Setting up a VPN Client to Connect to SBS 2003 Server

Toggle sidebar Toggle sidebar
B

blakeatwork

Diamond Member
Jul 18, 2001
4,113
1
81
One end:

Static IP
WRT54G (cheap, but only needs to support one or two VPN connections)
SBS Server 2003

Remote End:

Static IP
Windows XP Pro w/SP2
WRT54G

Cannot get the Remote client to be able to access the SBS Server, using the Connection Utility provided by Server2003. I can ping it, I can see it, but I keep getting error 800 (unavailable).

Any suggestions... I'm at wits end... I had a Linksys WRT200 VPN router in prior, but the Linksys client would not pass the connection, and kept hanging, thus being back to the WRT54G

**EDIT** CLient budget also tapped for the remainder of the year, otherwise I would ahve just used a couple PIX's..
 
RebateMonger

RebateMonger

Elite Member
Dec 24, 2005
11,586
0
0
Error 800 isn't a GRE error. 800 means you aren't connecting at all. Lack of GRE passthrough typically generates a 721 error in a PPTP connection.

Did you turn on the VPN function in SBS( there's a separate Wizard for it). And did you open up SBS's firewall for VPN?

If you want a quick test, see if you can connect via VPN from the Internet-facing NIC (assuming that you are using dual NICs in SBS). If the VPN client connects, then your problem is in the router. If it doesn't connect, then you don't have SBS configured properly.

Assuming you are using dual NICs and have the SBS Firewall enabled, you can also remove the router completely and do a direct connection to the Internet. If the VPN starts working, it's the router.
 
S

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
I'm thinking you may not be able to do it unless you set the SBS to be a DMZ host.

I don't know much about MS vpn, but it sounds like it's just using GRE for the tunnel. As mentioned above GRE is a layer3 protocol, there is no port number because there isn't any layer4 at all...no tcp or udp. It's IP protocol 47.

So the linksys will have to forward ip protocol 47 to the server.
 
N

netsysadmin

Senior member
Feb 17, 2002
458
0
0
From what I have seen with the Linksys devices is they do OK with VPN. Just make sure the VPN pass through feature on both ends is set on.

John
 
RebateMonger

RebateMonger

Elite Member
Dec 24, 2005
11,586
0
0
Server 2003 can host either PPTP or L2TP VPN connections. I've used both. I work daily with an ongoing VPN connection to my primary SBS Server. Right now, the connection has been up for six days (when I last rebooted).

Setting up either VPN with SBS is pretty easy. It takes a couple of mouse clicks. If you use L2TP, of course, you have to create a CA and install its root certificate on the client PCs.

SBS's wizards will take over the RRAS srvices and make the proper settings for a functional VPN. SBS may also offer to use UPnP to set up the inbound router, but I don't believe that Linksys offers that "feature".

The biggest problem is always any router that's in front of the SBS Server. It's pretty common to have problems with VPN passthrough on home-grade routers. That Linksys SHOULD work, but all of the major low-end router makers are known to routinely break their VPN passthrough ability and then fix it with the next firmware release.

Steps to configure SBS for a PPTP VPN (and assuming that you aren't running ISA Server):
1) Make sure that any Users who need VPN access are members of the SBS Mobile Users Security Group
2) Configure the front-end router (if you have one) to forward TCP Port 1723 to the Internet NIC IP address of your SBS Server
3) Configure the front-end router to pass-though Protocol 47 (GRE).
4) Run SBS's "Connect to the Internet" Wizard and anywhere it asks about "VPN", check the necessary box"
5) Run SBS's "Configure Remote Access" Wizard. This will configure the VPN itself.
6) Done.
 
B

blakeatwork

Diamond Member
Jul 18, 2001
4,113
1
81
Thanks for alll the responses guys, it's much appreciated...

RebateMonger:

I've gone through the processes you outlined, in the initial install of the Server, as VPN was a requirement from the get-go..

I've also ensured that the Linksys router is set to pass-through VPN connections, for PPTP, L2TP and IPSec..

thinking back now, i might have port 1723 set to the incorrect port... I'll have to check it tomorrow ehn I'm back at the clients to pick up a machine.. As for forwarding IP/47, there's no indication as to how to forward it as the unit is very limited in it's forwarding scope. I know I can forward IP/47 through RRAS, but then I would have to set all connection rules, which didn't work prior..

Anyways, I will check that I am forwarding to the correct port... will update tomorrow..

thanks again guys.
 
4

440sixpack

Senior member
May 30, 2000
790
0
76
A quicky suggestion, I was getting the same error when I first tried to use the VPN shortcut - solved it by turning off ZoneAlarm on my laptop.
 
RebateMonger

RebateMonger

Elite Member
Dec 24, 2005
11,586
0
0
Originally posted by: 440sixpack
A quicky suggestion, I was getting the same error when I first tried to use the VPN shortcut - solved it by turning off ZoneAlarm on my laptop.
Click to expand...
3rd-party firewalls, like ZoneAlarm and McAfee, can be very troublesome on client PCs. I've had clients kill their VPN connections because they installed the McAfee Security Suite on their own and then cry that they can't VPN anymore.
 
B

blakeatwork

Diamond Member
Jul 18, 2001
4,113
1
81
Well, it seems to work now.

After a frustrating week of nothing, I RDP'd into a system to check some printer settings, and tried the Connection util on a lark.

Lo and behold, access!

Now, just have to make sure mapped paths are working correctly. It should pick up the login scripts for the user no?
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom