Re: New VPN Setup
From: Ola (anonymous_at_discussions.microsoft.com)
Date: Tue, 8 Jun 2004 05:51:59 -0700
So in what you all are saying, if Terminal Services is
running on my win2k, and I can VPN to this Server from a
remote location, then I can run my Terminal Services
Client on my remote desktop/laptop as well as MMC, then I
can manage user accounts from the remote location?
Meaning I would not need to run something like
PCAnywhere.. (Would I need VPN TSE and MMC?)
Sorry for sounding foolish, but I just want to be crystal
Sounds a little confusing but is that the whole idea?
>TSE - Terminal Service/Remote Desktop
>MMC - Microsoft Mananagement Console [you can invoke it
by running mmc.exe]
>TCP port 1723 and IP Protocol 47 (GRE) is required for
PPTP connection the
>reason being the encrypted VPN data travels as the
payload of an
>IP packet with a GRE header. If anything blocks GRE in
either direction, no
>data will flow and the connection fails. Hence ensure
that the router (or
>some other router/firewall in the path) does not block
>This posting is provided "AS IS" with no warranties, and
confers no rights.
><firstname.lastname@example.org> wrote in message
>> You might have tried to answer my questions, but I am a
>> little lost with the acronyms that you are using.
>> What are TSE and MMC? And how do I accomplish what you
>> are saying?
>> I have Port 1723 forwarded to my server from a linksys
>> router, and according to linksys, that is all I need to
>> do for both GRE and PPTP?
>> My configuration now has to be on the Server and the
>> For my server, I figured running RAS is all I need to
>> and configuring the client I thought, should not be too
>> difficult, however, when you were talking about TSE and
>> MMC, do I get to them through the VPN connection as
>> and again, what do the acronyms stand for?
>> Thanks a lot in advance.
>> >-----Original Message-----
>> >Q1 : you need to open TCP port 1723 and Protocol 47
>> (GRE) ... which is not
>> >TCP port 47. GRE is at the same level as TCP not over.
>> >Q2:You can TSE one of you DC and add the user (or
>> him) with the local
>> >MMC. In this case your policy will only authorize TSE
>> you are member of
>> >'remote VPN administrators' AD group... or use the MMC
>> installed on your
>> >machine, but I think that you will need to open RPC.
>> >With Windows 2003 you cannot say 'authorize RPC' ...
>> there is no application
>> >filter (ISA 2004 hase these kind of application
>> so you will need to
>> >open TCP 135 and highports.
>> >Hope it helps.
>> >"Ola" <email@example.com> wrote in
>> >> Hello all,
>> >> I am trying to setup a VPN for a small company of
>> >> also have the issue of high turnover of employees in
>> >> small company because income is commission based.
>> >> trying to achieve two different things.
>> >> 1. VPN access to the employees - They need access to
>> >> network data while on the road sometimes. I have
>> >> setup a VPN before, however, I have opened ports
>> >> 47 on my router to allow PPTP to my server. So other
>> >> running RAS on the server and running VPN Client on
>> >> workstations, what else do I need. You should also
>> >> that the company is using a fractional T1 line, so
>> >> is no phone number to dial into. I have a netopia
>> >> Router with VPN capability.
>> >> 2. I need to be able to add and delete users
>> >> I am able to get to the server by resolving
>> >> above, would I be able to accomplish question 2, or
>> >> need more to be able to use Active Directory Users
>> >> Computers?
>> >> Thanks in advance
>> >> Ola