Re: VPN Client
- From: v-crinal@xxxxxxxxxxxxxxxxxxxx ("Crina Li")
- Date: Fri, 10 Feb 2006 09:57:15 GMT
Hi Adam,
Thanks for your update.
Regarding the router port forward issue, you should point the port 1723 to
external NIC of SBS on router.
For the issue you will lose your connection with Remote Desktop after
creating VPN to SBS, it may occur if you configure the VPN connection to
use the default gateway on the remote network. This setting overrides the
default gateway settings that you specify in your Transmission Control
Protocol/Internet Protocol (TCP/IP) settings. All the traffic on remote
client will go VPN after VPN is created.
To solve the problem, you may need to change the default gateway of SBS
predefined VPN connection. In order to provide higher security, Connection
Manager does not have the option to display this option. To change this
setting, we need to edit the configuration file. Please try the following:
1. Install the SBSpackage on the client. On the client computer, Locate the
following folder:
C:\Documents and Settings\<username>\Application
Data\Microsoft\Network\Connections\Cm\remote\
2. Use Notepad to open the remote.cms file. It is in plain text format.
3. Locate Gateway_On_Remote
Note: there are several "Gateway_On_Remote"
4. Change all Gateway_On_Remote=1 to Gateway_On_Remote=0
5. Save this file.
6. Reconnect with Connection Manager and the default gateway will not be
changed.
Related information:
317025 You Cannot Connect to the Internet After You Connect to a VPN Server
http://support.microsoft.com/?id=317025
291950 Connection Manager Route Management
http://support.microsoft.com/default.aspx?scid=kb;EN-US;291950
I am appreciated your time and look forward to hearing from you.
Best regards,
Crina Li (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Adam Hudson" <abmhudson@xxxxxxxxxxx>
| | Subject: Re: VPN Client
| Date: Fri, 10 Feb 2006 11:40:19 +1100
| Newsgroups: microsoft.public.windows.server.sbs
| |
| Hi Crina
|
| Thanks for the advice. The only thing I am not sure of is if you have 3
| different users connected from the same site into the same remote SBS, on
| the router you need to open Port 1723 and most Netgear Routers ask you to
| point that port to a particular local IP Address. If you opened port 1723
| and have 3 rules saying if something uses Port 1723 to point it to the 3
| local IP Addresses (eg 192.168.0.2 & 192.168.0.3 & 192.168.0.4) will it
| work? I thought you could only point each port number to 1 local computer
| and not to 3? I may be wrong.
|
| The other thing I am worried about is the VPN taking over the uplink in
the
| ADSL connection. The connection we have is a 1500/256K connection on both
| ends. Are you able to limit this to only using 50% of the available
uplink?
| I had a problem with this as I remote desktop'd into my PC at home and
setup
| the VPN. When I clicked on the VPN and it connected, I lost my connection
| with Remote Desktop as I believe the VPN took over the uplink side of my
DSL
| connection and therefore I lost my Remote Desktop connection.
|
| Any help on the above issues would be very helpful.
|
| Thanks in advance.
|
| Adam
|
|
| ""Crina Li"" <v-crinal@xxxxxxxxxxxxxxxxxxxx> wrote in message
| news:TfYIwgULGHA.3052@xxxxxxxxxxxxxxxxxxxxxxxx
| > Hi Adam,
| >
| > Thanks for your reply.
| >
| > To allow VPN, you actually need to open outbound 1723 port on remote
| > client
| > computers. For the issue of simultaneous VPN, you can VPN to SBS at the
| > same time from 3 different remote client computers on the same location
| > because the 3 computers VPN to SBS using different source port and then
| > created connection with SBS and they also have a unique Call ID for the
| > connection.
| >
| > The default maximum connection number is 5. You can increase the number.
| > Open Routing and Remote Access console, navigate to ports snap-in.
| > Right-click it and choose 'Properties'. Double-click WAN Miniport
(PPTP).
| > Change the maximum port number to 10. Click 'OK' to close the dialog
| > boxes.
| > After doing this, restart the RRAS.
| >
| > Hope it helps and I look forward to hearing from you.
| >
| > Best regards,
| >
| > Crina Li (MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
| > the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
| > doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| >
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| > --------------------
| > | From: "Adam Hudson" <abmhudson@xxxxxxxxxxx>
| > | References: <ubvYuSBLGHA.2704@xxxxxxxxxxxxxxxxxxxx>
| > <Xq#bdZHLGHA.608@xxxxxxxxxxxxxxxxxxxxx>
| > <eiHIfRRLGHA.1028@xxxxxxxxxxxxxxxxxxxx>
| > <hi09FsRLGHA.608@xxxxxxxxxxxxxxxxxxxxx>
| > | Subject: Re: VPN Client
| > | Date: Thu, 9 Feb 2006 13:47:38 +1100
| > | Lines: 257
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
| > | X-RFC2646: Format=Flowed; Original
| > | Message-ID: <exLNzMSLGHA.3424@xxxxxxxxxxxxxxxxxxxx>
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | NNTP-Posting-Host: adsl-32-17.swiftdsl.com.au 218.214.32.17
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:243169
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | Hi Crina
| > |
| > | Thanks for your help. I spoke to Netgear who advised me that GRE
| > Protocol
| > is
| > | enabled. I worked out that you had to have Port 1723 open on both ends
| > and
| > | not just the server side. Once I opened Port 1723 on the external
| > computer
| > | it allowed the VPN connection to work.
| > |
| > | I am wondering as I have not tried this as yet, if you want to have 3
| > staff
| > | situated in an interstate office all VPN in at one time, can this
| > happen?
| > | They will all be VPNing from the same Internet connection. I dont
think
| > will
| > | work as you need to tell the router which local IP Address to send
Port
| > 1723
| > | to and I dont think you can tell it 3 different IP Address for Port
1723
| > but
| > | I may be wrong.
| > |
| > | Regards
| > |
| > | Adam
| > |
| > | ""Crina Li"" <v-crinal@xxxxxxxxxxxxxxxxxxxx> wrote in message
| > | news:hi09FsRLGHA.608@xxxxxxxxxxxxxxxxxxxxxxxx
| > | > Hi Adam,
| > | >
| > | > Thanks for your update.
| > | >
| > | > As I know, to enable GRE Protocol 47 is based on the router. Some
| > router
| > | > has no such function. For detailed configuration, you may need to
| > contact
| > | > the hardware vendor.
| > | >
| > | > Also I provide the following KB articles for your reference:
| > | >
| > | > 241251 VPN Tunnels - GRE Protocol 47 Packet Description and Use
| > | > http://support.microsoft.com/default.aspx?scid=kb;EN-US;241251
| > | >
| > | > 241252 VPN Tunnels - PPTP Protocol Packet Description and Use
| > | > http://support.microsoft.com/default.aspx?scid=kb;EN-US;241252
| > | >
| > | > 888201 You receive an "Error 721" error message when you try to
| > establish
| > | > a
| > | > VPN connection through your Windows Server-based remote access
server
| > | > http://support.microsoft.com/default.aspx?scid=kb;EN-US;888201
| > | >
| > | > Thanks for your time and I look forward to hearing from you.
| > | >
| > | > Best regards,
| > | >
| > | > Crina Li (MSFT)
| > | >
| > | > Microsoft CSS Online Newsgroup Support
| > | >
| > | > Get Secure! - www.microsoft.com/security
| > | >
| > | > =====================================================
| > | > This newsgroup only focuses on SBS technical issues. If you have
| > issues
| > | > regarding other Microsoft products, you'd better post in the
| > corresponding
| > | > newsgroups so that they can be resolved in an efficient and timely
| > manner.
| > | > You can locate the newsgroup here:
| > | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | >
| > | > When opening a new thread via the web interface, we recommend you
| > check
| > | > the
| > | > "Notify me of replies" box to receive e-mail notifications when
there
| > are
| > | > any updates in your thread. When responding to posts via your
| > newsreader,
| > | > please "Reply to Group" so that others may learn and benefit from
your
| > | > issue.
| > | >
| > | > Microsoft engineers can only focus on one issue per thread.
Although
| > we
| > | > provide other information for your reference, we recommend you post
| > | > different incidents in different threads to keep the thread clean.
In
| > | > doing
| > | > so, it will ensure your issues are resolved in a timely manner.
| > | >
| > | > For urgent issues, you may want to contact Microsoft CSS directly.
| > Please
| > | > check http://support.microsoft.com for regional support phone
numbers.
| > | >
| > | > Any input or comments in this thread are highly appreciated.
| > | >
| > | > =====================================================
| > | >
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > | > rights.
| > | > --------------------
| > | > | From: "Adam Hudson" <abmhudson@xxxxxxxxxxx>
| > | > | References: <ubvYuSBLGHA.2704@xxxxxxxxxxxxxxxxxxxx>
| > | > <Xq#bdZHLGHA.608@xxxxxxxxxxxxxxxxxxxxx>
| > | > | Subject: Re: VPN Client
| > | > | Date: Thu, 9 Feb 2006 12:01:29 +1100
| > | > | | Newsgroups: microsoft.public.windows.server.sbs
| > | > | |
| > | > | How so you enable IP Protocol 47? I have forwarded port 1723 to
the
| > | > server
| > | > | through the modem but still cant work out where to configure IP
| > Protocl
| > | > 47..
| > | > |
| > | > |
| > | > | ""Crina Li"" <v-crinal@xxxxxxxxxxxxxxxxxxxx> wrote in message
| > | > | news:Xq%23bdZHLGHA.608@xxxxxxxxxxxxxxxxxxxxxxxx
| > | > | > Hi Robert,
| > | > | >
| > | > | > Thank you for posting in SBS newsgroup.
| > | > | >
| > | > | > From your description, my understanding on this issue is: you
| > cannot
| > | > | > establish the VPN connection to the SBS server by using the
| > | > 'Connection
| > | > | > Manager' from external clients. If I have misunderstood your
| > concern,
| > | > | > please do not hesitate to let me know.
| > | > | >
| > | > | > Would you please help me confirm if you have followed the steps
| > below
| > | > to
| > | > | > configure VPN access on an SBS environment?
| > | > | >
| > | > | > 1. Run CEICW, follow the wizard and select Enable firewall and
| > then
| > | > make
| > | > | > sure Virtual Private Networking (VPN) is selected in the
Services
| > | > | > Configuration page. And make sure you have typed the public
FQDN
| > of
| > | > the
| > | > | > SBS
| > | > | > server on the Web Server Certificate page.
| > | > | > 2. Run Remote Access Wizard in Server Management\Internet and
| > | > | > E-mail\Configure Remote Access, and select VPN access in the
| > Remote
| > | > Access
| > | > | > Method page. After finishing this wizard, RRAS is configured to
| > allow
| > | > | > inbound VPN access, and it can assign IP addresses to the VPN
| > clients
| > | > by
| > | > | > using DHCP.
| > | > | >
| > | > | > Note: When we run the remote access wizard to set up the VPN
| > service,
| > | > we
| > | > | > need to input the public IP address or the public FQDN of the
SBS
| > | > server.
| > | > | > We need to make sure that the address can be accessed from the
| > | > internet.
| > | > | >
| > | > | > 3. On the VPN client, go to https://publicFQDN/remote, clear I'm
| > using
| > | > a
| > | > | > public or shared computer, log in and download Connection
Manager.
| > | > | > 4. Install Connection Manager on the VPN client.
| > | > | > 5. Is there a hardware router installed in front of the SBS
| > server?
| > If
| > | > so,
| > | > | > ensure that the port forwarding for TCP 1723 and GRE port
| > (protocol
| > | > number
| > | > | > 47) are opened. PPTP VPN is negotiating a connection on TCP port
| > 1723
| > | > and
| > | > | > send data to and from the PPTP server using the GRE protocol (IP
| > | > Protocol
| > | > | > 47, 0x2F if you are looking in Network Monitor). You should open
| > port
| > | > 1723
| > | > | > on the router and also make sure IP Protocol 47 is allowed.
| > | > | >
| > | > | > For detailed information, you can refer to the following KB
| > articles:
| > | > | >
| > | > | > 323381 How to Allow Remote Users to Access Your Network in
Windows
| > | > Server
| > | > | > 2003
| > | > | > http://support.microsoft.com/?id=323381
| > | > | >
| > | > | > 323441 How To Install and Configure a Virtual Private Network
| > Server
| > | > in
| > | > | > Windows
| > | > | > http://support.microsoft.com/?id=323441
| > | > | >
| > | > | > If you still cannot establish the VPN connection, please help
me
| > to
| > | > | > collect
| > | > | > the following information for troubleshooting the problem:
| > | > | >
| > | > | > 1. What's the VPN server name you entered when you ran the
Remote
| > | > Access
| > | > | > Wizard? Can you ping that name from the external client? The VPN
| > | > server
| > | > | > name should be the public FQDN or the public IP address of the
SBS
| > | > server.
| > | > | > 2. Can you create VPN to SBS through new connection wizard on My
| > | > Network
| > | > | > Places on external client?
| > | > | > 3. Get the IPCONFIG /ALL results when Creating VPN on client
| > computer
| > | > and
| > | > | > SBS.
| > | > | > 4. Can you ping the server name and IP from the problematic
| > client?
| > | > | > 5. Would you please post a screen shot to newsgroup?
| > | > | >
| > | > | > I am appreciated your time and I look forward to hearing from
you.
| > | > | >
| > | > | > Best regards,
| > | > | >
| > | > | > Crina Li (MSFT)
| > | > | >
| > | > | > Microsoft CSS Online Newsgroup Support
| > | > | >
| > | > | > Get Secure! - www.microsoft.com/security
| > | > | >
| > | > | > =====================================================
| > | > | > This newsgroup only focuses on SBS technical issues. If you have
| > | > issues
| > | > | > regarding other Microsoft products, you'd better post in the
| > | > corresponding
| > | > | > newsgroups so that they can be resolved in an efficient and
timely
| > | > manner.
| > | > | > You can locate the newsgroup here:
| > | > | >
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | > | >
| > | > | > When opening a new thread via the web interface, we recommend
you
| > | > check
| > | > | > the
| > | > | > "Notify me of replies" box to receive e-mail notifications when
| > there
| > | > are
| > | > | > any updates in your thread. When responding to posts via your
| > | > newsreader,
| > | > | > please "Reply to Group" so that others may learn and benefit
from
| > your
| > | > | > issue.
| > | > | >
| > | > | > Microsoft engineers can only focus on one issue per thread.
| > Although
| > | > we
| > | > | > provide other information for your reference, we recommend you
| > post
| > | > | > different incidents in different threads to keep the thread
clean.
| > In
| > | > | > doing
| > | > | > so, it will ensure your issues are resolved in a timely manner.
| > | > | >
| > | > | > For urgent issues, you may want to contact Microsoft CSS
directly.
| > | > Please
| > | > | > check http://support.microsoft.com for regional support phone
| > numbers.
| > | > | >
| > | > | > Any input or comments in this thread are highly appreciated.
| > | > | >
| > | > | > =====================================================
| > | > | >
| > | > | > This posting is provided "AS IS" with no warranties, and
confers
| > no
| > | > | > rights.
| > | > | > --------------------
| > | > | > | From: "Robert Craig" <craigrobert@xxxxxxx>
| > | > | > | Subject: VPN Client
| > | > | > | Date: Tue, 7 Feb 2006 10:31:05 -0800
| > | > | > | | Newsgroups: microsoft.public.windows.server.sbs
| > | > | > | |
| > | > | > | I'd say about 9 out of 10 tries to VPN to my server from
another
| > | > | > location
| > | > | > | fails. The connection just sits at verifying username and
| > password
| > | > and
| > | > | > | eventually gives up. Sometimes the error is the remote
computer
| > did
| > | > not
| > | > | > | respond, the other is the server and client could not agree
on a
| > | > PPTP
| > | > | > | connection. What could be wrong?
| > | > | > |
| > | > | > | Using SBS2003
| > | > | > |
| > | > | > | Thanks!
| > | > | > |
| > | > | > | Robert
| > | > | > |
| > | > | > |
| > | > | > |
| > | > | >
| > | > |
| > | > |
| > | > |
| > | >
| > |
| > |
| > |
| >
|
|
|
.
- Follow-Ups:
- Re: VPN Client
- From: Adam Hudson
- Re: VPN Client
- References:
- VPN Client
- From: Robert Craig
- RE: VPN Client
- From: "Crina Li"
- Re: VPN Client
- From: Adam Hudson
- Re: VPN Client
- From: "Crina Li"
- Re: VPN Client
- From: Adam Hudson
- Re: VPN Client
- From: "Crina Li"
- Re: VPN Client
- From: Adam Hudson
- VPN Client
- Prev by Date: Re: Problem with connect computer wizard
- Next by Date: RE: Modem problems with dial-up-access
- Previous by thread: Re: VPN Client
- Next by thread: Re: VPN Client
- Index(es):
Relevant Pages
|
