Question : SBS 2008 VPN Help Required

Dear Community,

I have been struggling with a new install of SBS 2008 Standard.

I'm trying to set up VPN using the wizards which has been successful apart from the the wizard is unable to configure the firewall. I'm confident that I have got this correct but to eliminate this from the equation, I have tried to connect via a VPN connection from a domain - joined client on the same private network subnet as the SBS it is trying to connect to.

I am getting the following error:
Error 795: The tunnel type RADIUS attribute for this user is not correct.
On the NPAS Event log I'm getting a corresponding 20255 Event Log ID.

I have enabled the required users Remote Access properties using the Users wizard and have checked to see that RRAS is running which it is as configured by the wizard.

Other software running on the server includes Symantec Endpoint Security (SEP) and Backup Exec. I did read somewhere that SEP uses the same port as the NPS so it maybe possible that this is causing the issue.

Ideally I'd like to configure the VPN to use L2TP/IPSec. Help configuring either LT2P or PPTP (which would be a start) would be gratefully appreciated.

Answer : SBS 2008 VPN Help Required

L2TP/IPSec is not integrated with any of the SBS wizards. Though manually configuring a PPTP VPN is still quite simple, a L2TP/IPSec  is quite a bit more elaborate and you can have problems with client machines and NAT when using IPSec and Server 2003 SP1 and newer. These days a proper IPSec VPN router is so inexpensive most people wanting more security than a PPTP VPN opt for a hardware device. Moving the VPN server to a router is more secure in that users are accessing a perimeter device and not your domain controller directly, more secure in that it uses 'full fledged' IPSec, more efficient in that you offload the encryption service to a dedicated device, and allow more access control. An ideal unit is a Cisco ASA5505 which starts at about $400, or if the budget is limited you can get a Netgear FVS318 for $150, or a Linksys/Cisco RV042 for $200.

If interested in L2TP/IPSec the following article outlines the basics. It is for server 2003 but the process is very similar for 2008.
http://technet.microsoft.com/en-us/library/cc787915(WS.10).aspx
Random Solutions  
 
programming4us programming4us