VPN setup

pts.
Tags:
TCP
TCP/IP
VPN
VPN configuration
i have a planet vpn router/firewall already configured to allow pptp protocol on port 1723, no polocies-pass thru mode. on my windows server 2003(small business pack) i have enabled two ports for pptp on routing and remote configurations. and also a mobile account for my remote user. vpn from outside reaches "verifying user and password". can someone tell me what happenning or whats left to be configured... thanks in advance. wans

Answer Wiki

Thanks. We'll let you know when a new response is added.

Currently the Small Business Server wants to do RRAS authentication of the user before completing the VPN tunnel. Have you configure RRAS fully? Mobile users are allowed remote access by account and RRAS policies? What authentication methods are set in RRAS? When you say you opened port 1723 what do you mean — port forwarding?

My bet is on mobile user IPs. How are you doing that in a way that is compatible with your internal network firewalls and filters?

Alternatively consider.

Since you have a VPN firewall you should use your Small Business Server simply for RRAS services to approve logon (allowed remote access on account). Point the firewall to the SBS machines for RRAS services. Configure RRAS and user account for allowing Remote Access.

To complete VPN tunnels you might need to set certificates or shared secrets on the firewall to pair with mobile users — capabilities vary with firewall. Certificates are superior but distribution mechanics vary. Ultimately mobile need access to certificates generated for the firewall and firewall need access to certificates for mobile users.

This will end the VPN tunnel at the firewall. The firewall will decrypt and route IP whereever it needs to go in your network. Those users will be able to communciate anywhere in your network AD allows them without passing through and taxing your SBS machine.

If you want to across a firewall L2TP is supposed to be easier to get to work especially is any NAT is in play.

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Mortree
    Currently the Small Business Server wants to do RRAS authentication of the user before completing the VPN tunnel. Have you configure RRAS fully? Mobile users are allowed remote access by account and RRAS policies? What authentication methods are set in RRAS? When you say you opened port 1723 what do you mean -- port forwarding? My bet is on mobile user IPs. How are you doing that in a way that is compatible with your internal network firewalls and filters? Alternatively consider. Since you have a VPN firewall you should use your Small Business Server simply for RRAS services to approve logon (allowed remote access on account). Point the firewall to the SBS machines for RRAS services. Configure RRAS and user account for allowing Remote Access. To complete VPN tunnels you might need to set certificates or shared secrets on the firewall to pair with mobile users -- capabilities vary with firewall. Certificates are superior but distribution mechanics vary. Ultimately mobile need access to certificates generated for the firewall and firewall need access to certificates for mobile users. This will end the VPN tunnel at the firewall. The firewall will decrypt and route IP whereever it needs to go in your network. Those users will be able to communciate anywhere in your network AD allows them without passing through and taxing your SBS machine. If you want to across a firewall L2TP is supposed to be easier to get to work especially is any NAT is in play.
    0 pointsBadges:
    report
  • Astronomer
    Have you opened GRE, (protocol 47)? This is required for PPTP to get through the firewall. For debugging purposes can you set up a client without going through the firewall? I use our DMZ just outside of the VPN server for testing. This is sometimes very helpful to narrow down the possible causes. rt
    15 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following