• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 180
  • Last Modified:

Anyone know of good online information for setting up VPN Access to SBS Server 2003.

Hi,

Does anyone know of any good online articles & troubleshooting information for setting up VPN access to Windows Small Business Server 2003.  Having a few difficulties setting up VPN access to Small Business Server 2003 using SMC Broadband Router/Firewall.  Thanks for any helpful information you may be able to provide.

Thanks,
Mike
0
mstep3
Asked:
mstep3
  • 7
  • 7
1 Solution
 
mstep3Author Commented:
Hi,

I've read through many of the articles and tried many of the suggestions but my configuration still does not seem to be working correct.  

I am running SBS 2003 with dual nic configuration and an SMC broadband modem/router/firewall for my internet connection.  I've got the router/firewall set up to forward incoming requests on port 1723 to the IP address of the External Nic on the SBS Server using port forwarding.  Is this the correct thing to do to get the request to the Server or should I be using something else?

Thanks,
Mike
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
That sounds correct, but you also need GRE Protocol 47 enabled on the router.  Generally this is called PPTP Passthrough.

Outside of that, see http://sbsurl.com/vpn for the visual how-to for running the Remote Access Configuration Wizard.

If you are still having problems, you need to specify the exact error message you're getting in order for us to understand what the problem is.

Jeff
TechSoEasy
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
mstep3Author Commented:
Hi,

Right now when I try to connect I am getting an

Error 691:  Access was denied because the username and/or password was invalid on the domain.

I started using Remote Web Workplace because I couldn't get VPN connection.

I am a little confused because I am not even sure on my firewall/router how to enable PPTP (GRE 47 Protocol).  The router is an SMC Comcast Business Broadband Router.  The only section I have that pertains to PPTP is a section under VPN that I can add users for PPTP/L2TP Connection.  Is there anything specific that I should look for to allow GRE or is this probably it.

I'm certain that the user I'm logging in with is correct and is under Mobile Users Group.  Thanks for the help.

Mike
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Well, even though you didn't provide the make/model of your router, that's not actually the problem here...

If you're getting Error 691, then most likely you ARE getting through to the SBS's VPN Authorization, but you might still have things misconfigured.  

Are you using the Small Business Connection Manager VPN Client (Downloaded from the RWW Main Menu)?

Or did you create the VPN Connection manually?  If you did that, then see these troubleshooting steps:
http://www.howtonetworking.com/casestudy/vpnerror691.htm

Jeff
TechSoEasy
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
FYI, VPN's are normally only used for laptops which are members of the domain.  
RWW is a better solution for those people who have desktop workstations in the office.

Jeff
TechSoEasy
0
 
mstep3Author Commented:
Hello,

Thanks for the links.  I did go through them and verify that I had the VPN connections set up properly.

I actually have tried setting up the VPN connection manually and also I have downloaded the Connection Manger using the RWW Main Page.  When I try to connect outisde my office from home they both give the same error 691:  'Access was denied because the username and/or password was invalid on the domain'.  I'm stumped on it right now, not sure what's wrong.

It's not really necessecary for me to be able to VPN, I guess I'm basically just wanting to make it work.  I am able to do everything I need to do using Remote Web Workplace.

Thanks for your help and suggestions.

Mike



0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
And what happens if you try to connect from INSIDE your office?

Also, what is the OS on the computer you are connecting from?  Is it a domain-joined laptop?  Or your home computer?

Jeff
TechSoEasy
0
 
mstep3Author Commented:
Hi,

It does authenticate and I can connect from within the network when I set up a VPN connection manually and it's using Windows XP Home.  I am not able to authenticate when I try to connect outside my network.  

I know I can't configure it on the domain cause it's XP Home, but if the laptop has not been added to the domain using the connect client computer wizard is it not possible to connect to my network through VPN connection?

Thanks,
Mike
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Are those two separate issues?  Or are you using this same laptop at home as well?

Jeff
TechSoEasy
0
 
mstep3Author Commented:
Yes, I am using the same laptop at home as well as at work.  I am able to set up a VPN connection and connect to the server at work but I can't get it to authenticate when I try to access from outside the network.  

Thanks,
Mike
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Please provide a COMPLETE ipconfig /all from your SBS.

Also, have you tested "outside the network" from various locations? or just from home?

Jeff
TechSoEasy
0
 
mstep3Author Commented:
Hello,

No, I haven't tried connecting from any other locations yet, only from home.  I do have a hardware firewall at home too so I don't know if that might be affecting it.  It does seem to try to authenticate though so I don't think anything is getting blocked.

Thanks,
Mike



Windows IP Configuration

   Host Name . . . . . . . . . . . . : scs-server
   Primary Dns Suffix  . . . . . . . : SCS.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : SCS.local

Ethernet adapter Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/100 S Server Adapter
   Physical Address. . . . . . . . . : 00-1B-21-00-CD-A5
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.1.10.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.1.10.1
   DNS Servers . . . . . . . . . . . : 192.168.10.2
   Primary WINS Server . . . . . . . : 192.168.10.2
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Server Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HP NC7760 Gigabit Server Adapter
   Physical Address. . . . . . . . . : 00-0B-CD-CF-DD-0E
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.10.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.10.2
   Primary WINS Server . . . . . . . : 192.168.10.2
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
"It does seem to try to authenticate though so I don't think anything is getting blocked."

What is the IP Subnet you use at home?  If it matches your Office IP Subnet, then that will cause a problem.  Also, PPTP Passthrough (GRE Protocol 47) must be enabled on the remote side as well.

One thing to note about your network settings... you need to remove the WINS server IP from your WAN NIC.  After doing that rerun the Configure Email and Internet Connection Wizard (CEICW).

Jeff
TechSoEasy
0
 
mstep3Author Commented:
Hello,

Thank you for your time and help.  We have decided to use RWW rather than setting up VPN connections.  It seems much more secure and has much more functionality than using VPN connection.  I appreciate all your help.

Mike
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 7
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now