Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Setup VPN on windows server 2003

Posted on 2006-06-20
11
Medium Priority
?
8,757 Views
Last Modified: 2013-11-21
Here is the setup

Client with WinXP  >>>> Static IP to D-Link DI-804HV VPN Router setup as DHCP server, firewall opened port 1723 >>>>> port 1723 forwarded to Windows 2003 server with 2 Nic cards

I setup a fake user in active directory and checked 'allow remote access' on his profile. I setup a folder that only it can access on the server.
On winxp laptop i create a new vpn connection, input the ip address, username and password, and it says connecting to XXX then 'Verifying Username and Pasword'. This is where it gets stuck.

Do i need anything else in the clients home? Do i have to somehow point the test users profile at a folder? (i did not do this as i do not know how. It does look like it is working, help!!?

Thanks for any help
0
Comment
Question by:Winston Smith
  • 2
  • 2
  • 2
  • +2
9 Comments
 
LVL 6

Expert Comment

by:dotENG
ID: 16947294
Did you follow the wizard in "Routing and Remote Access", if not, start-->run-->mmc-->CTRL+M-->ALT+D-->Routing And Remote Access-->Add Server-->Right Click Server Name-->Configure and Enable Routing and remote access.
From there it's self explanatory.
0
 
LVL 2

Expert Comment

by:119support
ID: 16947862
If you haven't created a remote users group, open Terminal Services Configuration and right click on RDP-Tcp choosing properties. Click the permissions tab and make sure the created user has access.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16948243
I assume the VPN end point is not the DI-804HV VPN router, but rather the Windows server. You can also configure the router to be the VPN server/endpoint. See:
http://support.dlink.com/faq/view.asp?prod_id=1439&question=DI-804HV%20/%20DI-808HV

However, to answer your question with your present set up you also need to enable PPTP pass-through" on the Tools / Misc page of the D-Link router. Have you enabled this?
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 7

Expert Comment

by:Kumar_Jayant123
ID: 16948455
Hi,

Check one Very important port and that is GRE 47.

Microsoft PPTP connection uses TCP 1723 and GRE 47 to create VPN. 1723 is used for the connection and GRE 47 for transferring the Password.

The best way to check whether it is open or not is Take a trace and filter it for GRE 47. see wether the traffic is passing through or not.

One of the tool you can use if RASDIAG. Cool tool to see what is happening over the network while making the PPTP connection

Hope this helps...

Kumar
0
 

Author Comment

by:Winston Smith
ID: 16981129
I have it set now so that the DI-804HV VPN router is the endpoint. Tired of the wiondows hassle. I created a ptpp tunnel on the rouiter and it will let me connect to it but now what? How do i look at the files on the server? I am a VPN newbie so my trhought was that it allows you to connect as if you were in the office. But all i can do is connect to the router.

Thanks for any help!!
0
 
LVL 2

Accepted Solution

by:
119support earned 672 total points
ID: 16981246
Once the tunnel is established it is, in theory, as if you are connected at the office. You can now TS into the server or open a network share with \\IP_Address.
0
 

Author Comment

by:Winston Smith
ID: 16981328
TS?
0
 
LVL 6

Assisted Solution

by:dotENG
dotENG earned 664 total points
ID: 16981960
Terminal Server - Remote Desktop Connection.
Run mstsc.exe /v:ip_address_of_server
0
 
LVL 78

Assisted Solution

by:Rob Williams
Rob Williams earned 664 total points
ID: 16982429
NetBIOS names  (computer names) are not broadcast over most VPN's.
You can resolve this in several ways:
1) Use the IP address (of the computer you are connecting to) when connecting to devices such as;   \\123.123.123.123\ShareName   or map a drive at a  command prompt using  
 Net  Use  U:  \\123.123.123.123\ShareName
2) An option is to use the LMHosts file which creates a table of IP's and computer names. LMHosts is located in the Windows directory under c:\Windows (or WINNT)\System32\Drivers\Etc\LMHosts.sam , instructions are included within the file. Any line starting with # is just a comment and is ignored. Open the file with Notepad and add entries for your computers as below;
192.168.0.101      CompName       #PRE
Hit enter when each line is complete (important), then save the file without a file extension. To be sure there is no extension ,when saving enclose in quotations like "LMHosts". Now when you try to connect to a computer name it should find it as it will search the LMHosts file for the record before connecting.
More details regarding LMHosts file:
http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/windows/2000/server/reskit/en-us/cnet/cnfd_lmh_QXQQ.asp
The drawback of the LMHosts file is you have to maintain a static list of computernames and IP addresses. Also if the remote end uses DHCP assigned IP's it is not a feasible option. Thus in order to be able to use computer names dynamically try to enable with some of the following options:
3) if you have a WINS server add that to the network cards configuration
4) also under the WINS configuration on the network adapter make sure NetBIOS over TCP/IP is selected
5) try adding the remote DNS server to your local DNS servers in your network card's TCP/IP configuration
6) verify your router does not have a "block NetBIOS broadcast" option enabled
7) test if you can connect with the full computer and domain name as  \\ComputerName.domain.local  If so, add the suffix DomainName.local to the DNS configuration of the virtual private adapter/connection [ right click virtual adapter | properties | TCP/IP properties | Advanced | DNS | "Append these DNS suffixes (in order)" | Add ]
0

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question