Re: Sometimes it works sometimes it doesn't (VPN data issues)

I"m not totally clear on the term "multihomed". This computer is
running windows SBS2k3 with two NIC cards. NIC1 "Internet" is set to
a static IP of 192.168.1.2 on netmask 255.255.255.0 gateway
192.168.1.1 (the IP of the external firewall) and the DNS is set to
10.0.0.1 and 209.137.171.10 (one of our ISP's DNS servers). The
"Local network" NIC2 is set to 10.0.0.1. The DNS is pointed to
10.0.0.1 and the gateway is not defined. There is also a PPP adapter
RAS server interface listed that is described as "WAN (PPP/SLIP)
interface" DHCP is not enabled, IP address is set to 10.0.0.15 subnet
255.255.255.255 with no gateway set and netbios over tcpip is
disabled. As per SBS config tips, this computer has the DNS service
running on 10.0.0.1 and has DHCP service enabled to give out IP
addresses for the Local network. I am not sure how to make the cmd
window dump to a text file so I couldn't just paste the info.

The physical network layout is modem -> firewall -> SBS computer ->
LAN. I have gotten mixed opinions on if I should have all outgoing
LAN traffic go through the SBS computer.

I thought the loopback was odd, thats why I mentioned it, but every
service seemed to be pointed to it and it must have been that way by
default because I know I never set that. You said not to use the
loopback, should I set it to the Internal NIC or the WAN NIC?


BTW, I tried from my house last night and the connection continues to
fail with event IP 20209

Event Type: Warning
Event Source: Rasman
Event Category: None
Event ID: 20209
Date: 9/6/2007
Time: 8:56:42 PM
User: N/A
Computer: BGD-1
Description:
A connection between the VPN server and the VPN client xxx.xxx.xxx.xxx
has been established, but the VPN connection cannot be completed. The
most common cause for this is that a firewall or router between the
VPN server and the VPN client is not configured to allow Generic
Routing Encapsulation (GRE) packets (protocol 47). Verify that the
firewalls and routers between your VPN server and the Internet allow
GRE packets. Make sure the firewalls and routers on the user's network
are also configured to allow GRE packets. If the problem persists,
have the user contact the Internet service provider (ISP) to determine
whether the ISP might be blocking GRE packets.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.




On Sep 6, 7:14 pm, "Ace Fekay [MVP]" <PleaseAs...@xxxxxxxxxxxxxx>
wrote:
Innews:1189108359.657689.124590@xxxxxxxxxxxxxxxxxxxxxxxxxxx,
trump26...@xxxxxxxxx <trump26...@xxxxxxxxx> typed:

I just checked my firewall settings in Routing and REmote Access, and
under NAT/Basic Firewall, I have the box for PPTP VPN Gateway selected
and it says to go to IP 127.0.0.1, but my HTTP, remote web, and other
services all say to go to 127.0.0.1. I'm assuming this is ok.

No, I wouldn't use the loopback. Let's put in the actual IP address of the
RRAS box.

Curious, now that you mentioned NAT on the server, then I am assuming the
server is multihomed, which can cause some issues. Which NIC is the default
NIC? Which NIC has the gateway? Can you provide an unedited ipconfig /all
please? Is this a DC too?

Ace


.

Relevant Pages

  • Re: PPTP thru SUSEfirewall
    ... on the firewall itself and had quite a few firewall/routing tuning ... The firewall also has to let these packets in from the Internet ... something like "for VPN services that stop at the firewall". ... (assuming your internal server is 192.168.0.1) ...
    (alt.os.linux.suse)
  • Re: login attempts
    ... > Every day i have on my win2000 iternet server a lots of wrong login ... Windows by default allows ... You also need a firewall. ... the internet, except for those ports you know you're using. ...
    (microsoft.public.win2000.security)
  • Re: More on Remote Desktop
    ... Chances are good, though, that he's already got VPN capabilities on his ... firewall to do it for $100. ... > server at home...or purchase additional/new hardware... ... >> my firewall makes the PPPoE connection to my ADSL ISP. ...
    (microsoft.public.windowsxp.network_web)
  • RE: VPN Issue
    ... 317025 You Cannot Connect to the Internet After You Connect to a VPN Server ... | first done with a standard usb broadband modem on XP Professional. ...
    (microsoft.public.windows.server.sbs)
  • Re: More on Remote Desktop
    ... You realize the Remote Desktop data stream is encrypted the same as a PPTP VPN link... ... Unless of course the original poster wants to implement an L2TP/IPSec VPN server at home...or ... > firewall to get between your clients and server on your own LAN. ... > setup so that my firewall makes the PPPoE connection to my ADSL ISP. ...
    (microsoft.public.windowsxp.network_web)