Re: Problems Establishing VPN Connection (Error 800)

From: Harlequin (michael.mason_at_arraspeople.co.uk)
Date: 06/29/04

• Next message: rd wirr: "Connection to clients problems"
• Previous message: Mark Medici: "Re: What software to use to backup to DVD?"
• In reply to: Marina Roos [SBS-MVP]: "Re: Problems Establishing VPN Connection (Error 800)"
• Next in thread: Randolf: "Re: Problems Establishing VPN Connection (Error 800)"
• Reply: Randolf: "Re: Problems Establishing VPN Connection (Error 800)"
• Messages sorted by: [ date ] [ thread ]

---

Date: Tue, 29 Jun 2004 07:32:58 +0100

I don't know Mariana. I've read replies in other newsgroups that stipulate
ports 1723 and 43 for VPN and others that stipulate ports 1723 and 47.

I'm closing 21, 80 and 43 and opening 47 as you said though - thanks very
much.

Just waiting for a colleague to come into work to reboot the server for me
as I'm at the other side of the pennines and doing all this remotely as I
can get RWW working fine.

Hey ~ Thanks again...!

-- 
-----------------------------
 Michael Mason
 Arras People
 www.arraspeople.co.uk
-----------------------------
"Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in message
news:Oos5rBWXEHA.3716@TK2MSFTNGP10.phx.gbl...
> Hi Michael,
>
> No need for port 80 unless you are hosting a website on your server. So
443
> will do as that will make sure that everything is redirected the right
way.
> BTW: where do you need port 43 for?
>
> -- 
> Regards,
>
> Marina
> Microsoft SBS-MVP
>
> "Harlequin" <michael.mason@arraspeople.co.uk> schreef in bericht
> news:%23UO2wzVXEHA.2964@TK2MSFTNGP09.phx.gbl...
> > NP Marina.
> >
> > Don't I need port 80 available for the web server though or is it all
done
> > through port 443...?
> >
> > -- 
> > -----------------------------
> >  Michael Mason
> >  Arras People
> >  www.arraspeople.co.uk
> > -----------------------------
> > "Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
> message
> > news:uxWW1GVXEHA.3512@TK2MSFTNGP12.phx.gbl...
> > > And Michael, close port 21 and 80 inbound immediately!
> > >
> > > -- 
> > > Regards,
> > >
> > > Marina
> > > Microsoft SBS-MVP
> > >
> > > "Les Connor [SBS MVP]" <les.connor@DEL.cfive.ca> schreef in bericht
> > > news:%23OPFQiUXEHA.3988@tk2msftngp13.phx.gbl...
> > > > Hi Michael,
> > > >
> > > > PPTP VPN needs port 1723 and protocol 47 (GRE) to be open from the
> > > internet,
> > > > to the VPN endpoint. I think you are using your SBS as the VPN
> endpoint,
> > > so
> > > > you'd do this:
> > > >
> > > > a) ensure that your router does PPTP passthrough or equivalent -
which
> > is
> > > at
> > > > least protocol 47 (GRE), and sometimes also port 1723, but sometimes
> the
> > > two
> > > > are separate (depends on router). Configure the router to pass the
> above
> > > > from the external interface (public IP address) to either of : a) if
a
> > two
> > > > nic SBS, the ip address of the external nic, or b) if a single nic
ip
> > > > address, the IP address of the SBS.
> > > >
> > > > b) run the connect to the internet wizard, and allow VPN (services
> > > > configuration screen, you must elect to enable and change the
Firewall
> > > > settings). If you are in a single nic configuration, you don't have
> this
> > > > screen.
> > > >
> > > > c) run the configure remote access wizard
> > > >
> > > > (both of the above are accessible from the ToDo list.)
> > > >
> > > > By configuring PPTP to pass through the router, to the SBS, the
router
> > > > doesn't have any involvement in the VPN, other than to pass the
> traffic.
> > > >
> > > > With a dynamic ip address, your SBS has 'no fixed address' on the
> > > internet,
> > > > so is going to be hard to find without some third party help.
> > > >
> > > > -- 
> > > > Les Connor [SBS MVP]
> > > > -------------------------------------
> > > > SBS Rocks !
> > > >
> > > >
> > > >
> > > > "Harlequin" <michael.mason@arraspeople.co.uk> wrote in message
> > > > news:eBfuMVUXEHA.2816@TK2MSFTNGP11.phx.gbl...
> > > > > Dave
> > > > >
> > > > > In addition. If you don't mind I'd like to send you an Excel dump
of
> > the
> > > > > ports I've forwarded, just in-case I'm missing something really
> > obvious.
> > > > >
> > > > > would that be OK...?
> > > > >
> > > > > -- 
> > > > > -----------------------------
> > > > >  Michael Mason
> > > > >  Arras People
> > > > >  www.arraspeople.co.uk
> > > > > -----------------------------
> > > > > "David Jones [MSFT]" <dajones@online.microsoft.com> wrote in
message
> > > > > news:%23ErH7WTXEHA.3668@TK2MSFTNGP09.phx.gbl...
> > > > > > Ok, that helps a bunch.
> > > > > > The Connection Manager connection should display the same IP
> address
> > > or
> > > > > name
> > > > > > as your router's public IP, you can change it by running the
> Remote
> > > Acce
> > > > ss
> > > > > > Wizard and giving it the correct IP.
> > > > > > However, that doesn't explain why you can't connect manually.
> > > > > >
> > > > > > I'm assuming you've run both the Remote Access Wizard, and the
> > Connect
> > > > to
> > > > > > the Internet wizard, and have checked the box in the Internet
> wizard
> > > for
> > > > > VPN
> > > > > > access, if you haven't, try running those two wizards and see if
> > that
> > > > > > changes anything.
> > > > > > Since your router seems like it can act as a VPN endpoint
itself,
> > have
> > > > you
> > > > > > made sure that the VPN functionality of the router is turned
off?
> > > > > > Also, does it support forwarding something called "GRE" or have
> > > anything
> > > > > > that talks about "PPTP pass-through"?  It sure sounds like for
> > > whatever
> > > > > > reason the router isn't properly passing the traffic through to
> the
> > > SBS
> > > > > > server, especially since you're able to connect manually.
> > > > > >
> > > > > > In your tests, if you're connecting from a machine connected to
> the
> > > LAN
> > > > > when
> > > > > > making the modem connection, make sure to disable the LAN
network
> > card
> > > > or
> > > > > > unplug the cable to make sure it's really using the dial-up
> > > connection.
> > > > > >
> > > > > > David Jones
> > > > > > SBS Product Team
> > > > > >
> > > > > > -- 
> > > > > > This posting is provided "AS IS" with no warranties, and confers
> no
> > > > > rights.
> > > > > >
> > > > > >
> > > > > > "Harlequin" <michael.mason@arraspeople.co.uk> wrote in message
> > > > > > news:OkefeQTXEHA.1656@TK2MSFTNGP09.phx.gbl...
> > > > > > > I can connect fine from inside the LAN.
> > > > > > >
> > > > > > > I've been using a modem dial-up account to go outside and then
> > back
> > > > in.
> > > > > > >
> > > > > > > If I use the "Connection Manager" facility it actually
displays
> a
> > > > > > different
> > > > > > > IP address than the actual router IP. Is this normal...?
> > > > > > >
> > > > > > > If I use the manual connection I created through the Win XP
Pro
> > > Wizard
> > > > I
> > > > > > see
> > > > > > > it trying to connect to the specified IP address but still
> receive
> > > > > "Error
> > > > > > > 800".
> > > > > > >
> > > > > > > Any ideas...?
> > > > > > >
> > > > > > > -- 
> > > > > > > -----------------------------
> > > > > > >  Michael Mason
> > > > > > >  Arras People
> > > > > > >  www.arraspeople.co.uk
> > > > > > > -----------------------------
> > > > > > > "David Jones [MSFT]" <dajones@online.microsoft.com> wrote in
> > message
> > > > > > > news:eudx4JTXEHA.1036@TK2MSFTNGP10.phx.gbl...
> > > > > > > > I'm assuming you're trying to use the SBS Connection Manager
> > > package
> > > > > to
> > > > > > > > connect, is that right?
> > > > > > > > When you ran the Remote Access Wizard on the SBS server, did
> you
> > > > enter
> > > > > > the
> > > > > > > > Internet IP address or name that your router gets/uses?
> > > > > > > > Are you able to connect if you try from inside the LAN?
> > > > > > > >
> > > > > > > > David Jones
> > > > > > > > SBS Product Team
> > > > > > > >
> > > > > > > > -- 
> > > > > > > > This posting is provided "AS IS" with no warranties, and
> confers
> > > no
> > > > > > > rights.
> > > > > > > >
> > > > > > > >
> > > > > > > > "Harlequin" <michael.mason@arraspeople.co.uk> wrote in
message
> > > > > > > > news:%23xjXHGTXEHA.2636@TK2MSFTNGP10.phx.gbl...
> > > > > > > > > Hi everyone. As I've received so much help in the past I
> > thought
> > > > I'd
> > > > > > > post
> > > > > > > > a
> > > > > > > > > message about this one.
> > > > > > > > >
> > > > > > > > > I've tried and tried, checked settings and I'm sure
there's
> > > > > something
> > > > > > > > pretty
> > > > > > > > > fundamental I'm missing.
> > > > > > > > >
> > > > > > > > > From The Top:
> > > > > > > > >
> > > > > > > > > I have a Vigor 2600+ VPN router.
> > > > > > > > > I've opened ports:    21, 80, 43, 443, 444, 1723, 3389
> > > > > > > > > ALL redirecting to the DC
> > > > > > > > >
> > > > > > > > > I know ports 21, 80 and 3389 are for other things but have
> > read
> > > > > around
> > > > > > > and
> > > > > > > > > looked in the help files and it appears that port 443 is
for
> > > SSL,
> > > > > 444
> > > > > > > for
> > > > > > > > > RWW and 1723 for PPTP.
> > > > > > > > >
> > > > > > > > > I think I have everything configured correctly but still
> > receive
> > > > the
> > > > > > > > > notorious "Error 800".
> > > > > > > > >
> > > > > > > > > Should I be forwarding 1723 to the router itself and then
> > > setting
> > > > up
> > > > > > > > > accounts on the router for VPN users by any chance...?
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > -- 
> > > > > > > > > -----------------------------
> > > > > > > > >  Michael Mason
> > > > > > > > >  Arras People
> > > > > > > > >  www.arraspeople.co.uk
> > > > > > > > > -----------------------------
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

---

• Next message: rd wirr: "Connection to clients problems"
• Previous message: Mark Medici: "Re: What software to use to backup to DVD?"
• In reply to: Marina Roos [SBS-MVP]: "Re: Problems Establishing VPN Connection (Error 800)"
• Next in thread: Randolf: "Re: Problems Establishing VPN Connection (Error 800)"
• Reply: Randolf: "Re: Problems Establishing VPN Connection (Error 800)"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: Port forwarding on SBS 2003 Standard ... Thanks Marina, I'll try that when I go back into the other office. ... > You don't need port 80, better yet, close it right now. ... >> RWW on SBS standard using a router and two nics. ... >> be able to access the server remotely when i need to. ... (microsoft.public.windows.server.sbs) Re: SBS2k3 Exchange no incoming mail ... >> I can e-mail the IP of the server if you would like to test it yourself. ... >>> Telnetting from where to which server? ... Did you forward port 25 from the ... >>> Marina ... (microsoft.public.windows.server.sbs) Re: company ... Marina I am sure that port is open but i may be getting confused (very ... Server 2003 welcome page from which I have various links, ... > Hi Alex, ... open up port 444 then and make sure you have selected Sharepoint ... (microsoft.public.windows.server.sbs) Re: Accessing Remote Web Workplace ... Port 443 is open now. ... "Tonky" schreef in bericht ... > Hi Marina ... > to the Server external NIC. ... (microsoft.public.windows.server.sbs) Re: Ports for RWW & VPN ... I'll have to get back to you on this one Marina if you don't mind. ... Comment Protocol Local Port Host Destination Port ... >> open up all ports on both UDP and TCP as I did this before and RWW ... >> Michael Mason ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)