John M
asked on
VPN Alternative
Here is my problem! I have set up a VPN many times in SBS 2003. This client is using a Linksys BEFSX41 Router, and when I try to connect with the VPN client. I can't connect, but when I look at the Event logs, on the Server, I get Event code 20209. Which also says this Router might not accept GRC packets. Has anybody worked with this router before? or do you know of a easy free VPN client that I can use. I cannot use Hamachi, it does not give access to the local network address scheme.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Are you trying to establish a vpn from an external client to the Linksys router or are you trying to pass through the router and connect a VPN to the SBS server?
ASKER
Not the Router,just a Server VPN connection.
have you done this step yet on the router?
To allow PPTP traffic, configure the network firewall to open TCP port 1723 and to forward IP protocol 47 for Generic Routing Encapsulation (GRE) traffic to the VPN server. Some firewalls refer to IP protocol 47 as VPN or PPTP pass-through.
To allow PPTP traffic, configure the network firewall to open TCP port 1723 and to forward IP protocol 47 for Generic Routing Encapsulation (GRE) traffic to the VPN server. Some firewalls refer to IP protocol 47 as VPN or PPTP pass-through.
ASKER
I do not see an option for protocol 47 (GRE) in the Linksys BEFSX41 Router. All I see is port forwarding and the Linksys VPN setup option. Here is a snapshot.
Link.bmp
Link.bmp
ASKER
Here is the Pass Through.
Link2.bmp
Link2.bmp
I'm a bit confused.
Is that you have an SBS server behind the linksys firewall and you have external clients connecting a client vpn to the SBS box
or
Is this linksys router remote and you are connecting a site to site to the SBS box?
Is that you have an SBS server behind the linksys firewall and you have external clients connecting a client vpn to the SBS box
or
Is this linksys router remote and you are connecting a site to site to the SBS box?
Yes, please clarify the network topology. Is the router on the remote network or on the server network? Are you using a server with 2 nics and also using the server as firewall/ICA?
As a start, please ensure you are running the most recent firmware on the linksys router.
I am assuming that you are using RRAS on SBS 2003 and that you are using the built-in PPTP based VPN client on the remote PC.
If the linksys router is at the remote network, this configuration should be correct to allow PPTP to pass through the router to the destination gateway.
If the linksys router is at the server network, and the server is using a single nic (you do not have ICA configured on the server), then you need to use port forwarding rules forward TCP port 1723 to the internal server IP as well as GRE (IP protocol 47).
In either case, I would not try to use the router's VPN tunnel configuration - that is meant for connection to another firewall directly to establish a site-to-site VPN where all the PC's at onle location can connect to all network resources at another location. If this is what you want to accomplish, then I would recommend you use firewall/router equipment from the same manufacturer at each location to configure the tunnel between them rather than try to get them to talk to the SBS directly.
If you are using this linksys router at the server network, be aware that consumer level router/firewall products such as this one often have problems supporting simultaneous VPN tunnel passthrough - the second connection can kick disconnect the first one or simply fail to connect - and may require frequent power-cycles to resolve connection issues.
Personally, I prefer to use separate hardware firewalls that support VPN client termination to the firewall rather than pass through to the server Watchguard and Sonicwall both have low-end models that do this quite well. Netgear's prosafe line supports it also, but you have to license the client software separately. All of them support forwarding of multiple pptp and IPSec VPN tunnels to the server as well. I also never use ICA and it is worth noting that MS abandoned it on 2008 SBS in favor of separate hardware firewalls.
As a start, please ensure you are running the most recent firmware on the linksys router.
I am assuming that you are using RRAS on SBS 2003 and that you are using the built-in PPTP based VPN client on the remote PC.
If the linksys router is at the remote network, this configuration should be correct to allow PPTP to pass through the router to the destination gateway.
If the linksys router is at the server network, and the server is using a single nic (you do not have ICA configured on the server), then you need to use port forwarding rules forward TCP port 1723 to the internal server IP as well as GRE (IP protocol 47).
In either case, I would not try to use the router's VPN tunnel configuration - that is meant for connection to another firewall directly to establish a site-to-site VPN where all the PC's at onle location can connect to all network resources at another location. If this is what you want to accomplish, then I would recommend you use firewall/router equipment from the same manufacturer at each location to configure the tunnel between them rather than try to get them to talk to the SBS directly.
If you are using this linksys router at the server network, be aware that consumer level router/firewall products such as this one often have problems supporting simultaneous VPN tunnel passthrough - the second connection can kick disconnect the first one or simply fail to connect - and may require frequent power-cycles to resolve connection issues.
Personally, I prefer to use separate hardware firewalls that support VPN client termination to the firewall rather than pass through to the server Watchguard and Sonicwall both have low-end models that do this quite well. Netgear's prosafe line supports it also, but you have to license the client software separately. All of them support forwarding of multiple pptp and IPSec VPN tunnels to the server as well. I also never use ICA and it is worth noting that MS abandoned it on 2008 SBS in favor of separate hardware firewalls.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Guys,
Sorry for the confusion. I am not using the VPN on the Linksys router. I was just trying to show that there is no place to put GRE 47 and that PPTP is enabled.
suppsaws, is right about the firmware update, but this client is not local. I cant do a firmware upgrade and possibly shutting down the router.
Microsoft came in remotely and said everything is setup correctly. It is a Firewall issue.
Sorry for the confusion. I am not using the VPN on the Linksys router. I was just trying to show that there is no place to put GRE 47 and that PPTP is enabled.
suppsaws, is right about the firmware update, but this client is not local. I cant do a firmware upgrade and possibly shutting down the router.
Microsoft came in remotely and said everything is setup correctly. It is a Firewall issue.
yes well, you have the SBS server to act as a VPN server, but also the linksys router...
There are many others, but I don't think you need choice's magazines pick of the month either...
Why not focus on the linksys solution, then remote desktop to the SBS server which will allow you to connect to any workstation from it (SBS feature).
That way you don't need RAS access on the server..
There are many others, but I don't think you need choice's magazines pick of the month either...
Why not focus on the linksys solution, then remote desktop to the SBS server which will allow you to connect to any workstation from it (SBS feature).
That way you don't need RAS access on the server..
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Are there any others?