Link to home
Start Free TrialLog in
Avatar of Winfix1
Winfix1

asked on

SBS 2011 VPN connectivity problem

Hi

Have just setup SBS 2011 and enabled the VPN functionality.

Here is my setup. The server currently sits behind a firewall (Vigor 2830) on my LAN. My LAN ip's 192.168.1.x with the interface to the firewall at 192.168.1.87. The SBS 2011 sits behind the firewall at 192.168.12.4 with its gateway being the firewall at 192.168.12.3. The SBS connects to the internet fine, RWW works fine etc, exchange works fine. Port 1723 is open on the firewall.

The VPN however will not connect. If I create a new VPN connection from my PC pointing at 192.168.1.87 with a username and password of a user on the SBS 2011, I get verifying username and password then Connecting to 192.168.1.87 using WAN Miniport SSTP, then its asks to Reenter the username and password again saying the orginal was not correct... but it was I have used several usernames and password and reset them... they are definitely correct. The users are enabled for VPN connection too. The SBS DHCP seems to be issuing an address as well.

How can I troubleshoot this? I Cant find any sensible logs? Is this because my PC is on 192.168.1.x subnet the same as the untrusted interface to the firewall?

Thanks
Avatar of Rob Williams
Rob Williams
Flag of Canada image

You have a dual NAT situation where you have:
Internet <=> device <=> subnet 192.168.1.x <=> device <=> subnet 192.168.12.x
The VPN will not work in this way. The device closest to the Internet will need to be put in Bridge mode, effectivly  disabling its NAT feature and allowing the inter device to have a public IP.

Your exact hard war config is not clear to  mea s to what the two deevices are but usualy the outer is a combined modem/router , which needs to be bridged..

SBS must have only 1 NIC enabled as well.
Avatar of Winfix1
Winfix1

ASKER

Thanks

Now I have connected the SBS 2011 server directly to the internet (through a  firewall of course, Vigor 2830) so there is only one firewall/router. I then checked from a remote site that I could connect to RWW, Exchange etc. All is fine. Still when I create a VPN I get exactly the same problem as above.

The server does have 2 NICs but one is disabled and ports 1723 etc are open.

Any more ideas?
ASKER CERTIFIED SOLUTION
Avatar of Rob Williams
Rob Williams
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Winfix1

ASKER

Thanks RobWill

I didnt think to try to setup a VPN connection on the server itself to itself. This worked fine.

Your comment about GRE being blocked led me to check whether the Vigor 2830 allows VPN passthrough... in default mode it does not! So I followed the instructions on http://www.draytek.co.uk/support/kb_vigor_passthrough.html and just unticked the Enable PPTP VPN Service. Saved the settings on the firewall and it all works fine.

Thanks again.
Avatar of Winfix1

ASKER

Excellent thanks RobWill.
Great, glad to hear.  Thanks Winfix1
Cheers!
--Rob