Windows 2003 SBS Server VPN Server

At home I have a windows 2003 standard edition running VPN server PPTP. It works great I have to problems.

Installed a windows 2003 SBS server for a customer and tried to install a VPN server for them also.

With the same VERY basic setup.

I have port tcp 1732 and 47 allowed in my firewall.

I have run etherreal on the server and have seen the PPTP protocal packets hitting the server.

WHat happens is when you click connect you get to the username and password stage. Its hangs there and does nothing and you get error 721 "The remote computer did not respond".

Ive messed with it for hours I cannot get it working. The firewall they are using is PIX 506e but i have the correct ports forwarded tested by my etherreal capture.

hi bublitz,

i don't know if this would help but you may want to check it out.

this is a post taken from experts-exchange.org

You should check the option on the client's VPN connectoid to "Use gateway on remote network". This should route all traffic to your network.

If you are connected to your ISP full time, then log out and when you log back in, select the checkbox for Logon using Dial Up Networking - here you will select the VPN connectoid to *dial-in* using your domain credentials.

If you are not connected full time and require making the connection to the ISP first, then you need to tweak the registry to keep your connection alive while you're logged off (part of the step above).

This article explains this procedure:

support.microsoft.com/default.aspx?scid=kb;en-us;176575

---

check that name resolution, too.

Connect the VPN, then:

In a DOS window, ping the server by address, then by NetBIOS name, then FQDN (i.e. server.domain.local).

If the ping by address works, but the name lookups fail, check your name services that RRAS is handing out. (IPCONFIG /ALL in DOS, check the DNS/WINS servers)

hope this would help....

Bublitz, I note you specified port 1732 for PPTP in your post. It should be 1723, but I guess it was probably just a typo in your post and not your actual configuration. I think your problem is to do with GRE. The number 47 normally associated with GRE is not a port number, but a protocol number. I've had the same problem myself.

You will need to set up a ACL for the GRE protocol on the PIX. I've never used a PIX before so I got the following config from the CISCO website:

[code:1]access-list acl-out permit gre host 209.165.201.25 host 209.165.201.5
access-list acl-out permit tcp host 209.165.201.25 host 209.165.201.5 eq 1723
static (inside,outside) 209.165.201.5 10.48.66.106 netmask 255.255.255.255 0 0
access-group acl-out in interface outside
[/code:1]

209.165.201.25 is the public IP of the client
209.165.201.5 is the public IP of the PIX external interface
10.48.66.106 is the private address of the VPN server.

OAH OK. I was reading aticles about GRE and I was getting mad because the weren't specifying UDP TCP ect. There is NO outbound restriction at all right now on the lan so an ACL OUT probably will not help the problem. DO you have to permit GRE in or does it only go out?

You have to permit GRE in. This is because the client will try to come back in via GRE after the VPN server transmits the first GRE packets.

Sweet I am going to try this now. Thanks for your help