Re: VPN setup with RADIUS
- From: v-crinal@xxxxxxxxxxxxxxxxxxxx ("Crina Li")
- Date: Wed, 21 Dec 2005 06:08:08 GMT
Hi Simon,
Thanks for your reply.
As I know, TCP 1723 (PPTP VPN connection) and GRE port (protocol number
47.This port is used for incoming PPTP VPN connection) are needed to open
when you create VPN. Error 721 means that your router is not passing
through the GRE-protocol (47) to your server. Make sure your firewall is
allowing protocol GRE/47 to be forwarded to your SBS server.
For detailed information, please refer to the following KB article:
888201 You receive an "Error 721" error message when you try to establish a
VPN
http://support.microsoft.com/?id=888201
For your reference, the following ports could be open based on your request.
TCP port Definition
25 Email (SMTP)
80 required for HTTP requests for your
site
443 required for HTTPS requests using SSL, which secures communications
from your server and a Web browser
444 Companyweb
4125 Remote Web Workplace
1723 (plus GRE Protocol 47) VPN
3389 Terminal Services
21 FTP
Thanks for your time and I look forward to hearing from you.
Best regards,
Crina Li (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Newbie" <newbie@xxxxxxxxxxx>
| Subject: Re: VPN setup with RADIUS
| Date: Tue, 20 Dec 2005 09:24:39 -0500
|| Newsgroups: microsoft.public.windows.server.sbs
| |
| Hi Crina,
|
| Can you please let me know what ports I need to open for VPN to work on
the
| router? I forgot to open up port 1723 so now it's getting further and
it's
| trying to authenticate the username/password. However, I'm now getting
an
| error about the remote computer not responding. Check the error log and
I
| get error code 721.
|
| Thanks.
|
|
| "Newbie" <newbie@xxxxxxxxxxx> wrote in message
| news:%23Xp$SkWBGHA.2664@xxxxxxxxxxxxxxxxxxxxxxx
| > Hi Crina,
| >
| > Thanks for your information, it was very helpful. However, now I
wonder
| > if I should use RADIUS for authenticating users or use windows login
| > instead? The ISA server is active directory integrated and all VPN
clients
| > are running XP Pro.
| >
| > For some reason though, even though I selected user authentication, I
| > still can't connect to the server via VPN. I get the following error
in
| > the client log and I'm not sure what could be the cause of this. Your
| > help on this would be much appreciated.
| >
| > Simon
| >
| >
| > ******************************************************************
| > Operating System : Windows NT 5.1 Service Pack 2
| > Dialer Version : 7.2.2600.2180
| > Connection Name : Connect to Small Business Server
| > All Users/Single User : Single User
| > Start Date/Time : 12/20/2005, 8:13:53
| > ******************************************************************
| > Module Name, Time, Log ID, Log Item Name, Other Info
| > For Connection Type, 0=dial-up, 1=VPN, 2=VPN over dial-up
| > ******************************************************************
| > [cmdial32] 8:13:53 03 Pre-Init Event CallingProcess =
| > C:\WINDOWS\Explorer.EXE
| > [cmdial32] 8:14:01 04 Pre-Connect Event ConnectionType = 1
| > [cmdial32] 8:14:01 06 Pre-Tunnel Event UserName = Laptop User Domain =
| > DOMAINNAME DUNSetting = Connect to Small Business Server Tunnel
DeviceName
| > = TunnelAddress = domainname.com
| > [cmdial32] 8:14:22 20 On-Error Event ErrorCode = 800 ErrorSource = RAS
| > [cmdial32] 8:14:27 06 Pre-Tunnel Event UserName = Laptop User Domain =
| > DOMAINNAME DUNSetting = Connect to Small Business Server Tunnel
DeviceName
| > = TunnelAddress = domainname.com
| > [cmdial32] 8:14:48 20 On-Error Event ErrorCode = 800 ErrorSource = RAS
| > [cmdial32] 8:14:53 06 Pre-Tunnel Event UserName = Laptop User Domain =
| > DOMAINNAME DUNSetting = Connect to Small Business Server Tunnel
DeviceName
| > = TunnelAddress = domainname.com[cmdial32] 8:15:15 20 On-Error Event
| > ErrorCode = 800 ErrorSource = RAS
| > [cmdial32] 8:15:20 06 Pre-Tunnel Event UserName = Laptop User Domain =
| > DOMAINNAME DUNSetting = Connect to Small Business Server Tunnel
DeviceName
| > = TunnelAddress = domainname.com[cmdial32] 8:15:42 20 On-Error Event
| > ErrorCode = 800 ErrorSource = RAS
| >
| >
| >
| > ""Crina Li"" <v-crinal@xxxxxxxxxxxxxxxxxxxx> wrote in message
| > news:xSnY5cSBGHA.3764@xxxxxxxxxxxxxxxxxxxxxxxx
| >> Hi Newbie,
| >>
| >> Thank you for posting in SBS newsgroup.
| >>
| >> From the description, I understand that the ISA 2004 server is
configured
| >> to authorize the VPN clients by using RADIUS server. If I have
| >> misunderstood your concerns, please do not hesitate to let me know.
| >>
| >> Basically, to use the RADIUS to authorize the VPN clients, we need to
do
| >> the following steps:
| >>
| >> 1. On the ISA server, enable the VPN client access. Configure the
server
| >> to
| >> use RADIUS for authentication. Add the IP address or servername of
RADIUS
| >> server into the list. The default RADIUS port is 1812. Make sure that
| >> server can be contacted. Apply the changes.
| >>
| >> 2. Go to the RADIUS server. Open the IAS console. Add a RADIUS client
| >> with
| >> the ISA server's internal IP address. Select ''Microsoft'' for the
| >> client-vendor.
| >>
| >> 3. You can input a password for ''Shared secret''. Make sure that the
| >> secret password of RADIUS and ISA are consistent.
| >>
| >> For detailed steps, you may refer to the following links for the RADIUS
| >> based VPN configurations in ISA server 2004:
| >>
| >> http://www.isaserver.org/articles/2004vpnradius.html
| >>
| >> 884492 The RADIUS authentication process in ISA Server 2004
| >> http://support.microsoft.com/?id=884492
| >>
| >> If you have any questions or concerns, please feel free to let me
know. I
| >> look forward to your reply!
| >>
| >> Best regards,
| >>
| >> Crina Li (MSFT)
| >>
| >> Microsoft CSS Online Newsgroup Support
| >>
| >> Get Secure! - www.microsoft.com/security
| >>
| >> =====================================================
| >> This newsgroup only focuses on SBS technical issues. If you have issues
| >> regarding other Microsoft products, you'd better post in the
| >> corresponding
| >> newsgroups so that they can be resolved in an efficient and timely
| >> manner.
| >> You can locate the newsgroup here:
| >> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >>
| >> When opening a new thread via the web interface, we recommend you
check
| >> the
| >> "Notify me of replies" box to receive e-mail notifications when there
are
| >> any updates in your thread. When responding to posts via your
newsreader,
| >> please "Reply to Group" so that others may learn and benefit from your
| >> issue.
| >>
| >> Microsoft engineers can only focus on one issue per thread. Although we
| >> provide other information for your reference, we recommend you post
| >> different incidents in different threads to keep the thread clean. In
| >> doing
| >> so, it will ensure your issues are resolved in a timely manner.
| >>
| >> For urgent issues, you may want to contact Microsoft CSS directly.
Please
| >> check http://support.microsoft.com for regional support phone numbers.
| >>
| >> Any input or comments in this thread are highly appreciated.
| >>
| >> =====================================================
| >>
| >> This posting is provided "AS IS" with no warranties, and confers no
| >> rights.
| >> --------------------
| >> | From: "Newbie" <newbie@xxxxxxxxxxx>
| >> | Subject: VPN setup with RADIUS
| >> | Date: Mon, 19 Dec 2005 08:28:09 -0500
| >> | | Newsgroups: microsoft.public.windows.server.sbs
| >> | |
| >> | Hi,
| >> |
| >> | I'm trying to set up VPN on a laptop and I have the VPN client
| >> installed.
| >> | However, it doesn't connect after I entered the username, password,
and
| >> | domain name. From ISA 2004, I was getting a warning message about
| >> RADIUS
| >> | server so I setup a RADIUS connection (or at least I thought I did).
I
| >> have
| >> | IAS installed on the SBS server.
| >> |
| >> | What am I doing wrong, is it safer to set up with RADIUS
| >> authentication?
| >> |
| >> | Thanks for your help.
| >> |
| >> |
| >> |
| >>
| >
| >
|
|
|
.
- References:
- VPN setup with RADIUS
- From: Newbie
- RE: VPN setup with RADIUS
- From: "Crina Li"
- Re: VPN setup with RADIUS
- From: Newbie
- Re: VPN setup with RADIUS
- From: Newbie
- VPN setup with RADIUS
- Prev by Date: RE: SharePoint Calendar work on RPC over https?
- Next by Date: RE: Please help, random e-mail replies are rejected
- Previous by thread: Re: VPN setup with RADIUS
- Next by thread: Re: ConnectComputer wizard will not run
- Index(es):
Relevant Pages
|
