?
Solved

VPN SERVER ACCESS FROM HOME OF WINDOWS 2003 SERVER?

Posted on 2004-09-21
16
Medium Priority
?
1,645 Views
Last Modified: 2008-01-09
Hello Everybody,

I have got windows 2003 sbs server running behind firewall, which has got fixed ip address: 192.168.0.200, and my router ip address is xx.xx.xx.xxx. I have already done port forwarding of L2TP AND PPTP ports to my server ip address.

I would like to access my folder from my home of this server, I have enabled Routing and Remote access of the server and setup an ip address pool for the remote users to allocate. But i am getting error saying, there is no server or i have not set correct security paramenters.

I have checked on server event viewer, and it was telling that remotes users are not allowed with security certificate. Is there any certificate which i need to buy for having VPN Server running behind firewall on W2K3 SERVER?? Can someone guide me how to access my data from home.

Can someone give any links or any info on this regard.

Many thanks,
Krishna.
0
Comment
Question by:mohankodali
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
16 Comments
 
LVL 7

Expert Comment

by:LimeSMJ
ID: 12118121
How did you setup the client connecting to the RRAS server?  Is it using PPTP or L2TP/IPSec?

The certificate error you are getting is due to the L2TP/IPSec... you need a server-side certificate as well as a client side certificate to authenticate using that method.  Certificates can either be bought or the server can generate one for free.

If you use PPTP, you don't need certificates.
0
 

Author Comment

by:mohankodali
ID: 12120390
Hello LimeSMJ,

I am not quite sure what i am using, i mean i need to use without any certificates, sorry i am new to this exchange and windows. Can you please guide me how to setup PPTP, so that i can access data from my home computer using vpn or someother method mapping as network drive.

Many Thanks,
Krishna.
0
 

Author Comment

by:mohankodali
ID: 12120616
Is there any security setting that need to be made in windows 2003 server, so that i can accept PPTP connection???? can someone please hele me out on this ASAP.

Many Thanks,
Krishna.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 7

Accepted Solution

by:
LimeSMJ earned 500 total points
ID: 12128211
** Since you want PPTP (for now at least) you can close off the L2TP ports and leave the PPTP ports open (should be 1723 and 47). **

** Next setup the RRAS server on your Win 2003 server (excerpts from http://support.microsoft.com/default.aspx?scid=kb;en-us;323415#3 ): **

1. Click Start, point to Administrative Tools, and then click Routing and Remote Access.
2. In the left pane of the console, click the server that matches the local server name.

--> If the icon has a red arrow in the lower-right corner, the Routing and Remote Access service is not enabled. Go to step 3.

--> If the icon has a green arrow pointing up in the lower-right corner, the service is enabled. If so, you may want to reconfigure the server. To reconfigure the server, you must first disable Routing and Remote Access. To do this, right-click the server, and then click Disable Routing and Remote Access. Click Yes when you are prompted with an informational message.

3. Right-click the server, and then click Configure and Enable Routing and Remote Access to start the Routing and Remote Access Server Setup Wizard. Click Next.
4. Click Remote access (choose VPN) to permit remote computers to dial in or connect to this network through the Internet. Click Next.
5. Click VPN for virtual private access, or click Dial-up for dial-up access, depending on the role you want to assign to this server.
6. On the VPN Connection page, click the network interface that is connected to the Internet, and then click Next.
7. On the IP Address Assignment page, do one of the following:

--> If a DHCP server will be used to assign addresses to remote clients, click Automatically, and then click Next. Go to step 8.
--> To give remote clients addresses only from a pre-defined pool, click From a specified range of addresses.
         a) The wizard opens the Address Range Assignment page.
         b) Click New.
         c) In the Start IP address box, type the first IP address in the range of addresses that you want to use.
         d) In the End IP address box, type the last IP address in the range.
         e) Windows calculates the number of addresses automatically.

8. Click OK to return to the Address Range Assignment page.
9. Click Next.
10. Accept the default setting of No, use Routing and Remote Access to authenticate connection requests, and then click Next.
11. Click Finish to enable the Routing and Remote Access service and to configure the remote access server.

** Next you need to setup the users.  You can either use a RADIUS server or the Local or AD user list. **

--> You can use remote access policies to grant or deny authorization, based on criteria such as the time of day, day of the week, the user's membership in Windows Server 2003-based security groups, or the type of connection that is requested. If a remote access server is a member of a domain, you can configure these settings by using the user's domain account.  Go into AD and edit the user's Remote Access / Dial In rights (allow or disallow, etc).

--> If the server is a stand-alone server or a member of a workgroup, the user must have a local account on the remote access server.  Add users in the Users MMC.

** Finally, setup the client machines (the next steps really depend on the Operating System of the connecting client machine - these instructions are for XP but 2000 is similar) **

1. Click Start, click Control Panel, and then double-click Network Connections.
2. Under Network Tasks, click Create a new connection, and then click Next.
3. Click Connect to the network at my workplace to create the dial-up connection, and then click Next.
4. Click Virtual Private Network connection, and then click Next.
5. On the Connection Name page, type a descriptive name for this connection, and then click Next.
6. Do one of the following, and then click Next.

--> If the computer is permanently connected to the Internet, click Do not dial the initial connection.
--> If the computer connects to the Internet by way of an Internet service provider (ISP), click Automatically dial this initial connection, and then click the name of the connection to the ISP.

7. Type the IP address or the host name of the VPN server computer (for example, VPNServer.SampleDomain.com).
8. Do one of the following, and then click Next:

--> If you want to allow any user who logs on to the workstation to have access to this dial-up connection, click Anyone's use.
--> If you want this connection to be available only to the currently logged-on user, click My use only.

9. Click Finish to save the connection.

The instructions are long but following these steps should give you a working PPTP connection.  Let me know if there are any problems.
0
 

Author Comment

by:mohankodali
ID: 12146433
Hello  LimeSMJ,

Many thanks for your information, but still I need more help.

As I have got only one network card on my server and it has got 192.168.0.254 ip adress, and when i try to select --> Remote Access (Dial up or VPN) its giving the following warning:

"Less than two network interfaces were detected on this machine. For Standard VPN server configuration at least two network interfaces need to be installed. Please use custom configuation path instead."

So i have to use only custom method and select VPN accesss, but then i have done everything whatever you said, but still no joy.

And on the security tab--. you have got windows authentication i have got 3 options checked-->

1. EAP , 2. MS-CHAR V2  and 3 . MS-CHAP, I tried all options and one by one option, but still no luck.

Any advise or help on this would be much appreciated.

Many Thanks,
krishna.


0
 
LVL 7

Expert Comment

by:LimeSMJ
ID: 12147948
The only protocols that are used for non-certificate PPTP is MS-CHAP and MS-CHAP v2.  I would recommmend using only MS-CHAP v2 as it is the best out of the two.

As for setting up the VPN on a single NIC... Let me try to use my test Win 2003 server to see if I can get the VPN working on that using a single ethernet card.  I'll post results soon.
0
 
LVL 7

Expert Comment

by:LimeSMJ
ID: 12148066
Hmm... can you ping the server (at your home) from the machine you are using to connect the VPN to?  What firewall are you using by the way?
0
 

Author Comment

by:mohankodali
ID: 12156159
I cant ping to the server, as its behind firewall. Its netgear router which has got built in firewall.
0
 
LVL 7

Expert Comment

by:LimeSMJ
ID: 12156323
Is it possible for you to test the VPN connection behind the firewall?  This is to eliminate the possibility that your Netgear is causing the problem.
0
 

Author Comment

by:mohankodali
ID: 12157898
hi LimeSMJ,

Is there any specific confiration when using only one NIC card, or is it same??

Thanks,
Krishna.
0
 
LVL 7

Expert Comment

by:LimeSMJ
ID: 12165127
I just tried implementing a single NIC RRAS session with my lab environment: Win 2003 Server and a Win XP VPN client.

Everything seemed to work fine with PPTP (without any certificate).  I did not check to see if an outside connection could be established since I can't since this testing lab is not connected to the outside world (and can't due to security issues).

From what I can tell, a single NIC RRAS configuration does not need any additional configuration to connect.  Now, since your problem is the connection we need to isolate the problem to either the Netgear or Win 2003.  Can you tell me if you are getting any connection attempts in your RRAS log files?  Can you test to see if you can connect to the VPN server on the LAN behind the Netgear (putting a computer in the same network as the server)?
0
 
LVL 7

Expert Comment

by:LimeSMJ
ID: 12165147
Oh, I forgot to tell you how I setup this testing RRAS... On the Win 2003 server, I chose the Custom configuration and just checked the VPN box in the RRAS setup.  Nothing else.

On the client, I created a New Connection (VPN) and entered in all the naming information and put in the server's internal IP address.

I setup a local user on the Win 2003 server and gave the account Dial-In access.

Finally, on the client I just initiated the connection, entered in the username I setup and then I was connected via a PPTP VPN link.
0
 
LVL 7

Expert Comment

by:LimeSMJ
ID: 12165158
By the way, I used the server's internal address since I am not connected to the outside world.  In your case, if possible, try to test the connection (as I mentioned before) internally before trying from the outside - just to see if you configured the server correctly.  Once that is done, then try the server's external address... if that does not work (and the internal test did) then your firewall is to blame.
0
 

Author Comment

by:mohankodali
ID: 14964550
Comment from LimeSMJ
Date: 09/27/2004 03:55PM PDT -- if you use this it works fine. no issues. Thanks for the help.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 24000094
0

Featured Post

The Ideal Solution for Multi-Display Applications

Check out ATEN’s VS1912 12-Port DP Video Wall Media Player at InfoComm 2017. Kerri describes how easy it is to design creative video walls in asymmetric layouts and schedule detailed playlists ahead of time with its advanced scheduling feature.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question