Re: VPN Ports to Open
- From: v-terliu@xxxxxxxxxxxxxxxxxxxx (Terence Liu [MSFT])
- Date: Tue, 27 Nov 2007 09:30:42 GMT
Hello Customer,
Thank you for posting here.
According to your description, I understand that you unable to establish
the VPN connection after you change the firewall before SBS. If I have
misunderstood the problem, please don't hesitate to let me know.
First, this is a hardware settings issue. I suggest you contact your
firewall support for help.
Based on my research, we need to forward the TCP 1723 and GRE 47 from
firewall to SBS for PPTP VPN connection. We can use the PPTP Ping to test
whether the necessary ports are open for the VPN:
We have a tool called PPTP ping, you can use it to test the PPTP network
connection. If you cannot pass the test, there must be firewall or router
block the GRE 47.
Please use the PPTP Ping tool included in Windows XP Support tools to
confirm whether the ports are opened to allow VPN connection. You can find
Windows XP support tool from the "Support\Tools" folder in the Windows XP
CD.
a) Get two utilities pptpsrv.exe and pptpclnt.exe from the Windows XP
support tools.
b) Run the pptpsrv.exe utility on the SBS server.
c) Run the pptpclnt.exe utility on the problem Windows XP
Professional-based computer.
Detailed steps are:
Step 1. On the server, please stop the Routing and Remote Access service.
Then, please bring up a command prompt and go to the folder containing
PPTPsrv.exe. Then type PPTPsrv to run it instead of double clicking to run
the application. This method will let the final result displayed on screen
constantly.
Then, you will see the following on screen
----------------------------------------------------------------
C:\Documents and Settings\Administrator>cd desktop
C:\Documents and Settings\Administrator\Desktop>pptpsrv
Now you must run pptpclnt.exe on remote machine
Waiting for inbound connection on TCP port 1723...
------------------------------------------------------------------
Step 2. On the client computer, please bring up a command prompt and run
the command "pptpclnt SBSserver". The expected result should be as following
-----------------------------------------------------------------------
C:\Documents and Settings\user\Desktop>pptpclnt server.domain.com
Initializing WinSock...
Obtaining host information...
Successfully resolved server's host information
======================================
Enter data to send to server (between 1 and 255 chrs.), then hit enter:
-->This is a test
Successfully connected to server using TCP port 1723 (PPTP)
Sending data to server
Waiting for a reply to the data which was just sent...
Received a reply. Reply contains the following text:
---> Hello, there! This is a reply from the server.
=================================
Connectivity test to TCP Port 1723 was successful!!!
Closing down socket...
=================================
Creating a socket to test GRE protocol traffic...
Total GRE packets sent = 1
Total GRE packets sent = 2
Total GRE packets sent = 3
Total GRE packets sent = 4
Total GRE packets sent = 5
=====================================
Check server to see if the GRE packets were received successfully
=====================================
Closing down socket
Goodbye!
-----------------------------------------------------------------------
Step 3. At last, please go back to the server and check the result. You
will see the followings
---------------------------------------------------------------------------
Inbound connection from client has completed successful
Data received from client:
---> This is a test
Sending the message 'Reply from server' to the client
=====================================================
Connectivity test to TCP Port 1723 was successful!!!
Closing down socket...
=====================================================
Created socket for GRE protocol test
Listening on PROTOCOL 47 for incoming GRE packets...
Total GRE packets received = 1
Total GRE packets received = 2
Total GRE packets received = 3
Total GRE packets received = 4
Total GRE packets received = 5
======================================
GRE protocol test was successful!
======================================
Closing socket
Goodbye!
---------------------------------------------------------------------------
Additional, I would like to verify the steps you set up VPN on SBS:
1. Run CEICW on SBS
You have to rerun the CEICW to make sure your SBS 2003 server have right
network configuration. Go through the follow KB and Rerun CEICW again
carefully.
How to configure Internet access in Windows Small Business Server 2003
http://support.microsoft.com/kb/825763/en-us
2. Run Remote Access wizard
a) On the Small Business Server 2003-based server, click To Do List in the
left pane of the Server Management console.
b) Under Network Tasks, click Configure Remote Access.
c) Click Next, click Enable Remote Access, click to select the VPN Access
check box, and then click Next.
d) Type the fully qualified public domain name (your public DNS name) of
your server, click Next, and then click Finish.
e) When the wizard is completed, click Close.
3. Then you can access RWW to download Connection Manager or copy the file
from SBS server c:\ ClientApps\Connection Manager\SBSPackage.exe. Please
save the sbspackage.exe file in VPN client computer. Then double-click
SBSPackage.exe to run it. After this file run the "connect to small
business server" will be created and you can use it to connect VPN to your
SBS server.
If we cannot resolve the issue after we perform the above steps, please
help me collect some information for further investigation:
1. What error do you get on VPN clients? Please capture screenshots on the
error messages and send the pictures to me at v-terliu@xxxxxxxxxxxxx
2. Do you pass the PPTP Ping test?
3. Can you establish VPN connection from the internal clients?
I hope these steps will give you some help.
Thanks and have a nice day!
Best regards,
Terence Liu(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: gr <guybo@xxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| Subject: Re: VPN Ports to Open
| Date: Mon, 26 Nov 2007 19:14:10 -0800 (PST)
| Organization: http://groups.google.com
| Lines: 20
| Message-ID:
<701c1b83-3472-4dfb-9864-63b756cf0458@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
| References:
<12bc3f09-7179-4f93-9f59-2d0ccfd17529@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
| <#Fc2yHGMIHA.6060@xxxxxxxxxxxxxxxxxxxx>
| NNTP-Posting-Host: 65.101.91.34
| Mime-Version: 1.0
| Content-Type: text/plain; charset=ISO-8859-1
| Content-Transfer-Encoding: 7bit
| X-Trace: posting.google.com 1196133250 25534 127.0.0.1 (27 Nov 2007
03:14:10 GMT)
| X-Complaints-To: groups-abuse@xxxxxxxxxx
| NNTP-Posting-Date: Tue, 27 Nov 2007 03:14:10 +0000 (UTC)
| Complaints-To: groups-abuse@xxxxxxxxxx
| Injection-Info: s36g2000prg.googlegroups.com; posting-host=65.101.91.34;
| posting-account=NDde6wkAAAAtzc0tjZhL3ohyiDEXPj-l
| User-Agent: G2/1.0
| X-HTTP-UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.8.1.9)
| Gecko/20071025 Firefox/2.0.0.9,gzip(gfe),gzip(gfe)
| Content-Disposition: inline
| Path:
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS02.phx.gbl!newsfeed0
0.sul.t-online.de!t-online.de!news.glorb.com!postnews.google.com!s36g2000prg
..googlegroups.com!not-for-mail
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:78180
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| > Mail TCP/25
| > Companyweb TCP/444
| > RWW, OWA TCP/443
| > RWW TCP/4125
| >
| > PPTP VPN TCP/1723 *and* IP protocol 47 (GRE)
| >
| > Netgear does both with "PPTP Service", other manufacturers often use
| > something similar. Very few actually allow individual IP protocols to be
| > specified.
|
|
| I setup the PPTP Service, but still to no avail. Is there a way to
| "test" if protocol 47 is open?
|
| I know what is going to happen. I'm going to get this working 1 day
| before the replacement router gets here. (grin)
|
| Thanks again for the help
| Guy
|
.
- Follow-Ups:
- Re: VPN Ports to Open
- From: gr
- Re: VPN Ports to Open
- References:
- VPN Ports to Open
- From: gr
- Re: VPN Ports to Open
- From: gr
- VPN Ports to Open
- Prev by Date: Re: Backup fails with no error in the log
- Next by Date: Re: HELP!!!!! ISA is blocking FTP and I've spent all day in forums!!!!
- Previous by thread: Re: VPN Ports to Open
- Next by thread: Re: VPN Ports to Open
- Index(es):
Relevant Pages
|
