Re: Connection Wizard - VPN Problem

Maybe I am configuring something wrong in the Remote Access settings. When I get to this screen this is what help tells me?

VPN Server Name The Routing and Remote Access service enables your server to be a virtual private network (VPN) server.
In Server name, type the fully qualified host name used to access your server from the Internet. The fully qualified host name
is the server name of your server followed by your registered Internet domain name. For example, ServerName.microsoft.com.
For your remote client computers to connect to the server, this name must be registered with the DNS server at your Internet
service provider (ISP). Alternatively, you can enter the IP address of the network adapter used to connect to the Internet.

The "enter the IP address of the network adapter used to connect to the Internet" is where I might be going wrong. I have entered the Static IP provided by Verizon. But if I am reading correctly, should I be putting my 192.168.2.x address in that box? At one time I had vpn.domain_name.net


D


"Joe" <joe@xxxxxxxxxxxxxx> wrote in message news:un7JYKRjIHA.3512@xxxxxxxxxxxxxxxxxxxxxxx
-Draino- wrote:
Hi all,

I am getting an error with the "connect to sbs" (I think it's the connection
wizard that I downloaded from the RWW interface) When I try to connect it's
fails. I see it's trying to connect with a vpn connection but I get this
error:

Unable to establish the VPN connection. The VPN server may be unreachable,
or security parameters may not be configured properly for this connection.
(Error 800) For customized troubleshooting information for this connection,
click Help

Help doesn't provide much help :)

Any suggestions


What the others suggest is basically correct, but routers differ considerably. What you want to do is to use the PPTP type of VPN, which requires TCP port 1723 and IP protocol 47 (GRE) to be forwarded to the server. Many routers will have a single facility, called 'PPTP service' or 'PPTP passthrough' or something similar.

More advanced routers can accept PPTP connections themselves, which is not what you want here. If there are multiple PPTP entries, you want 'passthrough'. You do also need to have requested VPN in both the CEICW and RRAS wizards, and users need to be in the Mobile Users security group.

You are now also making a direct TCP/IP network connection, which RWW doesn't do. The usual routing rule that all network addresses (ranges) must be different applies here. If the SBS LAN is using 192.168.16.x addresses, for example, any remote client must not use this range on any of its own network interfaces.

There are two stages in making the connection, and your client software will report success after just the first stage. You get error 800 if the first stage doesn't complete, which means the TCP/1723 connection wasn't made. The usual error if that works but the GRE tunnel is not made is 723, after a timeout, but there are other possibilities.

Finally, VPN is the right answer to a very limited range of questions, as it offers a significant security risk to the network. If a user has a laptop which is regularly used on the LAN and remotely, then VPN allows him to see the same network environment, although much more slowly through the VPN. Almost all other purposes for which VPN is used can be achieved more securely by other means.

There is also a group of applications, particularly the low-end accounting packages, which should *not* be used over a network prone to interruptions, which VPN is. The use of a split Access database is also a bad idea, the backend data file being very fragile and easily broken by a disconnection.

.

Relevant Pages

  • Re: Connection Wizard - VPN Problem
    ... VPN Server Name The Routing and Remote Access service enables your server to be a virtual private network server. ... I am getting an error with the "connect to sbs" (I think it's the connection ...
    (microsoft.public.windows.server.sbs)
  • Re: [Full-disclosure] Remote Desktop Command Fixation Attacks
    ... This set of steps is redundant in many places, and it's also enormously expensive, since you're using no less than three different expensive bits of networking hardware (AP, PIX, VPN Concentrator), in addition to a bunch of x86 server hardware, windows server licenses, and at least one ISA license. ... Your computers necessarily don't have full access to your network infrastructure when they aren't logged on, so GPOs, software updates, etc can't be applied at the times you want them to be applied. ... Turning on, enabling, and implementing every possible security setting and device you think of is not defence in depth, and will probably only have two effects - your users won't use your wireless network, and you'll burn so much cash you won't have any left to spend on *useful* security measures. ...
    (Full-Disclosure)
  • RE: PPTP VPN connection problems
    ... The problem is that the VPN does not disconnect. ... However after some idle period I can not send packets across the connection. ... A ping to the server would result in "Request timed out". ... If I connect with the VPN client locally to the internet ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN Ports to Open
    ... the VPN connection after you change the firewall before SBS. ... On the server, please stop the Routing and Remote Access service. ... Total GRE packets sent = 1 ...
    (microsoft.public.windows.server.sbs)
  • Re: Windows 2003 VPN Default Gateway Issues
    ... Ethernet adapter Local Area Connection: ... If the VPN server is configured to use a static IP address ... the default gateway on the client is not the problem. ...
    (microsoft.public.windows.server.networking)