Re: VPN/Remote Access
- From: Sestratton <Sestratton@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 19 Sep 2006 07:51:02 -0700
Joe:
I also forgot to mention, we are using two NICs on the server, internal and
external.
This firewall has its own vpn which (theoretically) will connect with the
provided client software from out on the internet. Do you think that would
work? Would that give users login access to the server since we'd be on the
"external" NIC?
I'd hate to try that, I'd much rather use the SBS VPN, but I gotta get this
thing working pronto.
--
sestratton
tallahassee, fl
"Joe" wrote:
Sestratton wrote:.
We're running SBS 2003.
Initially we had installed ISA server, but we could never get it to work
with a screwy program (written by the local courthouse programmer) we have to
use for access to the local courthouse. We HAVE to have that access, so I
eventually had to uninstall the ISA and go with a hardware firewall.
We have always been able to access OWA from outside the office, but the VPN
and remote access have never worked. I have run and re-run the wizards to no
avail.
We've never really needed it before, so I didn't worry much about it. But
now we are REALLY needing VPN access and I can't get it to work. I'm sure
something is getting blocked at either the hardware firewall or the SBS
server.
When trying to access the VPN now, with the hardware firewall on I get an
Error 800.
Just to see what would happen, I turned off the harware firewall for a
couple minutes and tried again. Then I get an Error 721.
So the hardware firewall is part of the problem, but not the entire problem.
My question is, can you point me toward a troubleshooting methodology to
figure all this out?
There are two protocols which are used for the basic PPTP VPN, and they
need to be passed by the firewall and also directed to the SBS. So the
firewall needs to be configured to do this.
I can't be more specific, but the firewall will have a rule-making
system. The messages you need to redirect are TCP/IP port 1723 and
IP protocol 47, known as GRE. Some firewalls refer to both protocols
together as PPTP. They need to be accepted and passed to the SBS. If
you still have two NICs in the server, the redirection is to the
external one.
Error 800 usually means 'no way at all', and 721 usually means 'I got
the TCP/1723 connection but not GRE'. Try the firewall configuration
and come back with specific error messages if there is still trouble.
There are other possible problems, and users need to be members of the
Mobile Users group, so it's worth trying a VPN connection from one of
the LAN workstations. If that's OK, it's definitely a firewall or
client issue.
- Follow-Ups:
- Re: VPN/Remote Access
- From: Joe
- Re: VPN/Remote Access
- References:
- Re: VPN/Remote Access
- From: Joe
- Re: VPN/Remote Access
- Prev by Date: Re: Cannot reply/forward in OWA - Page cannot be displayed
- Next by Date: Re: Multiple domain distribution groups
- Previous by thread: Re: VPN/Remote Access
- Next by thread: Re: VPN/Remote Access
- Index(es):
Relevant Pages
|
