Problem with VPN Connections to SBS 2003 Server
Posted on 2007-10-20
We are having a problem with VPN connections to our SBS 2003 server.
We have a small office network with (1) SBS 2003 Server and (4) Windows 98SE workstations. We also have a remote office with (1) Windows 98SE workstation. All (5) of our Windows 98SE workstations have been updated with IE 6.0 and Active Directory Services Client setups, and all are fully functional with our SBS 2003 server. Our remote office workstation also has DUNS 1.4 and Microsoft L2TP/IPSec installed (to allow for a L2TP/IPSec VPN connection on a Windows 98SE workstation).
Our SBS server (named SERVER), has (2) NIC's. NIC #1 is used for our LAN, with an IP address of 192.168.16.2. NIC #2 is used for connection to our 3-Com Office-Connect Secure Router (for connection to our ISP), with an IP address of 192.168.15.3. Our 3-Com Office-Connect Secure Router has an IP address of 192.168.15.4. Our router has a fulltime broadband connection to the internet, via (1) static IP address from our ISP of 126.96.36.199. Our domain name is grecoelectric.com (with our simple 1-page website hosted by our ISP).
Our remote office Windows 98SE workstation (named REMOTE), has (1) NIC, with an IP address of 192.168.14.35, connected to our remote office 3-Com router (with the router IP address of 192.168.14.31). Our remote office router has a fulltime broadband connection to the internet, via a dynamic IP address from our ISP.
We have configured Remote Access and Routing on our SBS 2003 server exactly in accordance with each step indicated the "Microsoft Administrator's Companion for Windows Small Business Server 2003" (including triple-checking each step). We have also followed and triple-checked each step for configuring a L2TP/IPSec VPN connection on the server. We have opted to use a Pre-Shared Key for authentication (initially using a very simple 9-character key until after the VPN connection has been set up and confirmed). We have confirmed (5) PPTP WAN Miniports and (5) L2TP WAN Miniports in the Remote Access and Routing console (all listed with a status of "Listening"). We have opened all indicated ports in the SBS Basic Firewall (VPN Gateway (PPTP) - Port 1723; VPN Gateway (L2TP) - Port 1701; IP Security (IKE) - Port 500; IP Security (IKE NAT Traversal) - Port 4500; IPSec (ESP) - Port 50). We have also configured VPN pass-through on the 3-Com Office-Connect Secure Router for each of the listed ports.
We have created (2) DUN connections on the remote office workstation (connection #1 for the PPTP VPN adapter, and connection #2 for the L2TP VPN adapter). Our ISP tech support department has advised us to enter our static IP address for the host address for each VPN connection (188.8.131.52). We have also configured L2TP/IPSec on our remote office workstation for using a Pre-Shared Key for authentication (triple-checking the above-noted simple 9-character key). We have also confirmed 128-bit encryption capability on our remote office workstation (allowed with DUNS 1.4). We have also configured VPN pass-through on our remote office 3-Com router for each of the above-listed ports.
As you can see, we have tried to be extremely meticulous in regards to setting up a textbook VPN connection. Unfortunately, we have not been able to connect via either of the (2) listed VPN connections (either via PPTP or via L2TP). For the PPTP connection, we continually receive "Error 678" after approx. (10) seconds. For the L2TP connection, we continually receive "Error 629" after approx. (30) seconds. For your reference, we are able to ping our main office static IP address (184.108.40.206), from our remote office workstation (by "temporarily" enabling ping from the internet, on our main office 3-Com Office-Connect Secure Router).
As much as we have triple-checked each step of the VPN setup, we are uncertain of our ISP advisement to use our static IP address for the host address for each VPN connection (220.127.116.11). They have assured us that no other links or "A Records" need to be set up to establish the VPN connection. Most Microsoft documentation only references entering "the address of the server network adapter used to connect to the internet", for the host address for the remote client VPN connection (with no clarification in regards to using the "public" or "private" address). We were wondering if the ISP is supposed to create/register a reference to the "private" address of our NIC #2 (versus us using our "public" static IP address). At this point we are desperate, and would gladly welcome any suggestions in regards to resolving our VPN connection problem.