Showing results for 
Search instead for 
Did you mean: 

VPN and SBS2000 and Static IP


VPN and SBS2000 and Static IP

Hello All

I would be grateful for anyone's help on this. Having searched through archives I have solved most of the problems, but am left with a few outstanding points:

I am trying to setup VPN using Microsoft Small Business Server 2000, a Netgear Router DG834 and Plusnet Netstart 1MB with fixed IP. The reasons for wanting to do this are twofold a) to allow remote access for staff from home and b) to allow remote connectivity for support staff to install/support new application software on the server.

After much swearing and upgrading of both router and ADSL connection (previous ISP did not allow fixed IP), I now have some remote access to my server. The server has two NIC's, one internal and one external. The router has the fixed external IP address and an internal IP address on the same subnet as the server's external IP address. Port forwarding is setup on the router to forward PPTP traffic to the external IP address of the server.

Do I need to ask for a block of 4 IP addresses from plusnet so that I can make the external IP address of the server a public IP address. At the moment, when trying to connect the VPN remotely I enter the external, public IP address of the router. This allows me to connect to exchange and even use terminal services, but not to connect to the server as though on the LAN. I get a window popiing up asking me to logon to the domain and saying "Your credentials have failed remote network authorisation...".

This happens from several locations. I only have a dynamic IP at home where I am trying to connect to. Should I upgrade this account to a static IP?

I have searched for solutions/pointers within Plusnet archives, Microsoft and googled extensively. Any help gratefully received.

Best Regards


VPN and SBS2000 and Static IP

Most of the netgear routers dont actuall support vpn as it doesnt pass some of the traffic. I know the 814 doesnt but it may have improved with this model. There was a lot of posts in adsl newgroups about the problems with vpn.

The much cleaner solution is to use Terminal server which works very well. It has a great potential as users can connect from a dial up account log on to the server and get onto the internet at adsl speeds.

It also means support staff are actual logged onto the server and can shadow users and do anything they could do if sat at the server.

All you do is forward port 3389 to the servers ip or 1604 if you are using citrix. It can be installed in mins and even users on win98 have no problems. Users can then connect to anything at work as though they were in the building, so they can print to work printers send messages see files etc.

For this you can use NAT and connect from any account including dial up

VPN and SBS2000 and Static IP

Thank you for your response mwright. I replaced my router with the new DG834 as it claimed to be able to do VPN passthrough, and there are settings that give the impression it can.

I can connect using Terminal Server and Terminal Services client, however if I log in as anyone other than administrator (even if I have granted that user administrator privileges), all I seem to be able to get is the Small Business Server Personal Console, which is not a great deal of use. I appreciate that this forum is not about support for SBS, but for the ADSL side of things. I was hoping to ensure I had the ADSL side figured out before starting a wild goose chase on other errors that were not necessarily significant.

I was hoping to use VPN as it seemed to by (inexperienced) eye to be the most elegant and secure method. At this stage, anything that works is fine!
Rising Star
Posts: 272
Thanks: 33
Fixes: 1
Registered: 10-08-2007

VPN and SBS2000 and Static IP

You can get a PPTP VPN working using a single fixed IP on the router and a dynamic IP at the remote end. We have set up about a dozen systems like this in the last 6 months.

I am not clear as to how you are connecting to Term Servs. Are you entering the public IP into the Remote Desktop / TSClient connect dialog or are you establishing a VPN dial up connection first and then entering the private LAN IP of the SBS in the Remote Desktop client?

TS only requires that IP is working. The MS Networking client has lots of other dependancies. From your description I suspect this is an authorisation problem rather than a transport problem.


VPN and SBS2000 and Static IP

When you log onto TS you should get the same screen as though you have logged on at the server. If you ant getting that then you need to setup a profile for TS and enter it in the users detals.

You can use the same thing by logging into XP with remote desktop and in some ways this is a better option as you can have a system setup with office and anyother software.

VPN and SBS2000 and Static IP

I have set up exactly what you are trying to set up and I use a Dlink DSL500 modem/router but I don't think your router is the issue. I use a block of 4 static IPs - one for the router and one for the server's public address. In order to enable VPN connections you will need to follow the instructions in the SBS help wizard which is quite effective. Once you have done this you will need to give the users that require access, dial-in permissions. The dial-in permission isn't just for modem users but for all remote access.

Try that and see if it works.

Can you get Outlook Web Access or Terminal Servies via the web - just type in your static IP address from an external location and follow it with /exchange for OWA and /myconsole for TS. If you are using Windows XP and need to use TS via a browser you will need to upgrade the server with a patch, this will change the address to http://your.ip.add.ress/TSWEB instead of http://your.ip.add.ress/myconsole.