Gnpmark 2006-07-30 22:59:37
Unable to establish the VPN connection. The VPN server may be unreachable,
or security parameters may not be configured properly for this connection.
I have tried to connect everyway and use every MS KB article I can find.
USING SBS2003 standard or premium no luck. Lynksys router Netgear switch
Cannot Connect Remotely used CM used VPN new connect no ports blocked by ISP
enabled PPTP in ISA. HELP
Joe 2006-07-30 23:14:53
When you say ‘Linksys router’, is the SBS connected to the Internet
through it? If so, does it have firewalling facilities? If so, is it
correctly configured to forward to the SBS? Does it have logs showing
refused connections? What about the ISA logs?
You need connectivity to SBS for TCP/IP port 1723 and protocol 47. If
you’re not getting that you need to know where the blockage is, and
appropriate firewall logs are the best way to troubleshoot.
At the moment you can concentrate on 1723, given the error message you
are getting. If you can get a VPN connection but authentication times
out you need to look for a protocol 47 blockage.
Gnpmark 2006-07-31 00:47:53
I think I know what you are saying, but I need a little more detail. Enable
the log on the “Linksys” router? Use Routing and Remote to set up ports 1723
and 47? Use Static address? eliminate firewalls? no longer have ISA.
Sprint ADSL with Dynamic address 192.168.1.1. Router 192.168.3.1 DHCP server
internet connect at 192.168.3.125. Server local ip 192.168.16.2 (default) now
running sbs2003 standard
Joe 2006-07-31 01:51:27
What machinery are the incoming messages passing through before arriving
at the SBS? Typically a router is used between the Internet and SBS.
Many such routers have firewall facilities and logging of successful or
unsuccessful messages. I’ve never used a Linksys machine so I have no
idea what facilities to expect.
In general, VPN problems turn out to be connection problems. Where a
firewall/router is placed between the Internet and SBS, it needs not
only to allow SBS connections through, but also to pass them to the
SBS machine. The router appears to be the endpoint of the VPN but is
in fact passing VPN-related messages to the SBS.
In this case the VPN makes use of TCP/IP port 1723 and *protocol* (not
port) 47, also known as GRE.
What you need to know is where there is a break in communication. Your
client machine is connected to an ISP, possibly through a firewall. The
server is connected to the same or another ISP, probably through
firewalling and certainly having its own firewall. Some ISPs limit
transmission of some types of Internet connection. Any of the stages
of transmission may be blocking either port 1723 or protocol 47. From
the error message you have, it appears that port 1723 messages aren’t
getting through. These messages establish the VPN, while the data is
then passed through protocol 47. As far as Windows is concerned, the
VPN connection is made when the port 1723 messages have been properly
exchanged, and will report the connection as completed. You don’t seem
to be getting that far.
There are various means of troubleshooting the connection, but the
simplest is to check the log files of the various machines involved.
Any sign of a refused connection will show that a configuration is
wrong, though not exactly what needs changing.
You mention IP addresses of three different subnets, (I’m assuming
a 24 bit netmask) all of them private (non-routable). It is not clear
from your description how Internet messages reach SBS, and what
machines they need to pass through.