Sep 13

Configure Remote Access (a VPN Connection) to your SBS 2008 Network.

I believe Small Business Server is a wonderful solution for small and medium sized businesses. It offers many great features and technologies at an affordable price. My consulting business caters towards small and midsized businesses, and most of my customers are running on the Small Business Server platform.  Once the platform is properly set up and businesses start taking advantage of the technologies offered by it, they become more efficient and can do their job faster. Let’s face it – I am happy when my customers are happy.

One of the technologies offered by SBS 2008 that makes my customer’s lives easier is Remote Access. SBS 2008 makes it simple to set up remote access. Just follow the next steps:

This guide assumes that your server is properly set up for internet access and that you have registered and configured your public domain so it resolves to your server’s public IP address.

  1. Log in to your server using an administrator account.
  2. Open the Windows SBS Console and click the Network tab.
  3. Under the Network tab click the Connectivity tab. Check the status of the Virtual Private Network. It should be off. If it’s on, it means it’s already configured.
  4. Under Tasks (Tasks is the right pane on the Windows SBS Console) click Configure a virtual private network. This will open the Set Up Virtual Private Networking wizard.
  5. Click the Allow Users to Connect to the Server by Using a VPN option. This will start the configuration, and the server will do all the required tasks for you in the background. It will configure RAS for you and set up the right permissions, and, if your router is UPnP compatible, it will configure it for PPTP pass through. If your router isn’t UPnP capable, you will have to configure it manually.
  6. Once the wizard finishes successfully click finish to close the wizard. The wizard may give you a warning if your router isn’t UPnP compatible. This means that you will have to set up the router for PPTP pass through manually. This is accomplished differently depending on your router and your network topology, and doing this is beyond the scope of this guide. If you need help just let me know in the comments and I will try to help. In essence, you will have to make sure that your firewall/router allows inbound traffic to your server on TCP port 1723 and IP protocol ID 47 (for PPTP and GRE respectively).
  7. Once the wizard finishes, your server is ready to accept incoming VPN connections. Now you just need to allow users to connect to the server via VPN. To do this click on the Users and Groups tab.
  8. Under the Users and Groups tab make sure the Users tab is selected and select the user you want to allow to connect remotely.
  9. Under the Tasks section click the Edit  user account properties option. This will open the user’s properties window.
  10. On the User account properties window select the Remote Access option and select the User can access virtual private network check box. Click OK. By selecting this check box, you are adding the user to the Windows SBS Virtual Private Network Users group. Users have to be members of this security group in order for them to be able to access the network using the VPN we just set up.
  11. That’s it. Your server is ready to receive connections, and your users are ready to connect.

To establish a VPN connection from a client running Windows 7 follow the next steps:

  1. Click the Start Menu, click Control Panel, click Network and Internet, and click Network and Sharing center.
  2. Click Set up a new connection or network under change your network settings. This will open the Setup a Connection or Network wizard.
  3. Select Connect to a workplace and click Next.
  4. If you already have a dial up connection set up, the wizard will ask you if you want to use that connection or if you want to create a new one. Select create a new connection. If you don’t have an existing dial up connection configured skip to the next step.
  5. Select use my internet connection on the how do you want to connect window.
  6. For the Internet Address type the public domain that resolves to your server’s public IP address (example: remote.domain.com)
  7. Type a name for the connection (It can be anything descriptive) and click Next.
  8. Type the user account name and password and the internal domain of your network.
  9. Click connect, and you should be able to connect to your network. To connect or disconnect in the future, click on the network icon on your system tray and select the connection and click connect/disconnect.

To connect to the network using Windows XP follow the next steps:

  1. Open the Control Panel and go to the Network Connections.
  2. Start the New Connection Wizard and click next until you get to the New Connection Type.
  3. Select Connect to the Network at my Workplace and click Next.
  4. Select Virtual Private Network Connection and click Next.
  5. Type a name for the connection and click Next.
  6. Type the public domain that resolves to your server’s public IP address and click Next.
  7. Click Finish to complete the Wizard.
  8. The connection window opens. Type a user account name and password and click Connect.

Microsoft makes it simple to connect Windows XP and 7 to the VPN. Running the network connection wizard with the default settings is enough to establish a connection.

One thing you should note if you are going to have more than 5 users connecting remotely to your SBS network, is that by default the server limits the amount of PPTP connections to 5. This limit can be increased. Just be sure to have the limit in mind when setting up users for remote access.

To increase the connections limit follow the next steps:

  1. Open Routing and Remote Access on your Small Business Server.
  2. Expand the server name, right click on Ports and click Properties.
  3. Select the WAN Miniport (PPTP) and click the Configure button.
  4. Under the Maximum Ports section adjust the port limit to a number that fits your needs.
  5. Click OK twice to close the properties windows and close Routing and Remote Access.

That should be all you need to do to set up Remote Access to your SBS 2008 Network.

Share
Apr 24

Cisco releases 64bit VPN client.

Cisco has finally released a 64bit version of their IPSEC client.

I used to always use the Cisco VPN client to  establish a VPN connection to my business network. I stopped using it when I upgraded my main laptop to Windows Vista x64 back in 2006. The client back then wasn’t compatible with a 64 bit operating system, and Cisco didn’t have plans to develop a compatible version.

I always liked the Cisco VPN client, but I was forced to look for an alternative. I refused to change my operating system choice just for one application. Every other application I used back then was able to run on the 64 bit platform. I could have probably used the 32 bit version of Vista instead with no problems, but that’s just  the way I am sometimes – stubborn ;) .

I ended up just changing VPN clients.  I don’t use IPSEC anymore, and I use the native Windows 7 client to establish the VPN connection to my network. I like the way Windows 7 is working for me in that respect.  It is easy and seamless. I won’t use the Cisco client at this point, but it is good to know that Cisco has finally decided to release the client.

And who knows – I am always changing stuff around. I could end up using it again.

The following link takes you to the release notes for the client – http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client5007/release/notes/vpnclient5007.html

Share