BT Micro and VPN's

OK, first time at this

SBS 2003, and a BT Micro router (BT Micro is a VoIP(SiPS) enabled PABX with a built in firewall and router)

I've port forwarded (reserved mappings) the following ports to the server
25, SMTP
443, SSL
444, SSL (Sharepoint)
3389, RDP
1723, VPN Connections <- this is the one giving me the issues
4125, RWW

I've also created pinholes (port filters) for these to allow the traffic through.

When trying to connect to the server, the firewall logs on port 47 that 'Default Defense' is enabled. My question is what do I need to do to enable VPN traffic?

I've port forwarded 47, and port filtered, and then dropped the port forward for 47, so now it's just filtered.

Here's hoping someone can help, because at the minute my barber's wondering about his children's education fund

Turns out, apparently, just waiting on a reboot, that a RAW IP filter is required for port 47 (GRE), and not a TCP filter, and that this is something apparently handled transparently by lesser routers.

Could be a good reason for it, who knows, if someone could shed light on why this level of granularity is a good idea, I'm all ears ...

I had this problem also i guess it boils down to GRE being a protocol not a port as such. I have however still got problems with my mail routing. Are you using the DMZ port of the router for your server or just the internal LAN. I can;t seem to talk smtp to my server from the outsite world. I am similarly using SBS 2003 and would apreciate any insight on your processes. I can telnet to port 25 from the local ip sucessfully but not to the external IP from offsite.

Any thoughts?

just the internal LAN, I had port forwarded 25,100, 1721, 3389, 4125, and enable pinholes for them as well, I might be able to get the current setups later this evening, you in Ireland or the UK? The BT Micro helpdesk is 1560 787 700 in Ireland, but it's only open from 9-ish to 5. And I got put through to a couple of nice lads in the North, but they'd never heard of it, and the fact that BT don't actually vend VoIP or SIPS has me wondering why I bought it in the first place. Well, actually, the client bought it because of what the sales guy told him

I closed down a number of the ports because they were being hammered, I'll post later

in pdf, the terminologies threw me initially

very annoyingly the customer has the BT Micro router but on a residential BT line and a third party broadband provider. If it wasn't for the easy PBX functions and the fact that they're a charity and have no money i'd be ripping it out right now in favour of something I know how to work.

This has two major drawbacks.

1. BT won't speak to you about it unless your a BT Business customer

2. I can't configure the SIP trunks, they're locked to BT's settings.

Addtionally there is little if any community support for this router, yours was the only post i could find.

I'm based in London.

The wierd thing is i got the VPN side to work. i've used similar port mappings in the same locations as yourself but just specified IP addresses on the DMZ instead of the internal lan. VPN works but smtp and http/https doesn't or doesn't appear to from the outside. Very odd, i will continue to experiment.

btw what's port 4125 for?

It seems my routing is correct after all. I had to add the remote IP to the connections list in Exchange so must be an domain host issue if the mail is still bouncing

you set up the MX records for your mail host? I did another one yesterday, and it only resolved this morning at about 2 am

Yeah i did , the hostname resolves as well, they were changing some system or other and they have some interesting ways of filtering things sometimes. At the very least i'll be able to see if they can telnet in, which they should be able to as they're on the allowed ip range