| Author |
Message |
Andy Desborough
Guest
|
 Posted:
Fri Nov 11, 2005 9:50 pm Post subject:
A little help with VPN > SBS2000 server running ISA please |
|
|
I am trying to get a VPN connection into a clients SBS2000 server. The server
has 1 NIC and connects to the internet via a Netgear DG834 router which I
have added VPN PPTP forward to the server IP Address. In the router log file
I can see my IP address and the VPN-PPTP match and the server IP so I seem to
be getting through the router fine.
The server is running ISA2000 in cached mode for what seems just web proxy.
I have tried enabled remote routing and access and set it up as a remote
access server to no avail.
When I try connecting from the remote client it seems to connect, says
Verifying Username and Password then after about 30 seconds:
"Disconnected.
Error 806: A connection between your computer and the VPN server has been
established, but the VPN connection cannot be completed. The most common
cause for this is that at least one Internet device (for example, a firewall
or a router) between your computer and the VPN server is not configured to
allow Generic Routing Encapsulation (GRE) protocol packets. Verify that
protocol 47 (GRE) is allowed on all personal firewall devices or routers. If
the problem persists, contact your network administrator or Internet Service
Provider (ISP) to determine which devices might be blocking these packets."
As I can VPN fine into my work server I'm ruling out its my client end and
something remote. I'm at the point of unistalling ISA on the server to see if
that helps but as the client cant recall where he put his cd's, reinstalling
ISA if it makes no difference could be a problem. I've read that the
firewall/integrated mode has VPN but is that definitely the reason why I'm
having these problems? Is it possible to have VPN on a server with this
configuration? If I can be sure ISA is causing these problems I may just
remove it altogether for now!
Thanks in advance. |
|
| Back to top |
|
 |
Dave Nickason [SBS MVP]
Guest
|
| Posted:
Sat Nov 12, 2005 1:50 am Post subject:
Re: A little help with VPN > SBS2000 server running ISA plea |
|
|
ISA can't be providing any firewalling in the single-NIC configuration, so
my guess is that the error message is right. Have you checked the Netgear's
settings to enable GRE Protocol 47? It might be called by a different
similar name, or PPTP Pass-through.
Even if it's not GRE, it's not ISA - AFAIK there's no way ISA can be
involved in controlling connections in a single-NIC system. BTW, while
you're working on this, why not toss another NIC in the box and set it up
right?
"Andy Desborough" <AndyDesborough@discussions.microsoft.com> wrote in
message news:C125A28C-6C94-4094-80DA-D1B79D927527@microsoft.com...
| Quote: | I am trying to get a VPN connection into a clients SBS2000 server. The
server
has 1 NIC and connects to the internet via a Netgear DG834 router which I
have added VPN PPTP forward to the server IP Address. In the router log
file
I can see my IP address and the VPN-PPTP match and the server IP so I seem
to
be getting through the router fine.
The server is running ISA2000 in cached mode for what seems just web
proxy.
I have tried enabled remote routing and access and set it up as a remote
access server to no avail.
When I try connecting from the remote client it seems to connect, says
Verifying Username and Password then after about 30 seconds:
"Disconnected.
Error 806: A connection between your computer and the VPN server has been
established, but the VPN connection cannot be completed. The most common
cause for this is that at least one Internet device (for example, a
firewall
or a router) between your computer and the VPN server is not configured to
allow Generic Routing Encapsulation (GRE) protocol packets. Verify that
protocol 47 (GRE) is allowed on all personal firewall devices or routers.
If
the problem persists, contact your network administrator or Internet
Service
Provider (ISP) to determine which devices might be blocking these
packets."
As I can VPN fine into my work server I'm ruling out its my client end and
something remote. I'm at the point of unistalling ISA on the server to see
if
that helps but as the client cant recall where he put his cd's,
reinstalling
ISA if it makes no difference could be a problem. I've read that the
firewall/integrated mode has VPN but is that definitely the reason why I'm
having these problems? Is it possible to have VPN on a server with this
configuration? If I can be sure ISA is causing these problems I may just
remove it altogether for now!
Thanks in advance. |
|
|
| Back to top |
|
|
Andy Desborough
Guest
|
| Posted:
Sat Nov 12, 2005 1:50 am Post subject:
Re: A little help with VPN > SBS2000 server running ISA plea |
|
|
Thanks for the reply, Dave.
I am able to VPN into my work through a DG834 router with no changes other
than the 1723/VPN PPTP forwarding so I'm wondering if it's the switch between
the adsl router and server that isn't allowing GRE... Slim chance but I'm out
of ideas now.
I too would personally use 2 NIC's in this config but as I've just taken
over support for the client I'll try and crack this nut then work on doing
that :)
I can't find anything at all in the router config about GRE, you can add
services from a list but the choices are just TCP/UDP.
Just to confirm; there's no reason why I shouldn't be able to run VPN into
the server running ISA cache mode via the Remote routing and access method is
what you're saying?
Thanks again for ruling ISA out in this case, 1 less headache to think about.
Andy
"Dave Nickason [SBS MVP]" wrote
| Quote: | ISA can't be providing any firewalling in the single-NIC configuration, so
my guess is that the error message is right. Have you checked the Netgear's
settings to enable GRE Protocol 47? It might be called by a different
similar name, or PPTP Pass-through.
Even if it's not GRE, it's not ISA - AFAIK there's no way ISA can be
involved in controlling connections in a single-NIC system. BTW, while
you're working on this, why not toss another NIC in the box and set it up
right?
"Andy Desborough" <AndyDesborough@discussions.microsoft.com> wrote in
message news:C125A28C-6C94-4094-80DA-D1B79D927527@microsoft.com...
I am trying to get a VPN connection into a clients SBS2000 server. The
server
has 1 NIC and connects to the internet via a Netgear DG834 router which I
have added VPN PPTP forward to the server IP Address. In the router log
file
I can see my IP address and the VPN-PPTP match and the server IP so I seem
to
be getting through the router fine.
The server is running ISA2000 in cached mode for what seems just web
proxy.
I have tried enabled remote routing and access and set it up as a remote
access server to no avail.
When I try connecting from the remote client it seems to connect, says
Verifying Username and Password then after about 30 seconds:
"Disconnected.
Error 806: A connection between your computer and the VPN server has been
established, but the VPN connection cannot be completed. The most common
cause for this is that at least one Internet device (for example, a
firewall
or a router) between your computer and the VPN server is not configured to
allow Generic Routing Encapsulation (GRE) protocol packets. Verify that
protocol 47 (GRE) is allowed on all personal firewall devices or routers.
If
the problem persists, contact your network administrator or Internet
Service
Provider (ISP) to determine which devices might be blocking these
packets."
As I can VPN fine into my work server I'm ruling out its my client end and
something remote. I'm at the point of unistalling ISA on the server to see
if
that helps but as the client cant recall where he put his cd's,
reinstalling
ISA if it makes no difference could be a problem. I've read that the
firewall/integrated mode has VPN but is that definitely the reason why I'm
having these problems? Is it possible to have VPN on a server with this
configuration? If I can be sure ISA is causing these problems I may just
remove it altogether for now!
Thanks in advance.
|
|
|
| Back to top |
|
|
Merv Porter [SBS-MVP]
Guest
|
| Posted:
Sat Nov 12, 2005 1:50 am Post subject:
Re: A little help with VPN > SBS2000 server running ISA plea |
|
|
Upgrade to latest firmware on the DG834?
http://www.torfaen-fighttheplan.org.uk/about10727-dg834g-pptp-gre-problem-solved-with.html
NETGEAR Download Page
http://kbserver.netgear.com/downloads_support.asp
--
Merv Porter [SBS MVP]
===================================
"Andy Desborough" <AndyDesborough@discussions.microsoft.com> wrote in
message news:35FA301E-8192-4D4E-B68C-E76F5220BC11@microsoft.com...
| Quote: | Thanks for the reply, Dave.
I am able to VPN into my work through a DG834 router with no changes other
than the 1723/VPN PPTP forwarding so I'm wondering if it's the switch
between
the adsl router and server that isn't allowing GRE... Slim chance but I'm
out
of ideas now.
I too would personally use 2 NIC's in this config but as I've just taken
over support for the client I'll try and crack this nut then work on doing
that :)
I can't find anything at all in the router config about GRE, you can add
services from a list but the choices are just TCP/UDP.
Just to confirm; there's no reason why I shouldn't be able to run VPN into
the server running ISA cache mode via the Remote routing and access method
is
what you're saying?
Thanks again for ruling ISA out in this case, 1 less headache to think
about.
Andy
"Dave Nickason [SBS MVP]" wrote
ISA can't be providing any firewalling in the single-NIC configuration,
so
my guess is that the error message is right. Have you checked the
Netgear's
settings to enable GRE Protocol 47? It might be called by a different
similar name, or PPTP Pass-through.
Even if it's not GRE, it's not ISA - AFAIK there's no way ISA can be
involved in controlling connections in a single-NIC system. BTW, while
you're working on this, why not toss another NIC in the box and set it up
right?
"Andy Desborough" <AndyDesborough@discussions.microsoft.com> wrote in
message news:C125A28C-6C94-4094-80DA-D1B79D927527@microsoft.com...
I am trying to get a VPN connection into a clients SBS2000 server. The
server
has 1 NIC and connects to the internet via a Netgear DG834 router which
I
have added VPN PPTP forward to the server IP Address. In the router log
file
I can see my IP address and the VPN-PPTP match and the server IP so I
seem
to
be getting through the router fine.
The server is running ISA2000 in cached mode for what seems just web
proxy.
I have tried enabled remote routing and access and set it up as a
remote
access server to no avail.
When I try connecting from the remote client it seems to connect, says
Verifying Username and Password then after about 30 seconds:
"Disconnected.
Error 806: A connection between your computer and the VPN server has
been
established, but the VPN connection cannot be completed. The most
common
cause for this is that at least one Internet device (for example, a
firewall
or a router) between your computer and the VPN server is not configured
to
allow Generic Routing Encapsulation (GRE) protocol packets. Verify that
protocol 47 (GRE) is allowed on all personal firewall devices or
routers.
If
the problem persists, contact your network administrator or Internet
Service
Provider (ISP) to determine which devices might be blocking these
packets."
As I can VPN fine into my work server I'm ruling out its my client end
and
something remote. I'm at the point of unistalling ISA on the server to
see
if
that helps but as the client cant recall where he put his cd's,
reinstalling
ISA if it makes no difference could be a problem. I've read that the
firewall/integrated mode has VPN but is that definitely the reason why
I'm
having these problems? Is it possible to have VPN on a server with this
configuration? If I can be sure ISA is causing these problems I may
just
remove it altogether for now!
Thanks in advance.
|
|
|
| Back to top |
|
|
Andy Desborough
Guest
|
| Posted:
Sat Nov 12, 2005 1:50 pm Post subject:
Re: A little help with VPN > SBS2000 server running ISA plea |
|
|
Thanks for the reply, Merv.
Funny, I came across the same page after googling around for dg834 and GRE.
I'll give the firmware a go and see how I get on. It's does look a few
revisions old.
Thanks,
Andy.
"Merv Porter [SBS-MVP]" wrote:
| Quote: | Upgrade to latest firmware on the DG834?
http://www.torfaen-fighttheplan.org.uk/about10727-dg834g-pptp-gre-problem-solved-with.html
NETGEAR Download Page
http://kbserver.netgear.com/downloads_support.asp
--
Merv Porter [SBS MVP]
===================================
"Andy Desborough" <AndyDesborough@discussions.microsoft.com> wrote in
message news:35FA301E-8192-4D4E-B68C-E76F5220BC11@microsoft.com...
Thanks for the reply, Dave.
I am able to VPN into my work through a DG834 router with no changes other
than the 1723/VPN PPTP forwarding so I'm wondering if it's the switch
between
the adsl router and server that isn't allowing GRE... Slim chance but I'm
out
of ideas now.
I too would personally use 2 NIC's in this config but as I've just taken
over support for the client I'll try and crack this nut then work on doing
that :)
I can't find anything at all in the router config about GRE, you can add
services from a list but the choices are just TCP/UDP.
Just to confirm; there's no reason why I shouldn't be able to run VPN into
the server running ISA cache mode via the Remote routing and access method
is
what you're saying?
Thanks again for ruling ISA out in this case, 1 less headache to think
about.
Andy
"Dave Nickason [SBS MVP]" wrote
ISA can't be providing any firewalling in the single-NIC configuration,
so
my guess is that the error message is right. Have you checked the
Netgear's
settings to enable GRE Protocol 47? It might be called by a different
similar name, or PPTP Pass-through.
Even if it's not GRE, it's not ISA - AFAIK there's no way ISA can be
involved in controlling connections in a single-NIC system. BTW, while
you're working on this, why not toss another NIC in the box and set it up
right?
"Andy Desborough" <AndyDesborough@discussions.microsoft.com> wrote in
message news:C125A28C-6C94-4094-80DA-D1B79D927527@microsoft.com...
I am trying to get a VPN connection into a clients SBS2000 server. The
server
has 1 NIC and connects to the internet via a Netgear DG834 router which
I
have added VPN PPTP forward to the server IP Address. In the router log
file
I can see my IP address and the VPN-PPTP match and the server IP so I
seem
to
be getting through the router fine.
The server is running ISA2000 in cached mode for what seems just web
proxy.
I have tried enabled remote routing and access and set it up as a
remote
access server to no avail.
When I try connecting from the remote client it seems to connect, says
Verifying Username and Password then after about 30 seconds:
"Disconnected.
Error 806: A connection between your computer and the VPN server has
been
established, but the VPN connection cannot be completed. The most
common
cause for this is that at least one Internet device (for example, a
firewall
or a router) between your computer and the VPN server is not configured
to
allow Generic Routing Encapsulation (GRE) protocol packets. Verify that
protocol 47 (GRE) is allowed on all personal firewall devices or
routers.
If
the problem persists, contact your network administrator or Internet
Service
Provider (ISP) to determine which devices might be blocking these
packets."
As I can VPN fine into my work server I'm ruling out its my client end
and
something remote. I'm at the point of unistalling ISA on the server to
see
if
that helps but as the client cant recall where he put his cd's,
reinstalling
ISA if it makes no difference could be a problem. I've read that the
firewall/integrated mode has VPN but is that definitely the reason why
I'm
having these problems? Is it possible to have VPN on a server with this
configuration? If I can be sure ISA is causing these problems I may
just
remove it altogether for now!
Thanks in advance.
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in