RE: SBS2003 & VPN
- From: v-edtian@xxxxxxxxxxxxxxxxxxxx (Edward Tian)
- Date: Thu, 01 Dec 2005 07:53:20 GMT
Hi:
Thanks for your update.
>From the test result, it appears that the router is the root case.
Regarding the error 721, you can refer to the following article:
888201 You receive an "Error 721" error message when you try to establish a
VPN connection through your Windows Server-based remote access server
http://support.microsoft.com/default.aspx?scid=kb;EN-US;888201
Regarding your new question:
We can either use the router-to-router solution or the RRAS-to-RRAS
(ISA-to-ISA) solution to deploy the site to site VPN connection. That
depends on situation, and you can select whichever you like. Please note
that the remote side and the local side cannot use the same subnet. We need
to assign a different subnet such as 10.0.0.x network for the remote side.
More info:
888711 Site-to-site VPN in ISA Server 2004
http://support.microsoft.com/default.aspx?scid=kb;EN-US;888711
http://www.isaserver.org/img/upl/vpnkitbeta2/g2g-betab.htm
Better Together: ISA Server 2000 at the Main and Branch Offices
http://www.microsoft.com/technet/prodtechnol/isa/2000/deploy/isa2kbokit.mspx
Have a nice day!
Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: SBS2003 & VPN
| thread-index: AcX2A8FO0k38Ed6sS4ylGsI2Dvmi/Q==
| X-WBNR-Posting-Host: 209.71.95.202
| From: =?Utf-8?B?amRseW5jaDcw?= <jdlynch70@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <62007A17-FB2D-4A6D-A205-118A699F52F5@xxxxxxxxxxxxx>
<CFyB9LW9FHA.4000@xxxxxxxxxxxxxxxxxxxxx>
| Subject: RE: SBS2003 & VPN
| Date: Wed, 30 Nov 2005 15:14:03 -0800
| Lines: 155
| Message-ID: <432AD846-CF01-4585-B406-EC061B1A95B9@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:226806
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Edward,
|
| Thanks for your reply, it was most helpful!
|
| I had already completed the first steps (1-4) on the server so I tried
some
| of the tests you suggested. I could connect from between the server and
| hardware firewall via a hub. VPN with RDP worked fine. I assume
something
| needs to be setup on the hardware firewall.
|
| In regards to your questions:
|
| 1. 2 NIC (192.168.124.xxx / 10.0.0.xxx) SBS2003 with hardware firewall.
| 2. 721 error when off site coming in from internet.
| 3. Yes, internal clients can VPN
| 4. I will check on the 1723 & GRE 47
|
| This leads to the next question. Once I get the ports open and can VPN
via
| an XP client can I set up a site-2-site VPN with the hardware firewalls?
I
| am trying to connect a remote site which has only thin clients & a hub.
The
| thin clients can RDP & Telnet only. Do they need to be on the same
subnet as
| the internal 192.168.124.xxx network? Can they connect via the hardware
| firewalls only or do I need a server at the remote location?
|
| Thanks!
|
| "Edward Tian" wrote:
|
| > Hi:
| > Thanks for posting here.
| >
| > From the description, I understand that you are unable to establish the
VPN
| > connection to the SBS Server with ISA 2004 installed from a remote
client.
| > If I am off base, please do let me know.
| >
| > Based on my experience, to enable the VPN function on the SBS Server,
we
| > can perform the following steps:
| >
| > 1. Go to the SBS box, open the Server management console. Navigate to
| > Internet and E-mail, on the right pane, click "Configure Remote Access".
| >
| > 2. Click Next and select Enable remote access, check the option "VPN
| > access" and click Next.
| >
| > 3. On the VPN Server Name page, please enter a valid FQDN name of your
SBS
| > server (Make sure the FQDN can be resolved to a public IP by internet
| > computers, e.g. www.domainname.com ), if you don't have a FQDN so far,
| > please enter the public IP address of the SBS server and click Next,
Finish.
| >
| > 4. Now we have finished the configuration on the SBS Server side,
please go
| > to the remote XP client side; refer to this KB article to configure the
VPN
| > connection on the XP client (Don't use the Connection Manager package
this
| > time):
| >
| > 305550 How to configure a VPN connection to your corporate network in
| > Windows XP Professional
| > http://support.microsoft.com/default.aspx?scid=kb;EN-US;305550
| >
| > After performing the above steps, will you be able to connect to the
SBS
| > Server via VPN connection?
| >
| > If the problem persists, please try performing the following steps to
| > isolate the issue:
| >
| > a. Please temporarily place a client directly connected to the external
NIC
| > of the SBS Server. You can connect the external network adapter of the
SBS
| > Server to a simple hub and connect the client to the same hub.
| >
| > b. Manually configure the TCP/IP settings on the client computer to be
on
| > the same subnet as the external network adapter of the SBS Server.
| >
| > c. Turn off the Firewall Client on the client computer.
| >
| > d. Configure the VPN connection on the client and do a VPN test.
| >
| > Meanwhile, please help to gather the following information:
| >
| > 1. How many NIC is installed on the SBS Server?
| >
| > 2. What error information did you receive when the remote VPN user
tried to
| > connect to the SBS Server? 721, 800 or any other errors?
| >
| > 3. Can you VPN to the SBS Server from internal clients?
| >
| > 4. If you have a hardware router at the SBS end, please double check if
you
| > have configured the router to forward port 1723 and GRE 47 to the SBS
| > Server.
| >
| > Thanks for your time and cooperation. Please feel free to let me know
if
| > you have any questions or concerns.
| >
| > Have a nice day!
| >
| >
| > Best Regards
| > Edward Tian(MSFT)
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| > ======================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > ======================================================
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| > --------------------
| > | Thread-Topic: SBS2003 & VPN
| > | thread-index: AcX1R00MoDl3makzTgGzKAzOUphKTA==
| > | X-WBNR-Posting-Host: 209.71.95.202
| > | From: =?Utf-8?B?amRseW5jaDcw?= <jdlynch70@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | Subject: SBS2003 & VPN
| > | Date: Tue, 29 Nov 2005 16:45:03 -0800
| > | Lines: 3
| > | Message-ID: <62007A17-FB2D-4A6D-A205-118A699F52F5@xxxxxxxxxxxxx>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:226489
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | Can a SBS2003 w/2 NIC ISA, sitting behind a hardware filewall, be
| > accessed
| > | via VPN? I have connected via RWW but can not seem to setup the VPN
| > access.
| > | Nor can I use the Connection Manager program. Any help appreciated.
| > |
| >
| >
|
.
- Follow-Ups:
- Re: SBS2003 & VPN
- From: mbolick
- Re: SBS2003 & VPN
- References:
- RE: SBS2003 & VPN
- From: jdlynch70
- RE: SBS2003 & VPN
- Prev by Date: RE: Using the Delete Permissions
- Next by Date: Re: Broken Windows Installer on SBS 2003
- Previous by thread: RE: SBS2003 & VPN
- Next by thread: Re: SBS2003 & VPN
- Index(es):
Relevant Pages
|
Loading
