Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Windows 2003 SBS Server VPN Server

Windows 2003 SBS Server VPN Server 11 years 1 month ago #10965

  • Bublitz
  • Bublitz's Avatar
  • Offline
  • Senior Member
  • Posts: 301
  • Thank you received: 3
  • Karma: 2
At home I have a windows 2003 standard edition running VPN server PPTP. It works great I have to problems.

Installed a windows 2003 SBS server for a customer and tried to install a VPN server for them also.

With the same VERY basic setup.

I have port tcp 1732 and 47 allowed in my firewall.

I have run etherreal on the server and have seen the PPTP protocal packets hitting the server.

WHat happens is when you click connect you get to the username and password stage. Its hangs there and does nothing and you get error 721 "The remote computer did not respond".

Ive messed with it for hours I cannot get it working. The firewall they are using is PIX 506e but i have the correct ports forwarded tested by my etherreal capture.
The Bublitz
Systems Admin
Hospice of the Red River Valley
The administrator has disabled public write access.

Re: Windows 2003 SBS Server VPN Server 11 years 1 month ago #10966

  • jhun
  • jhun's Avatar
  • Offline
  • Senior Member
  • Posts: 356
  • Karma: 0
hi bublitz,

i don't know if this would help but you may want to check it out.

this is a post taken from experts-exchange.org
You should check the option on the client's VPN connectoid to "Use gateway on remote network". This should route all traffic to your network.

If you are connected to your ISP full time, then log out and when you log back in, select the checkbox for Logon using Dial Up Networking - here you will select the VPN connectoid to *dial-in* using your domain credentials.

If you are not connected full time and require making the connection to the ISP first, then you need to tweak the registry to keep your connection alive while you're logged off (part of the step above).

This article explains this procedure:

support.microsoft.com/default.aspx?scid=kb;en-us;176575

check that name resolution, too.

Connect the VPN, then:

In a DOS window, ping the server by address, then by NetBIOS name, then FQDN (i.e. server.domain.local).

If the ping by address works, but the name lookups fail, check your name services that RRAS is handing out. (IPCONFIG /ALL in DOS, check the DNS/WINS servers)

hope this would help....
The administrator has disabled public write access.

Re: Windows 2003 SBS Server VPN Server 11 years 1 month ago #10979

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Posts: 1302
  • Karma: 1
Bublitz, I note you specified port 1732 for PPTP in your post. It should be 1723, but I guess it was probably just a typo in your post and not your actual configuration. I think your problem is to do with GRE. The number 47 normally associated with GRE is not a port number, but a protocol number. I've had the same problem myself.

You will need to set up a ACL for the GRE protocol on the PIX. I've never used a PIX before so I got the following config from the CISCO website:

[code:1]access-list acl-out permit gre host 209.165.201.25 host 209.165.201.5
access-list acl-out permit tcp host 209.165.201.25 host 209.165.201.5 eq 1723
static (inside,outside) 209.165.201.5 10.48.66.106 netmask 255.255.255.255 0 0
access-group acl-out in interface outside
[/code:1]

209.165.201.25 is the public IP of the client
209.165.201.5 is the public IP of the PIX external interface
10.48.66.106 is the private address of the VPN server.
The administrator has disabled public write access.

Re: Windows 2003 SBS Server VPN Server 11 years 1 month ago #10993

  • Bublitz
  • Bublitz's Avatar
  • Offline
  • Senior Member
  • Posts: 301
  • Thank you received: 3
  • Karma: 2
OAH OK. I was reading aticles about GRE and I was getting mad because the weren't specifying UDP TCP ect. There is NO outbound restriction at all right now on the lan so an ACL OUT probably will not help the problem. DO you have to permit GRE in or does it only go out?
The Bublitz
Systems Admin
Hospice of the Red River Valley
The administrator has disabled public write access.

Re: Windows 2003 SBS Server VPN Server 11 years 1 month ago #11002

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Posts: 1302
  • Karma: 1
You have to permit GRE in. This is because the client will try to come back in via GRE after the VPN server transmits the first GRE packets.
The administrator has disabled public write access.

Re: Windows 2003 SBS Server VPN Server 11 years 1 month ago #11009

  • Bublitz
  • Bublitz's Avatar
  • Offline
  • Senior Member
  • Posts: 301
  • Thank you received: 3
  • Karma: 2
Sweet I am going to try this now. Thanks for your help
The Bublitz
Systems Admin
Hospice of the Red River Valley
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.084 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup