RE: SBS Standard VPN Setup using L2TP
- From: kevanh <kevanh@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 24 Aug 2005 08:51:19 -0700
The drive mappings are in the default login script - they are not being run.
Is there a exception in one of the GPOs that say not to run them over a VPN.
THe SBSpackage only deploys a PPTP VPN connection but does not add a entry
under network connections --> Virtual Private Network. This is required to
select a Dial up networking option when checking the additional option when
you logon.
The SBSPaCKAGE only deplys a "Connect to small business manager" under
"connection Manager" not the expected VPN entry.
Is there a additional limitation to the connection mamanger that stops the
logon script from been run.
Even adding a manual VPN entry & login via that dial-up connection does not
run the login script & get me the drive mappings I require?
Thanks
"Edward Tian" wrote:
> Hi:
> Thanks for your reply!
>
> Do you mean that you want to use the map network drive feature? Based on my
> test, If you use a domain user account to establish the VPN connection, you
> can receive your drive mappings on this network without any difficulties if
> this user has been granted the permission to access the shares.
>
> Please feel free to let me know if you have any questions.
> Have a nice day!
>
> Best Regards
> Edward Tian(MSFT)
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> --------------------
> | Thread-Topic: SBS Standard VPN Setup using L2TP
> | thread-index: AcWoBnt5ZPgymijUSk6FDDJjx5wNXQ==
> | X-WBNR-Posting-Host: 24.82.106.246
> | From: =?Utf-8?B?a2V2YW5o?= <kevanh@xxxxxxxxxxxxxxxxxxxxxxxxx>
> | References: <7776A73E-E317-4266-B20A-FA51765849DA@xxxxxxxxxxxxx>
> <pK4ftJxpFHA.940@xxxxxxxxxxxxxxxxxxxxx>
> <379D54BD-A53B-44D3-A489-A9878513249C@xxxxxxxxxxxxx>
> <yUPOVS9pFHA.3976@xxxxxxxxxxxxxxxxxxxxx>
> | Subject: RE: SBS Standard VPN Setup using L2TP
> | Date: Tue, 23 Aug 2005 10:17:04 -0700
> | Lines: 285
> | Message-ID: <401F6696-2C34-48CB-BCB6-C6889BF7A35E@xxxxxxxxxxxxx>
> | MIME-Version: 1.0
> | Content-Type: text/plain;
> | charset="Utf-8"
> | Content-Transfer-Encoding: 7bit
> | X-Newsreader: Microsoft CDO for Windows 2000
> | Content-Class: urn:content-classes:message
> | Importance: normal
> | Priority: normal
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> | Newsgroups: microsoft.public.windows.server.sbs
> | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
> | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:147049
> | X-Tomcat-NG: microsoft.public.windows.server.sbs
> |
> | Thanks
> | Point #2: I wondered about the limitation of the sbspackage.exe, I
> noticed
> | that no VPN connection (just connection manager) is created so I cannot
> | select login using the VPN connection so I can receive my drive mappings
> on
> | the network. Is this a limitation of the package also. Do I need to
> create a
> | separate VPN connection to facilitate this?
> |
> | Thanks
> |
> | "Edward Tian" wrote:
> |
> | > Hi:
> | > Thanks for your update.
> | >
> | > The documents are applicable for SBS2003 environment. Please feel free
> to
> | > follow the step-by-step instruction.
> | >
> | > To answer your questions:
> | > 1. Yes, you can add a new policy and delete the existing PPTP policy if
> you
> | > no long need it.
> | >
> | > 2. The sbspackage.exe created by Remote Access Wizard is designed for
> PPTP
> | > connection. We may need to manually create the VPN connection.
> | >
> | > If you have a router on the SBS end, please open the following port to
> | > allow the traffic pass through.
> | > 1. IPSec Encapsulating Security Protocol (ESP) (IP protocol 50)
> | > 2. IPSec Network Address Translator Traversal NAT-T (UDP port 4500).
> | > 3. IPSec Internet Security Association and Key Management Protocol
> | > (ISAKMP) (UDP port 500)
> | > 4. UDP 1701
> | >
> | > More information:
> | > Step-by-Step Guide for Setting Up Network Quarantine and Remote Access
> | > Certificate Provisioning in a Test Lab
> | >
> http://www.microsoft.com/downloads/details.aspx?FamilyID=fe902704-52dd-4bbe-
> | > 8a75-f8fbb76cd28a&DisplayLang=en
> | >
> | > Hope it helps.
> | > Have a nice day!
> | >
> | > Best Regards
> | > Edward Tian(MSFT)
> | > Microsoft CSS Online Newsgroup Support
> | >
> | > Get Secure! - www.microsoft.com/security
> | > ======================================================
> | > This newsgroup only focuses on SBS technical issues. If you have issues
> | > regarding other Microsoft products, you'd better post in the
> corresponding
> | > newsgroups so that they can be resolved in an efficient and timely
> manner.
> | > You can locate the newsgroup here:
> | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
> | >
> | > When opening a new thread via the web interface, we recommend you check
> the
> | > "Notify me of replies" box to receive e-mail notifications when there
> are
> | > any updates in your thread. When responding to posts via your
> newsreader,
> | > please "Reply to Group" so that others may learn and benefit from your
> | > issue.
> | >
> | > Microsoft engineers can only focus on one issue per thread. Although we
> | > provide other information for your reference, we recommend you post
> | > different incidents in different threads to keep the thread clean. In
> doing
> | > so, it will ensure your issues are resolved in a timely manner.
> | >
> | > For urgent issues, you may want to contact Microsoft CSS directly.
> Please
> | > check http://support.microsoft.com for regional support phone numbers.
> | >
> | > Any input or comments in this thread are highly appreciated.
> | > ======================================================
> | > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> | >
> | > --------------------
> | > | Thread-Topic: SBS Standard VPN Setup using L2TP
> | > | thread-index: AcWnOAHje5GEjfVMR+q+c4WAv2cdCw==
> | > | X-WBNR-Posting-Host: 24.82.106.246
> | > | From: =?Utf-8?B?a2V2YW5o?= <kevanh@xxxxxxxxxxxxxxxxxxxxxxxxx>
> | > | References: <7776A73E-E317-4266-B20A-FA51765849DA@xxxxxxxxxxxxx>
> | > <pK4ftJxpFHA.940@xxxxxxxxxxxxxxxxxxxxx>
> | > | Subject: RE: SBS Standard VPN Setup using L2TP
> | > | Date: Mon, 22 Aug 2005 09:39:04 -0700
> | > | Lines: 151
> | > | Message-ID: <379D54BD-A53B-44D3-A489-A9878513249C@xxxxxxxxxxxxx>
> | > | MIME-Version: 1.0
> | > | Content-Type: text/plain;
> | > | charset="Utf-8"
> | > | Content-Transfer-Encoding: 7bit
> | > | X-Newsreader: Microsoft CDO for Windows 2000
> | > | Content-Class: urn:content-classes:message
> | > | Importance: normal
> | > | Priority: normal
> | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> | > | Newsgroups: microsoft.public.windows.server.sbs
> | > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> | > | Path:
> TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
> | > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:146687
> | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
> | > |
> | > | THanks for all the links....
> | > | I noticed a lot of them pertain to 2000/2003 server not SBS.
> | > | I am looking for the specific steps to add L2TP to the RRAS server
> which
> | > | will use the current SBS certificate. I assume that I can add a 4th
> | > policy
> | > | which specifies the NAS/Tunnel-type for L2TP & I wish to remove the
> PPTP
> | > | policy to enforce this.
> | > | THe VPN client is deployed by SBS but I notice that there is no
> separate
> | > VPN
> | > | connection generated by this process that will allow the users to
> login
> | > via
> | > | the dial-up VPN adapter. This is what is required for remote users to
> | > access
> | > | their drive letters & data.
> | > | Thanks
> | > |
> | > |
> | > | "Edward Tian" wrote:
> | > |
> | > | > Hi:
> | > | > Thank you for posting here.
> | > | > From your description, I understand that you want to establish a
> L2TP
> | > | > connection on SBS Standard Server.
> | > | > There are two scenarios when we want to deploy L2TP/IPSec VPN.
> | > | >
> | > | > 1. Without ISA installed.
> | > | >
> | > | > The white paper below is for the scenario that CA and RRAS are on
> the
> | > | > different Windows 2K3.
> | > | > Step-by-Step Guide for Setting Up Network Quarantine and Remote
> Access
> | > | > Certificate Provisioning in a Test Lab
> | > | >
> | >
> http://www.microsoft.com/downloads/details.aspx?FamilyID=fe902704-52dd-4bbe-
> | > | > 8a75-f8fbb76cd28a&DisplayLang=en
> | > | >
> | > | > Step-by-Step Guide for Setting Up VPN-based Remote Access in a Test
> Lab
> | > | >
> | >
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/
> | > | > networking/rmotevpn.mspx
> | > | >
> | > | >
> | > | > 2. With ISA installed.
> | > | >
> | > | > 1) Please DO NOT manually configure the RRAS settings. If you have
> | > already
> | > | > configured the RRAS settings, please open RRAS console, right-click
> the
> | > | > server name and choose to remove the configurations and disable the
> | > service.
> | > | >
> | > | > 2) To properly configure the VPN server settings on a ISA server,
> you
> | > may
> | > | > want to use the ISA VPN wizard. Open ISA Management console,
> navigate
> | > to
> | > | > ServerName\Network Configuration. Right-click it and choose ''Allow
> VPN
> | > | > client connections''
> | > | >
> | > | > 3) For the L2TP/IPSec VPN connection, a computer certificate is
> | > required
> | > | > for the remote clients. You can setup a CA on ISA or other server
> | > boxes.
> | > | > Publish the Certificate web site to the Internet through ISA. Let
> the
> | > | > remote client computer request a Computer Certificate from the CA.
> | > Please
> | > | > note that if the remote client computers are not members of the
> domain,
> | > you
> | > | > may want to setup the CA in ''Stand alone root'' mode.
> | > | >
> | > | > 253498 HOW TO: Install a Certificate for Use with IP Security
> | > | > http://support.microsoft.com/?id=253498
> | > | >
> | > | > For more information, please refer to the following links:
> | > | >
> http://www.microsoft.com/technet/community/columns/cableguy/cg0502.mspx
> | > | >
> | > | >
> | >
> http://www.microsoft.com/technet/itsolutions/network/security/vpnclnta.mspx
> | > | >
> | > | > Computer certificates for L2TP/IPSec VPN connections
> | > | >
> | >
> http://www.microsoft.com/resources/documentation/WindowsServ/2003/enterprise
> | > | >
> | >
> /proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/en
> | > | > terprise/proddocs/en-us/sag_VPN_us26.asp
> | > | >
> | > | > L2TP-based remote access VPN deployment
> | > | >
> | >
> http://www.microsoft.com/resources/documentation/WindowsServ/2003/enterprise
> | > | >
> | >
> /proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/en
> | > | > terprise/proddocs/en-us/sag_RASS_scen_l2tp_rc.asp
> | > | >
> | > | > 818754 White Paper: Virtual Private Networking with Windows Server
> | > 2003:
> | > | > Overview
> | > | > http://support.microsoft.com/?id=818754
> | > | >
> | > | >
.
- Follow-Ups:
- RE: SBS Standard VPN Setup using L2TP
- From: Edward Tian
- RE: SBS Standard VPN Setup using L2TP
- References:
- SBS Standard VPN Setup using L2TP
- From: kevanh
- RE: SBS Standard VPN Setup using L2TP
- From: Edward Tian
- RE: SBS Standard VPN Setup using L2TP
- From: kevanh
- RE: SBS Standard VPN Setup using L2TP
- From: Edward Tian
- RE: SBS Standard VPN Setup using L2TP
- From: kevanh
- RE: SBS Standard VPN Setup using L2TP
- From: Edward Tian
- SBS Standard VPN Setup using L2TP
- Prev by Date: Re: Firewalls: SonicWALL vs. SBS
- Next by Date: RE: Service Pack 1 - No ISA 2000
- Previous by thread: RE: SBS Standard VPN Setup using L2TP
- Next by thread: RE: SBS Standard VPN Setup using L2TP
- Index(es):
Relevant Pages
|
Loading
