TO HOW: ???? ???? ?? ???? ??????? ????? 2000 ??? ??????? VPN ????? ???????? ????

?? ??? ?? ??? ???? ????? ???? ?? ?? ??? ?? ???????? ???? ?? ??? ?????? ?? ?????? ????? ?? ???? ??????? ????? (SBS) 2000 ?????? ???????????? ?? ??? ???? VPN ??????? ??????? ???? ?? ??? ???? ?????

?? ???? ?? ??????? ??????? ?? SBS 2000 ?? ??????? ???? ?? ??? ??????? ??? ?? ???? ????? ?????? ????? ???? ?? ????? ????????? ???????? ???? ?? ??? ???? ?? ????? ???? ???

???? ???? ?? ?? ??? ????? ??, ?? ????? ????? ?? ???? ???? ?????:

• ????? Microsoft ???????? ???? ??? ??? ?? ????? ?? ???? ????:
  306802  (http://support.microsoft.com/kb/306802/ ) ????? ??? ?? ??????? ??????? ?? ??? ??????? ????? ?? ??? ???? ??????? ????? ?? ???????? ???? ????
  ?? ???? ??? ????? ??? ?? ????????? ???? ?? ?? SBS 2000 ??????? ??????? ??????? ????? ???? ?? ???? ?? ?? ?????ISA Server ????? ????????? ????? ????, ????????? ???? ?????????? (PPTP ??????? ?????)???????? ???? ???? ISA Server ????? ??????? ?? ??????? ?????? ???? ?? ??? ???? ?? ?? ?? ???????? ?? ???? ?? ???? ???? VPN ?? ?????? ?? ??? ??????? ??????? ??????? ?????? ???? ?? ????? ?????? ???? ?? ??? ?????? ??? ???? ?? ???::
  1. ????? ????,????????? ????? ????,????????????? ????? ????,Microsoft ISA ??????? ????-????? ????, ?? ???? ???ISA ???????.
  2. ??????? ????????? ?? ????????branch, ????? ????????? ???????? ????,????? ?????? ????-????? ????, ?? ???? ???IP ????? ???????.
  3. ?????? ??? ?? "BackOffice PptpCallPredefinedType" ?? "BackOffice PptpReceivePredefinedType" ?? ??? ??????
  4. ??? ?? ????? ???? ??? (?? ??? ?? ??? ???), ??????? ??????? ???????? ?? ??? ?? ?????, ?? ???? ??? ????? ????????????? ???????????? ?????????, ?? ??? ????? ????????????? ????Exchange Server, POP3 ?? "????? ????? ????????? ISA ?????", ?? ???? ??? ?? ??? ???? ?? ?????????? ???? ?????????? (PPTP ??????? ?????)??? ?????.
• ????????? ???? ?? ??????? ???????? ???? ?? SBS 2000 ???????? ?? ??????? ?? ????-?? ??????? ?? ??? ????? ?????? ??? ??? ??? ????? ??? ?? ?????? ??????? ?? ???? ??? ???? ??? ??, ????? ??????? ??????? ??????? ???????? ??, ?? ?????? ????? ??????? ????? ???
• ????????? ???? ?? DNS ??? ?? ???????? ???? ??? ??? ???? ???? ?? ??? ?? SBS 2000 ???????? ?? ?????? IP ??? ???? ?? ??? ?????? ?? ????? ??????? ??????? ?? DNS ???????? ????? ???? ??? ?? ISP ?? DNS ??????? ??? ????????? ??Forwarders??? DNS ??????? ????? ??? ???
• ????????? ???? ?? WINS ??????? ?? ?? WINS ?? ?????? ???? ?? ??? ????? ?? ????? ???? ?? ??? ???????? ???? ??? ?? ?? SBS 2000 ???????? ?? ?????? ??????? ??????? SBS 2000 ???????? ?? ?? ??? ??? ???????? ??? ??, ?? WINS ??????? ?? ?? ????????? ???? ??? SBS 2000 ?? ????? ????
• ??? ???? ??? ?????-???? ????????? ???????? SBS 2000 ???????? ?? ????? ??????? ??????? ?? ??????? ?? ???, ??? ??? VPN ??????? ?? ?????? ???? ????? ?? ??? VPN ?????? SBS 2000 ???????? ?? ????? ??????? ??????? ?? ???????? ???? ?? ??? ??? ?? ???????? ???? ?? ?????
• Microsoft ??????? ???? ?? ?? ?????? Windows 2000 Server ?????? ??? ?? ??????? ????? ??? ???? ?? ??? ???? ???? ?? ???? ??? ??????? ?? ??? ????? ?????????? Microsoft ??? ???? ?? ????:
  HTTP://www.Microsoft.com/windows2000 (http://www.microsoft.com/windows2000)

??? ?? ?? ????? ?? ???? ?? ?????? ?? ?????? ????? ?? ???????? ???? ?? ??? ????? ??????? ??? ??????? VPN ????? ?? ??????? ??????? ???? ?? ????, ?? ?? ???? ?? "?????? ??????" ??? ??????

VPN ?? ??????? ????????? ??????? ???? ?? ??? SBS 2000 ???????? ????

1. ????? ????,????????? ????? ????,????????????? ????? ????,???????????? ??????? ????-????? ????, ?? ???? ????????? ?? ?????? ?????.
2. ???? ????? ?? ????-????? ????, ?? ???? ??? ????? ?????????? ?? ?????? ????? ?? ????? ???? ?? ???????? ????.
   
   ??? ?????? ?? ?????? ????? ???? ?? ??, ????????? ???????? ?? ?????? ????? ?? ????? ???? ?? ???????? ???????? ?????? ???? ?????? ???? ?????? ???, ????? ?? ????-????? ????, ?? ???? ??? ????? ?????????? ?? ?????? ????? ?? ????? ????. ???? ???, ????? ?? ????-????? ???? ?? ????? ?????????? ?? ?????? ????? ?? ????? ???? ?? ???????? ????.
3. "?????? ???? ?? ??? ?????? ?? ?????? ????? ????? ?????" ????? ?? ????? ????next.
4. ????? ????,????? ?? ???????? ??? ?? ???????? ????????? ????,next?? ????-????? ????, ?? ???? ?????????.
5. ????? ????,????????? ?? ?????? ????? ???? ??????? ????? ??? ???? ?? ?? ???? ????? ???? ??????????? ???? (VPN) ?????. ?? ?????? ?? ???????? ???? ?? ?????? ????? ????? ???????? ?? ???:
   • ?????? ????:??? ????.
   • ????:????? ???? ???.
   • ?????? ?????? ?????:????? ???? ???.
   • IP ??? ????????? DHCP ???? ?? ??? ??? ???
   • VPN ?????: ????? ???? PPTP ??????? ?? ???? L2TP ??????? ????
6. Microsoft ??????? ???? ?? ?? ?? ??? ?????? VPN ??????? ?? ??? IP ???? ?? ?? ?????? ?????? ?? ????? ???? ?? ??? ?????? ?? ?????? ????? ??? ?? ?? ???? ????? ??? ????? ??? ?? ??? ????, ?? ????? ???:
   • ??????? ??????? ?? ??????????? (ISA) ????? ?? ??????? ??? ?????? (LAT) ??? ??? ??? ?? ????? ???? ???? ?????? ISA ????? ??? LAT ?? ????? ?? ??? ????? ????????????? ????? ????,????????????? ????? ????,Microsoft ISA ??????? ????-????? ????, ?? ???? ???ISA ???????. ??????? ????????? ?? ????????, ??????? ????????? ???, ??????? ??????????? ????????????? ????-????? ????, ?? ???? ?????????? ??? ?????? (LAT).
   • ?????? ?? ????? ??????? ??????? ?? ??? ??? ?? ?? ????? ?? ??? ??? ???? ???? ??????
   ????? ??? ?? SBS 2000 ?? ??????? ??????? ???? 10.255.255.255 ?? 172.31.255.255 ?? ?????? ?? 172.16.0.0 ?? ?????? ?? 10.0.0.0 ??? ??? ???? ?????? IP addressing ?????, ?? ???? ?? ????? ?? ???? ??? ?? LAT. ??? ????????????? ????????? ??? ?? ??? ?? ??? ???? ????? ??? ?????? ?? ??? ?? ???????? LAT ????????? ?????? ?? ???, ???? ???????????? ??? ?????? (LAT)?? ????? ????,????? ????-????? ????, ?? ???? ???LAT ?????????.
   
   ??? VPN ??????? ?? ??? IP ???? ?? ?? ?????? ?????? ?? ????? ???? ?? ??? ?????? ?? ?????? ????? ??? ????:
   1. ????? ????,????????? ????? ????,????????????? ????? ????,???????????? ??????? ????-????? ????, ?? ???? ????????? ?? ?????? ?????.
   2. (???????) ????? ??? ?? ????-????? ????, ?? ???? ??? ????? ???????.
   3. ????? ????IP??? ?? ????? ????..
   4. ????? ????,?????? ??? ????? ????-????? ????, ?? ???? ???add.
   5. ???? ????? ?????? ???? ?????
   6. ????? ????,OK??? ??? ?????? ??? ?? ??? ?????
7. ?????? ?? ?????? ????? ???? ?? ??????? ???? ??? ??, ?? ??? ?????? ?? ?????? ????? ??????? ?????-?? ?? ???? ??? ????? ?? ??? ????-????? ????, ?? ???? ??? ????? ???????.
8. ????? ????IP?? ??????? ???????? ???(???????) ???, ?????????????????? ???? ????????????????? ???, ?? ??? ?? ?????RAS ??????? ?? ??? ???? ?? ??? ?????? ??????? ?? ??? ?????? ??????? ???????? ????? ????,OK?? ????? ????? ??? ????? ?? ?????? allocates WINS ?? DNS ????? ??? ?? ?????? VPN (DHCP) ??????? ?? ??? SBS 2000 ???????? ?? ?????? ??????? ??????? ?? ????????? ???
9. ??????? ?? ???? ??, ?? ????? ?????????? ????? ????, ????-????? ??????? ?????? ????-?? ????? ????? ?? ?????? ????? ????-????? ????, ?? ???? ??????.
10. ????? ????,?????? ?????? ?? ?????? ???.
11. ?????? ?? ?????? ????? ??????? ????? ?? ???? ???????
12. ?????? ??????????? ?????????? ?? ???????? ?? ??????? ????, ?? ???? ??? ????? ????Users???????? ?? ???? ???? ?????????? ?? ??? ?????, ?? ???? ??? ???? ?????????? ????????? "????-??" ??????-????? ?? ????? ????..
13. Obtain and install the hotfix from "Q292822: Name Resolution and Connectivity Issues on Windows 2000 Domain Controller with Routing and Remote Access and DNS Installed".

??????? ?????

The most common issues with VPN on SBS 2000 come from:

• Running one of the predefined template wizards that is included in the Routing and Remote Access Management Console.
• Following the instructions that are included in the following Microsoft Knowledge Base article:
  308208  (http://support.microsoft.com/kb/308208/ ) HOW TO: Install and configure a virtual private network server in Windows 2000
  These instructions configure SBS 2000 to act exclusively as a VPN server and only accept VPN connections. Symptoms of using this predefined template include:
  1. Users on the Local Area Network (LAN) cannot browse the Internet.
  2. The SBS 2000 computer may not be able to send or receive SMTP e-mail messages.
  3. Users may not be able to log on to the SBS 2000 domain.
  To determine if the Routing and Remote Access VPN wizard was completed on the server:
  
  
  1. Start the Routing and Remote Access snap-in.
  2. ??????? ????????? ???(???????).
  3. ??????? ????IP Routing.
  4. ????? ????,???????.
  5. On the right side of the screen, right-click the external network adapter, and then click???.
  6. ????? ????,Input Filters,Output Filters, or both.
  7. If this screen is populated, the VPN server was probably selected in the Routing and Remote Access Setup Wizard. If it is apparent that Routing and Remote Access was set up with the VPN wizard, Turn off and then turn on Routing and Remote Access. For information about how to do so, complete step 1 in the "Troubleshooting" section of this article.
• A hardware firewall or router is between the external network adapter of the SBS 2000 computer and the Internet. For a VPN client to access the SBS 2000 computer by using a VPN connection, all routers between the remote VPN client and the server must allow traffic to pass through TCP port 1723 (PPTP) and must support protocol type 47. Protocol type 47 is the Generic Routing Encapsulation (GRE) protocol.
• You have not completed the steps that are included in the following Microsoft Knowledge Base article:
  306802  (http://support.microsoft.com/kb/306802/ ) ????? ??? ?? ??????? ??????? ?? ??? ??????? ????? ?? ??? ???? ??????? ????? ?? ???????? ???? ????

?????? ??????

If a remote access VPN client cannot successfully connect to the SBS 2000 computer:

1. Turn off and then turn on Routing and Remote Access. This method is listed first because it is the simplest and quickest way to correct mis-configurations in Routing and Remote Access.
   1. ????? ????,????????? ????? ????,????????????? ????? ????,???????????? ??????? ????-????? ????, ?? ???? ????????? ?? ?????? ?????.
   2. ????-????? ????????? ???(???????)?? ????-????? ????, ?? ???? ????????? ?? ?????? ????? ?? ????? ????.
   3. ????? ????,???when you receive the warning message.
   4. Perform steps 1-12 in the "Configure SBS 2000 to Accept Inbound VPN Connections" section earlier in this article to again turn on and reconfigure Routing and Remote Access. You only have to complete step 13 one time, and you do not have to reapply the hotfix if it has been previously applied.
2. Try to establish a VPN connection from an internal client to the internal network adapter of the SBS 2000 computer. Turn off the firewall client on the VPN client if it is installed. If this does not resolve the issue, the issue is most likely the server itself, and it is likely that other network problems exist on the server, LAN, or both. Check Event Viewer for errors about TCP/IP. Make sure that all of the appropriate services are started on the SBS 2000 computer. Check Device Manager for problems with the physical network adapters.
3. Use Pptpsrv.exe and Pptpclnt.exe to verify communication on port 1723 and that GRE47 requests are being passed between the remote VPN client and the SBS 2000 computer. These two tools are included with Windows 2000 Support Tools. You can install these tools on the SBS 2000 computer by running Setup.exe from the Support\Tools folder on the SBS 2000 CD1. After you install the Support Tools, click????????? ????? ????,????????????? ????? ????,Windows 2000 ?????? ??????? ????-????? ????, ?? ???? ???Tools Help. View the "P" section, and then clickPPTP Pingfor information about how to use this utility.
   
   ???:: You must stop the Routing and Remote Access service on the SBS 2000 computer so that PPTPSRV can bind to port 1723.
4. If step 3 does not work, re-configure the physical network by using the following steps. The following steps emulate an incoming VPN connection from a remote VPN client to the SBS 2000 computer. This helps you to determine whether the failure is caused by your local router/firewall, a router on the Internet, or on the SBS 2000 computer.
   1. Connect the external network adapter on the SBS 2000 computer to a simple hub by using a patch cable.
   2. Connect a client computer to the same hub by using a patch cable.
   3. Configure the TCP/IP settings on the client computer to be on the same subnet as the external network adapter of the SBS 2000 computer. For example, if the IP address/subnet mask on external network adapter on the SBS 2000 computer is 157.57.10.8/255.255.0.0, configure the client with an IP address of 157.57.10.9/255.255.0.0.
   4. Turn off the Firewall Client/Winsock Proxy Client on the client computer.
   5. Configure the VPN connection on the client as you would on a "true" external VPN client.
   6. Test the VPN connection.
   7. If it is successful, the problem probably is with something external to the SBS 2000 network. Contact your ISP or hardware firewall vendor for more help.
   8. If it fails, a configuration/hardware issue on the client or server exists that is not addressed in this article. Make note of the error the client receives and any relevant errors in the SBS 2000 Event Viewer log and visit http://support.microsoft.com to search for any known issues.

For additional information about the Routing and Remote Access wizards that are included with Windows 2000, click the following article number to view the article in the Microsoft Knowledge Base: