> >> feature, as it prevents your computer from being misused as a kind of
    >>> >> router
    >>> >> between the remote network and the Internet.
    >>> >>
    >>> >> The only way to do what you want would be to disable this
    >>> >> functionality.
    >>> >> Then you could make multiple PPTP connections from your computer
    >>> >> (PPTP is
    >>> >> NATable, so your router should be able to handle this just fine).
    >>> >> However,
    >>> >> now your computer would be set up for "split-tunneling," which is not
    >>> >> recommended at all. If an attacker got control of your computer, he
    >>> >> could
    >>> >> jump from the Internet to any of the networks you VPNed to.
    >>> >>
    >>> >> Short answer: connect to only one VPN at a time.
    >>> >>
    >>> >> --
    >>> >> Steve Riley
    >>> >> steve.riley@microsoft.com
    >>> >> http://blogs.technet.com/steriley
    >>> >> http://www.protectyourwindowsnetwork.com
    >>> >>
    >>> >>
    >>> >> "Just Guessing" <JustGuessing@discussions.microsoft.com> wrote in
    >>> >> message
    >>> >> news:E6AF5D27-61B9-4C95-8B1D-7ADB078EAE87@microsoft.com...
    >>> >> > I would like to be able to VPN directly to multiple servers using
    >>> >> > the
    >>> >> > same
    >>> >> > router and network, but belonging to separate organizations. The
    >>> >> > only
    >>> >> > way
    >>> >> > I
    >>> >> > can think of doing this is if I can use a different VPN port for
    >>> >> > each
    >>> >> > server.
    >>> >> > Although I don't see any way to change port 1723. I don't want to
    >>> >> > upgrade
    >>> >> > the router, either. Thanks!
    >>> >>
    >>> >>
    >>>

    >


Similar Threads

  1. Unable to telnet Exchange 2003 server on port 25
    By HarshaB in forum Networking & Security
    Replies: 4
    Last Post: 01-04-2010, 12:56 PM
  2. Can Windows 2003 R2 Server manage Windows 7 Clients?
    By Breckon in forum Active Directory
    Replies: 3
    Last Post: 24-03-2010, 11:40 AM
  3. Change default port no for mysql in XAMPP
    By nachiket in forum Software Development
    Replies: 3
    Last Post: 28-12-2009, 03:42 PM
  4. How to change the Default Port and IP address in IIS
    By Shaan12 in forum Windows Software
    Replies: 3
    Last Post: 25-12-2009, 11:54 PM
  5. Replies: 3
    Last Post: 29-06-2009, 06:47 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,642,526,195.78639 seconds with 17 queries