I'm a small office scenario... always connected w/ static IP and have two host machines that run hyper-v & all servers are virtualized (DC/DB/SharePoint/etc... I don't run Exchange). I travel about 50% of the time and would like to connect to my machines remotely but not sure what my options are. I'd like to setup VPN (or idealy DirectAccess) on my network. I'd have to have the configuration within a virtual machine. Admittedly I'd also be in over my head as I"m not a networking guy so was hoping to have a simple solution. Any pointers?-AC [MVP SharePoint Server] http://www.andrewconnell.com/blog Critical Path Training, LLC SharePoint training for all audiences (developers, admins, end users, power users, web designers, etc) www.CriticalPathTraining.com

The solution is pretty simple for VPN. All you need to do it configure one of your servers to be a RRAS (Routing and Remote Access) server. Then open the appropriate port on your firewall and point it to the server that is the RRAS. Please see this web site for all the information you could want on VPN and RRAS: http://technet.microsoft.com/en-us/network/bb545442.aspx [string](0..9|%{[char][int](32+("39826578840055658268").substring(($_*2),2))})-replace "\s{1}\b"

Also, see the following Step-by-step guide: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=14429[string](0..9|%{[char][int](32+("39826578840055658268").substring(($_*2),2))})-replace "\s{1}\b"

Thanks for the poinrters... anything special about Win2k8 R2?-AC [MVP SharePoint Server] http://www.andrewconnell.com/blog Critical Path Training, LLC SharePoint training for all audiences (developers, admins, end users, power users, web designers, etc) www.CriticalPathTraining.com

Hi Andrew, R2 and Windows 7 support a new feature called VPN Reconnect. See the following article: Remote Access Step-by-Step Guide: Deploying Remote Access with VPN Reconnect Otherwise, although a lot of the screenshots are for Windows 2003, the RRAS interface itself hasn't changed much (if at all), and the principles are exactly the same. [string](0..9|%{[char][int](32+("39826578840055658268").substring(($_*2),2))})-replace "\s{1}\b"

Awesome... that looks easy! So one question is about the two different NIC settings on the VPN server. I have a router connected to the modem that also provides DHCP services (192.168.0.*). I know I'd configure the router to do port forarding on the VPN ports >> VPN server. But what about the IP settings on the two NICs? From what I can tell they would both me on the 192.168.0.* network as that's the only network in my office. The only difference between the two is that one would be named INTERNET & the other would be named INTRANET...-AC [MVP SharePoint Server] http://www.andrewconnell.com/blog Critical Path Training, LLC SharePoint training for all audiences (developers, admins, end users, power users, web designers, etc) www.CriticalPathTraining.com

Your topology would be different than that described in one of those articles. They are describing using RRAS as a gateway/firewall, as well as providing VPN services. You aren't interested in the that functionality. Basically, all you need to do on the server is: 1. Install the Network Policy and Access Services role on your server. 2.Open Adminitrative Tools/Routing and Remote Access, right click on the top node, and click "Configure Routing and Remote Access". A wizard will run, and (if I remember correctly, you don't have to supply any info). 3. Then make sure the server is running with a green up-arrow, and you are good to go. [string](0..9|%{[char][int](32+("39826578840055658268").substring(($_*2),2))})-replace "\s{1}\b"

So I'm all setup and it worked when I connected via VPN to the server from on my same network. I then tried from another machine on a different network but it's failing on the step "Connecting to [name] using "WAN Miniport (L2TP)" with error 800 saying the remote connection was not made because the attempted VPN tunnels failed. I opened ports 47 & 1723 on my router to forward to the server but still getting an error. I assume it had something to do with firewalls so I turned off the firewalls on both the server & client (only using Windows Firewall)... still getting the error. On the server i see a RanMan warning in the event log (#20209) saying the connection was established but it couldn't be completed because the client is not configured to allow GRE packets (port 47). Do I have the correct ports open?-AC [MVP SharePoint Server] http://www.andrewconnell.com/blog Critical Path Training, LLC SharePoint training for all audiences (developers, admins, end users, power users, web designers, etc) www.CriticalPathTraining.com

Error 800 is a generic error which doesn't give you much info. On the client, change the setting from Automatic to the VPN system you want to use (I assume PPTP if GRE is involved) to get a meaningful message. GRE is not a port. It is an IP protocol. I anything anywhere in the network blocks GRE, PPTP will fail because the encrypted packet has a modified GRE header. No GRE, no PPTP VPN traffic. Bill

Just to add to what Bill said, your client error message indicated that it failing to set up a L2TP/IPSEC tunnel, which will happen if it can't establish a PPTP tunnel, which is what you want. I suspect that your router is not forwarding GRE packets. Check if your router has this facility. As Bill said, it's not a port (47), but a protocol number 47[string](0..9|%{[char][int](32+("39826578840055658268").substring(($_*2),2))})-replace "\s{1}\b"

Found this post which indicated my router (Lynksys WRT54GL) didn't have the correct firmware to do this (pass GRE packets). Seems from the responses simply applying the firmware would fix it, but it isn't for me unfortunately.I made sure all the ports were open... but same error. Need to research more as like you say, the GRE packets seem to be the problem. Thanks for the help guys!-AC [MVP SharePoint Server] http://www.andrewconnell.com/blog Critical Path Training, LLC SharePoint training for all audiences (developers, admins, end users, power users, web designers, etc) www.CriticalPathTraining.com