Re: SBS VPN without certificate

PastorTJ wrote:
never mind. got past this error. now CM will not verify password.


OK, you've got this far and know that VPN needs both TCP port 1723 and IP protocol 47 to get through. Where you've reached is that the TCP/1723 negotiation has started, so you've reached the SBS, but it hasn't completed.

By far the most common reason not to get past the password stage is that TCP/IP routing isn't working properly, because the client computer has a network interface that uses the same network address as the SBS. In other words, that the NIC in your client machine and the SBS LAN both have the first portion of their IP addresses in common. They must be different for routing to work. A two-NIC SBS will typically use the 192.168.0.0 network address, and that is a common one for routers to use as a default.

If this is the problem, it is probably slightly easier to change the router, but in the long term it is better to change the SBS address, as sooner or later the same thing will happen with another router. The SBS has a Change IP Address wizard, which seems to do a good job. It will automatically change the DHCP range, which hopefully the LAN clients will pick up quickly. The 192.168.0.0, 192.168.1.0 and 192.168.254.0 networks are common defaults, so I'd suggest somewhere near the middle of the range, such as 192.168.110.0.

If this isn't the problem, the next most common one is that protocol 47 isn't getting through. This is probably happening at the router at the SBS end, which needs to forward it. As Russ says, something which mentions 'GRE' or 'PPTP' is the most likely configuration you need. In general, no configuration of the router at the client end is necessary.
If the client does have a personal firewall, make sure it is in learning mode so you can see what is trying to get out.

There's no problem about using the IP address for a VPN connection, it's just harder to remember. One undocumented point: if you have a failure to connect, don't try again too quickly. The client public IP address is stored in a table in SBS during the VPN connection, and isn't deleted until a minute after the connection ends. So when it fails, and you try to adjust something, let the full minute go by before trying again. No, don't ask how long it took me to discover this...
.

Relevant Pages

  • Re: netopia 3346 and site to site vpn with sbs 2003 premium
    ... unavailable and the client uses cached creds. ... everythime its an issue with the route from the remote site router. ... SBS 2003 SP 1 with ISA 2004 installed. ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS setup Help!!
    ... The client purchased a router instead of an access ... "guest" computers (to get Internet access) or both? ... PC's connecting wirelessly will only be able to connect to the SBS ...
    (microsoft.public.windows.server.sbs)
  • Re: Open range of ports for gaming clients
    ... If i connect one client to the router (bypassing sbs) online games work. ... On the router I forwarded ports to sbs. ...
    (microsoft.public.windows.server.sbs)
  • Re: message did not reach some or all
    ... The router is configured with the static IP. ... the router is 192.168.1.1 and the ext nic on the sbs box is 1.2. ... Can you confirm your client is using a static ... The recipients domain is not on any block list. ...
    (microsoft.public.exchange.admin)
  • Re: Networking Question - VLANs on SBS 2003 Premium SP1
    ... Ensure you connect the SBS external NIC to one LAN port of the router. ... On the Connection Type page, click Broadband, and then click Next. ... Internet access and the local network check box, ...
    (microsoft.public.windows.server.sbs)
Loading