|
|
Question : Problem: IS it OK to put the SBS 2003 R2 box in the router DMZ or better to tweak the firewall for VPN ?
|
|
Trying to set up VPN capability on sbs 2003 R2. Static IP form Comcast using an SMC8014 modem / router.
In the config, I don't see a VPN settings page, although the manual does list it. and there's 2 settings in the firewall ara that I don't understand:
Firewall Options Disable Firewall for True Static IP Subnet Only Disable Gateway Smart Packet Detection
Anyway, I forward port 1723 and try to connect from outside. It fails after trying to verify the password. If I put the sbs box in the DMZ, I can connect. So comcast isn't blocking VPN, it's just that some of the settings for VPN aren't available / set right in the router? (And the CEICW is set right, because again, I CAN make a VPN session when the SBS is in the router's DMZ)
|
Answer : Problem: IS it OK to put the SBS 2003 R2 box in the router DMZ or better to tweak the firewall for VPN ?
|
|
Much safer NOT to use the DMZ. You need port 1723 forwarded, but also you need to enable GRE pass-through, protocol 47, not port 47. What error do you get when trying to connect? If 721 your port forwarding is probably fine but GRE is the problem. Is there an option in the SMC8014 to allow PPTP pass-through, or VPN pass-through?
|
|
|
|