Re: VPN
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 06/16/04
- Next message: ss: "Re: issue accessing an AD server"
- Previous message: Zen Andreas: "Re: encryption and user rights"
- In reply to: John Barwell: "Re: VPN"
- Next in thread: John Barwell: "Re: VPN"
- Reply: John Barwell: "Re: VPN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 15 Jun 2004 22:56:29 GMT
Hi John.
I am not quite sure what you mean about "not being picked up by the remote client".
If the client has deny configured in their AD account for dial up and they dial in
to a W2K rras server that is a domain member and in the RAS and IAS group, they
should get a message that says they are not allowed access after they enter their
domain credentials.
You say you are using the same exact settings for dial up and dsl? I assume you mean
that at least the vpn connectoid is configured to use the public IP address assigned
to your router wan interface. The router also needs to be configured to port forward
the proper ports and protocols to your internal rras server. Assuming you are using
pptp since you can not use l2tp through NAT into a W2K rras server, configure port
1723 TCP to port forward to the internal IP address of your rras server and allow
protocol 47 which may be referred to as pptp pass through. Also configure the vpn
client connectoid to use pptp - not auto if using the built in W2K vpn client. You
can do that in properties/network type. The rras server will need to be able to hand
out at least ten IP addresses either through a static pool or the use of a dhcp
server on the rras computer. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;308208
"John Barwell" <john.barwell@btinternet.com> wrote in message
news:canrf3$dsu$1@titan.btinternet.com...
> Hi Steve,
>
> I have already configured the settings in AD. However they are not being
> picked up by the remote client. Also I ran into another problem last night.
> I can connect using a dialup connection. However when I try the exact same
> setting for DSL I cannot. Any ideas?
>
> Many Thanks,
>
> John
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:f_Fzc.109505$Ly.59278@attbi_s01...
> > The dial restriction needs to be configured for their accounts on the
> remote access
> > server, or in AD Users and Computers if the rras server is a domain
> member.
> > Depending on your configuration the dial in options could be allow, deny,
> or control
> > through remote access policy. --- Steve
> >
> > "John Barwell" <johnbarwell@msmdirect.co.uk> wrote in message
> > news:JmFzc.15539$NK4.2497019@stones.force9.net...
> > > Dear All,
> > >
> > > I am setting up VPN access for my remote users. I have a Draytek 2600
> > > router. I have managed to get the majority of the configuration done.
> > > However the problem I have is that anyone of my users can login using
> the
> > > VPN, even when I have restricted the Dial In property on the user's
> account.
> > > Can someone offer me some advice on how to restrict users loggin in
> > > remotely?
> > >
> > > Thanks,
> > >
> > >
> > > John Barwell
> > >
> > >
> >
> >
>
>
- Next message: ss: "Re: issue accessing an AD server"
- Previous message: Zen Andreas: "Re: encryption and user rights"
- In reply to: John Barwell: "Re: VPN"
- Next in thread: John Barwell: "Re: VPN"
- Reply: John Barwell: "Re: VPN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
