RE: OpenVPN + ISA/SBS
- From: v-terliu@xxxxxxxxxxxxxxxxxxxx (Terence Liu [MSFT])
- Date: Wed, 28 Mar 2007 06:38:58 GMT
Hello Gerry,
Thank you for posting here.
According to your description, I understand that you want to set up VPN
connection from remote client to SBS with ISA. If I have misunderstood the
problem, please don't hesitate to let me know.
Since you use 3rd-party VPN project, I suggest you to contact your VPN
project vendor for further investigation.
Based on my research, SBS with ISA has its own VPN component, I suggest we
try the following steps to set up VPN connection from remote client to SBS:
Step 1: Run CEICW
You have to rerun the CEICW to make sure your SBS 2003 server have right
network configuration. Go through the follow KB and Rerun CEICW again
carefully.
How to configure Internet access in Windows Small Business Server 2003
http://support.microsoft.com/kb/825763/en-us
Step 2: Run Remote Access wizard on SBS
a) On the Small Business Server 2003-based server, click To Do List in the
left pane of the Server Management console.
b) Under Network Tasks, click Configure Remote Access.
c) Click Next, click Enable Remote Access, click to select the VPN Access
check box, and then click Next.
d) Type the fully qualified public domain name (FQDN) of your server, click
Next, and then click Finish.
e) When the wizard is completed, click Close.
Step 3: Go to the client and establish the VPN connection to the SBS
Server, you can refer to this KB article for more information:
How to configure a connection to a virtual private network (VPN) in Windows
XP
http://support.microsoft.com/default.aspx?scid=KB;EN-US;314076
Step 4: Check the settings on your router (if you have)
Basically, the router must be able to pass Generic Route Encapsulation
(GRE) protocol 47 and TCP 1723 port for PPTP traffic to connect correctly
to use VPN. When a cable/DSL router cannot map GRE protocol 47 and TCP 1723
port to the Routing and Remote Access server, you cannot connect to the
server from the Internet. Please contact your router vendor for help.
Hope these steps will give you some help.
Thanks and have a nice day!
Best regards,
Terence Liu(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: OpenVPN + ISA/SBS
| thread-index: AcdwxSw4om1A4Fk6TliS7jedISA0+A==
| X-WBNR-Posting-Host: 207.46.199.61
| From: =?Utf-8?B?Z2Vycnlr?= <gerryk@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: OpenVPN + ISA/SBS
| Date: Tue, 27 Mar 2007 16:10:55 -0700
| Lines: 23
| Message-ID: <0D229365-8095-4456-AC43-B07A4AF3BBBF@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:25672
| NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I am managing an SBS server with ISA. Some of the on-the-road clients are
| running XP Home, but still need VPN access, so I have installed OpenVPN
in
| routed mode.
| The configuration is as follows...
|
| OpenVPN private IP range: 10.8.0.x
| Virtual Interface in routed mode.
|
| ISA is set up to allow incoming connections on 1194 (the default OpenVPN
port)
| I have created a network in ISA called OpenVPN and containing the address
| range 10.8.0.1 - 10.8.0.255.
| I have created multiple rules... one for allowing incoming connections,
| multiple protocols, from OpenVPN to Localhost/OpenVPN and one for all
| outgoing connections from localhost to OpenVPN.
| The routing tables show that the OpenVPN address range routs through the
WAN
| port (direct connection to the internet).
|
| I can connect a client and receive an address via DHCP, but when I try to
| ping the server, there is no reply. I can see packets leaving the client
and
| arriving at the server, but ISA reports the packets as Denied. According
to
| my rules, they should get through.
|
| Anyone have any experience of this?
|
.
- Prev by Date: Re: No delivery notification
- Next by Date: Re: Whats the safest way to disable Exchange without removing it ?
- Previous by thread: RE: DHCP Cluster
- Next by thread: Re: OpenVPN + ISA/SBS
- Index(es):
Relevant Pages
|
