Re: Connection Wizard - VPN Problem

Are there dual nics?

Is there a router involved? I see you have Verizon static IP (as do I)--but I've still got a router in there for various reasons.

Describe the network connections?

"-Draino-" <guest@xxxxxxxxxxx> wrote in message news:6A45255B-4971-417B-B877-248E8071F608@xxxxxxxxxxxxxxxx
Maybe I am configuring something wrong in the Remote Access settings. When I get to this screen this is what help tells me?

VPN Server Name The Routing and Remote Access service enables your server to be a virtual private network (VPN) server.
In Server name, type the fully qualified host name used to access your server from the Internet. The fully qualified host name
is the server name of your server followed by your registered Internet domain name. For example, ServerName.microsoft.com.
For your remote client computers to connect to the server, this name must be registered with the DNS server at your Internet
service provider (ISP). Alternatively, you can enter the IP address of the network adapter used to connect to the Internet.

The "enter the IP address of the network adapter used to connect to the Internet" is where I might be going wrong. I have entered the Static IP provided by Verizon. But if I am reading correctly, should I be putting my 192.168.2.x address in that box? At one time I had vpn.domain_name.net


D


"Joe" <joe@xxxxxxxxxxxxxx> wrote in message news:un7JYKRjIHA.3512@xxxxxxxxxxxxxxxxxxxxxxx
-Draino- wrote:
Hi all,

I am getting an error with the "connect to sbs" (I think it's the connection
wizard that I downloaded from the RWW interface) When I try to connect it's
fails. I see it's trying to connect with a vpn connection but I get this
error:

Unable to establish the VPN connection. The VPN server may be unreachable,
or security parameters may not be configured properly for this connection.
(Error 800) For customized troubleshooting information for this connection,
click Help

Help doesn't provide much help :)

Any suggestions


What the others suggest is basically correct, but routers differ considerably. What you want to do is to use the PPTP type of VPN, which requires TCP port 1723 and IP protocol 47 (GRE) to be forwarded to the server. Many routers will have a single facility, called 'PPTP service' or 'PPTP passthrough' or something similar.

More advanced routers can accept PPTP connections themselves, which is not what you want here. If there are multiple PPTP entries, you want 'passthrough'. You do also need to have requested VPN in both the CEICW and RRAS wizards, and users need to be in the Mobile Users security group.

You are now also making a direct TCP/IP network connection, which RWW doesn't do. The usual routing rule that all network addresses (ranges) must be different applies here. If the SBS LAN is using 192.168.16.x addresses, for example, any remote client must not use this range on any of its own network interfaces.

There are two stages in making the connection, and your client software will report success after just the first stage. You get error 800 if the first stage doesn't complete, which means the TCP/1723 connection wasn't made. The usual error if that works but the GRE tunnel is not made is 723, after a timeout, but there are other possibilities.

Finally, VPN is the right answer to a very limited range of questions, as it offers a significant security risk to the network. If a user has a laptop which is regularly used on the LAN and remotely, then VPN allows him to see the same network environment, although much more slowly through the VPN. Almost all other purposes for which VPN is used can be achieved more securely by other means.

There is also a group of applications, particularly the low-end accounting packages, which should *not* be used over a network prone to interruptions, which VPN is. The use of a split Access database is also a bad idea, the backend data file being very fragile and easily broken by a disconnection.


.

Relevant Pages

  • Re: Outgoing POP3 email missing/lost/not received
    ... Funny thing is that I have had this ISP for 8 years and it has always been ... It looks like when you last ran CEICW, you set the ISP's mail server to: ... Internet Connection Wizard. ... After the wizard completes, the following network connection ...
    (microsoft.public.windows.server.sbs)
  • Re: Outgoing POP3 email missing/lost/not received
    ... ISP's mail server instead of the domain name on the ... SUMMARY OF SETTINGS FOR CONFIGURE E-MAIL AND INTERNET ... Internet Connection Wizard. ... After the wizard completes, the following network connection ...
    (microsoft.public.windows.server.sbs)
  • RE: Problems with Permissions
    ... And SBS server is only take ... the role of an internal server. ... they are all configured to connected to internal network. ... g. Run the Configure Email and Internet Connection Wizard on SBS server. ...
    (microsoft.public.windows.server.sbs)
  • Re: [Full-disclosure] Remote Desktop Command Fixation Attacks
    ... This set of steps is redundant in many places, and it's also enormously expensive, since you're using no less than three different expensive bits of networking hardware (AP, PIX, VPN Concentrator), in addition to a bunch of x86 server hardware, windows server licenses, and at least one ISA license. ... Your computers necessarily don't have full access to your network infrastructure when they aren't logged on, so GPOs, software updates, etc can't be applied at the times you want them to be applied. ... Turning on, enabling, and implementing every possible security setting and device you think of is not defence in depth, and will probably only have two effects - your users won't use your wireless network, and you'll burn so much cash you won't have any left to spend on *useful* security measures. ...
    (Full-Disclosure)
  • RE: VPN issue on SBS2003
    ... I understand that you encountered VPN connection issue when you use VPN to ... Internet clients or VPN to external VPN Server from SBS Client computers? ... Configure E-mail and Internet Connection Wizard ... Total GRE packets sent = 1 ...
    (microsoft.public.windows.server.sbs)