Scenario: Two Windows Server 2003 machines running RRAS VPNs. The firewall port forwards 1723 to one of those machines for normal remote access. I'd like to find a way to connect to the second machine as well. Not because I need to but just because it's the sort of thing I reckon should be possible but can't figure out how to do.
Is it possible to have the Windows PPTP VPN client (on XP in this instance) connect on a port other than 1723? If so, I can simply port forward another port to the second server. I've done a fair bit of Googling over the last few days and have only found others asking the same question but no answers.
I have of course tried to add a port number in the host name or IP connection box, in various formats, but to no avail. While this might be possible with a third part client I'm really only interested in whether or not it can be done with the Windows built-in client and if so how?. Perhaps there's a registry hack I'm not aware of?
Been there! you cannot do it, give up now.
Upgrade to windows server 2008 & use a SSL VPN
Basically no, you can't change it. The TCP port is only used to setup the initial connection. All traffic is sent over GRE, not TCP. I highly recommend requiring client certificates. PPTP as a protocol is plenty secure when you pair it with client certs, no need to upgrade to something like SSL VPN.
See this question from the other day for links on how to setup this up.
The only way to do this with a PAT firewall is to bind another IP address to the external interface of your firewall. Use this second IP to forward TCP 1723 to your second Win2K3 box.
Not to my knowledge. Have to say, though, that I never had the need to this too.
The main problem i see with PPTP is the package payload (GRE packets). I could see the TCP control channel getting redirected, but once the data flows (GRE encapsuled packets) I dont think it is possible (i.e. there is no port number in the data).