VPN set up on SBS : sbs, 2003 r2, installed behind zywall 5 router/firewall

May 16, 2008 11:59pm pdt

1. batry_boy 209,084
2. RobWill 183,875
3. arnold 81,143
4. lrmoore 72,848
5. mwecompu... 55,414
6. MrHusy 36,470
7. ebjers 35,950
8. mkielar 33,600
9. dpk_wal 28,673
10. Cyclops3590 27,700
11. trinak96 22,665
12. TechSoEasy 20,114
13. from_exp 19,775
14. stuknhawaii 18,075
15. johnb6767 16,522

1. RobWill 1,336,768
2. lrmoore 873,591
3. batry_boy 383,794
4. grblades 213,434
5. rsivanandan 138,641
6. calvinetter 112,055
7. TechSoEasy 93,193
8. arnold 83,143
9. dpk_wal 81,673
10. tim_holman 75,964
11. mwecompu... 73,214
12. MrHusy 69,744
13. keith_al... 69,385
14. ewtaylor 68,324
15. plemieux72 64,143

04.30.2008 at 12:49PM PDT, ID: 23366609

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

9.8

VPN set up on SBS

Zones: Virtual Private Networking (VPN), SBS Small Business Server

Tags: sbs, 2003 r2, installed behind zywall 5 router/firewall

Our company has an sbs server installed behind a zywall 5 router/firewall. Several users have vpn access which I did not set up (nor did I install the server - am just trying to come to grips with maintaining it). Clients are mostly xp with 1 or 2 vista. I have recently discovered by accident that if I set up a new vpn connection on a non domain computer using the connection wizard in xp and then attempt to connect but do not provide a user name and password (I.e. leave those fields blank and just press 'connect' , I get staright into the network and have full access to everything - i.e. folder permissions do not seem to apply. If I enter a wrong user id and password (i.e. one not defined on the server) I can't get in - but leaving the fields blank gets me staright in.

I would appreciate some pointers on how to go about closing this security hole (crater actually) and getting mobile users set up such that when they log in they have only their own permissions and obviously it is impossible to get in without a user name and password.

Another point is that if I enter a valid user name and password, I get in but again have full access to all folders regardless of permissions.

Start your free trial to view this solution

Question Stats

Zone: Software

Question Asked By: Christine_Moran

Solution Provided By: RobWill

Participating Experts: 1

Solution Grade: A

Translate:

Loading Advertisement...

Microsoft

Internet Protocols
Applications

Development
OS

Hardware
Windows Security

Apple

Operating Systems
Hardware

Programming
Networking

Software

Internet

Search Engines
File Sharing
WebTrends / Stats
Spy / Ad Blockers

Web Browsers
New Net Users
Web Development
Chat / IM

Anti Spam
Web Servers
Anti-Virus
Email Clients

Gamers

Tips
Online / MMORPG
Puzzle
Emulators

Action / Adventure
Role Playing
Consoles
Game Programming

Strategy
Sports
Misc
Computer Games

Digital Living

Hardware
New Net Users
New Users

Software
Digital Music
Gaming World

Home Security
Apple
Networking Hardware

Virus & Spyware

Vulnerabilities
IDS
Encryption
Anti-Virus

Operating Systems Security
Software Firewalls
WebApplications
Cell Phones

Operating Systems
Internet
Hardware Firewalls

Hardware

Handhelds / PDAs
Displays / Monitors
Components
Networking Hardware

Peripherals
Laptops/Notebooks
Storage
Servers

Desktops
New Users
Misc
Apple

Software

System Utilities
Industry Specific
Network Management
Photos / Graphics
Page Layout
VMWare
Misc
Web Development

OS
CYGWIN
Voice Recognition
Message Queue
Quality Assurance
Security
Firewalls
MultiMedia Applications

Development
Database
Office / Productivity
Business Management
OS/2 Apps
Server Software
Internet / Email

ITPro

OS
Storage
Encryption
Operating Systems Security
Apple Hardware
Laptops & Notebooks
Servers
Networking Hardware
Peripherals

Devices
Displays / Monitors
WebTrends / Stats
Search Engines
Firewalls
WebApplications
IDS
Vulnerabilities
Email Clients

File Sharing
Spy / Ad Blockers
Web Browsers
Web Servers
Networking
Anti-Virus
Chat / IM
Anti Spam

Developer

Web Servers
Web Browsers
Game Programming
Dev Tools
Industry Specific
Office / Productivity

Database
CYGWIN
Web Development
Search Engines
File Sharing
WebTrends / Stats

Programming
Content Management
Application Servers
Protocols

Storage

Removable Backup Media
Storage Technology
Servers

Grid
Remote Access
Backup / Restore

Misc
Hard Drives

Miscellaneous
Security
Development
Linux
VMWare

MainFrame OS
Unix
Apple
OS / 2
AS / 400

BeOS
Microsoft
VMS / OpenVMS

Database

Oracle
Miscellaneous
MySQL
Software
Sybase
Contact Management
PostgreSQL
Data Manipulation
Clarion
InterSystems Cache

Siebel
MUMPS
OLAP
SQLBase
SAS
GIS & GPS
4GL
Berkeley DB
DB2
Informix

Interbase / Firebird
FoxPro
Reporting
LDAP
Filemaker Pro
MS SQL Server
dBase
MS Access

Security

Misc
Web Browsers
Software Firewalls
Operating Systems Security
File Sharing

Spy / Ad Blockers
Vulnerabilities
WebApplications
IDS
Anti-Virus

Encryption
Anti Spam
Email Clients
VPN
Chat / IM

Programming

Editors IDEs
Installation
Handhelds / PDAs
Multimedia Programming
System / Kernel

Algorithms
Game
Signal Processing
Project Management
Open Source

Database
Misc
Languages
Processor Platforms
Theory

Web Development

Scripting
Blogs
Web Servers
Software
Search Engines
Web Graphics
Images

Internet Marketing
Images and Photos
Components
Document Imaging
Web Languages/Standards
Illustration
WebApplications

Fonts
WebTrends / Stats
Authoring
Digital Camera Software
Miscellaneous

Networking

Protocols
Apple Networking
Network Management
Message Queue
Application Servers
Content Management
File Servers
Email Servers
Misc
Java Editors & IDEs

Wireless
Networking Hardware
Backup / Restore
System Utilities
ISPs & Hosting
Web Servers
Storage Technology
Removable Backup Media
Servers
Broadband

Grid
OS / 2
Novell Netware
Unix Networking
Windows Networking
Security
Telecommunications
Operating Systems
Linux Networking

Other

Community Advisor
Lounge
Community Support
New Net Users

Philosophy / Religion
Math / Science
Miscellaneous
URLs

Expert Lounge
Politics
Puzzles / Riddles

Community Support

Suggestions
New to EE
New Topics
Community Advisor

CleanUp
Announcements
General

Feedback
Input
EE Bugs

04.30.2008 at 02:21PM PDT, ID: 21474643

Rank: Genius

RobWill:

Is there any chance the guest account is enabled on the PC in question?

How are they connecting if the appropriate port is not enabled and forwarded on the router?

If you want multiple users to access your network by VPN it needs to be managed on the server. XP only allows 1 connection, and the port forwarding can only be to one PC.

04.30.2008 at 03:14PM PDT, ID: 21475068

Christine_Moran:

I'm not trying to remote onto any particular pc just gain access to the network. I set up the vpn connection on the remote pc and, even if I do not enter a user name and password it goes through the whole authentication process and tells me I'm in.

The connection is being managed by the server, the ppp wan port on the remote pc is allocated an ip address by the server and , if ,having remotely accessed the LAN (using no user name and pwd) I then remote onto the sbs box (which obviuosly asks me for my user name and pwd as it would if I was sitting in the office). I can go to 'routing and remote access' in the admin tools and view my connection. Interestingly, it shows me connected as my own user name even though I didn't log on using that user name. (Although I would have previously logged on from this pc using valid credentials). Could SBS somehow be remembering my previous connection? perhaps the mac address of my pc? This doesn't seem very secure! - I'm not really sure where to go from here. The person who set up the server and the vpn initially seems to have accepted the default remote access policies. Again any help would be much appreciated.

04.30.2008 at 04:08PM PDT, ID: 21475347

Rank: Genius

RobWill:

>>....it goes through the whole authentication process and tells me I'm in."
Is this on a LAN or over the Internet. If you have the same user name and password on the local PC it would be automatic if it is a work grouped PC. My point was no one would have access via the Intern t if the port was not forwarded to the PC.

I don't fully understand though. You say you set up the VPN connection on the PC, but you are using RRAS. These are 2 different VPN's

The most secure way to access an SBS domain is using Remote Web Workplace:
http://www.lan-2-wan.com/SBS.htm#q1

Accepted Solution

05.09.2008 at 04:04AM PDT, ID: 21531633

Rank: Genius

RobWill:

Thanks Christine_Moran
If you post a related question later, and you want me to have a look just send a link to the question, to the e-mail in my profile (click on RobWill)
Cheers !
--Rob

20080236-EE-VQP-29 / EE_QW_2_20070628