- Posts: 301
- Thank you received: 3
Windows 2003 SBS Server VPN Server
19 years 4 weeks ago #10965
by Bublitz
The Bublitz
Systems Admin
Hospice of the Red River Valley
Windows 2003 SBS Server VPN Server was created by Bublitz
At home I have a windows 2003 standard edition running VPN server PPTP. It works great I have to problems.
Installed a windows 2003 SBS server for a customer and tried to install a VPN server for them also.
With the same VERY basic setup.
I have port tcp 1732 and 47 allowed in my firewall.
I have run etherreal on the server and have seen the PPTP protocal packets hitting the server.
WHat happens is when you click connect you get to the username and password stage. Its hangs there and does nothing and you get error 721 "The remote computer did not respond".
Ive messed with it for hours I cannot get it working. The firewall they are using is PIX 506e but i have the correct ports forwarded tested by my etherreal capture.
Installed a windows 2003 SBS server for a customer and tried to install a VPN server for them also.
With the same VERY basic setup.
I have port tcp 1732 and 47 allowed in my firewall.
I have run etherreal on the server and have seen the PPTP protocal packets hitting the server.
WHat happens is when you click connect you get to the username and password stage. Its hangs there and does nothing and you get error 721 "The remote computer did not respond".
Ive messed with it for hours I cannot get it working. The firewall they are using is PIX 506e but i have the correct ports forwarded tested by my etherreal capture.
The Bublitz
Systems Admin
Hospice of the Red River Valley
19 years 4 weeks ago #10966
by jhun
Replied by jhun on topic Re: Windows 2003 SBS Server VPN Server
hi bublitz,
i don't know if this would help but you may want to check it out.
this is a post taken from experts-exchange.org
hope this would help....
i don't know if this would help but you may want to check it out.
this is a post taken from experts-exchange.org
You should check the option on the client's VPN connectoid to "Use gateway on remote network". This should route all traffic to your network.
If you are connected to your ISP full time, then log out and when you log back in, select the checkbox for Logon using Dial Up Networking - here you will select the VPN connectoid to *dial-in* using your domain credentials.
If you are not connected full time and require making the connection to the ISP first, then you need to tweak the registry to keep your connection alive while you're logged off (part of the step above).
This article explains this procedure:
support.microsoft.com/default.aspx?scid=kb;en-us;176575
check that name resolution, too.
Connect the VPN, then:
In a DOS window, ping the server by address, then by NetBIOS name, then FQDN (i.e. server.domain.local).
If the ping by address works, but the name lookups fail, check your name services that RRAS is handing out. (IPCONFIG /ALL in DOS, check the DNS/WINS servers)
hope this would help....
19 years 4 weeks ago #10979
by DaLight
Replied by DaLight on topic Re: Windows 2003 SBS Server VPN Server
Bublitz, I note you specified port 1732 for PPTP in your post. It should be 1723, but I guess it was probably just a typo in your post and not your actual configuration. I think your problem is to do with GRE. The number 47 normally associated with GRE is not a port number, but a protocol number. I've had the same problem myself.
You will need to set up a ACL for the GRE protocol on the PIX. I've never used a PIX before so I got the following config from the CISCO website:
[code:1]access-list acl-out permit gre host 209.165.201.25 host 209.165.201.5
access-list acl-out permit tcp host 209.165.201.25 host 209.165.201.5 eq 1723
static (inside,outside) 209.165.201.5 10.48.66.106 netmask 255.255.255.255 0 0
access-group acl-out in interface outside
[/code:1]
209.165.201.25 is the public IP of the client
209.165.201.5 is the public IP of the PIX external interface
10.48.66.106 is the private address of the VPN server.
You will need to set up a ACL for the GRE protocol on the PIX. I've never used a PIX before so I got the following config from the CISCO website:
[code:1]access-list acl-out permit gre host 209.165.201.25 host 209.165.201.5
access-list acl-out permit tcp host 209.165.201.25 host 209.165.201.5 eq 1723
static (inside,outside) 209.165.201.5 10.48.66.106 netmask 255.255.255.255 0 0
access-group acl-out in interface outside
[/code:1]
209.165.201.25 is the public IP of the client
209.165.201.5 is the public IP of the PIX external interface
10.48.66.106 is the private address of the VPN server.
19 years 4 weeks ago #10993
by Bublitz
The Bublitz
Systems Admin
Hospice of the Red River Valley
Replied by Bublitz on topic Re: Windows 2003 SBS Server VPN Server
OAH OK. I was reading aticles about GRE and I was getting mad because the weren't specifying UDP TCP ect. There is NO outbound restriction at all right now on the lan so an ACL OUT probably will not help the problem. DO you have to permit GRE in or does it only go out?
The Bublitz
Systems Admin
Hospice of the Red River Valley
19 years 4 weeks ago #11002
by DaLight
Replied by DaLight on topic Re: Windows 2003 SBS Server VPN Server
You have to permit GRE in. This is because the client will try to come back in via GRE after the VPN server transmits the first GRE packets.
19 years 4 weeks ago #11009
by Bublitz
The Bublitz
Systems Admin
Hospice of the Red River Valley
Replied by Bublitz on topic Re: Windows 2003 SBS Server VPN Server
Sweet I am going to try this now. Thanks for your help
The Bublitz
Systems Admin
Hospice of the Red River Valley
Time to create page: 0.144 seconds