Re: VPN Question

From: Merv Porter [SBS-MVP] (mwport_at_no_spam_hotmail.com)
Date: 07/12/04 

Date: Sun, 11 Jul 2004 20:33:31 -0500

Jim:

Does this help... In the VPN connectoid on the laptop that is a client in
Domain A, under TCP/IP Properties | Advanced | DNS, add the IP address of
the SBS server (192.168.2.y). 

-- 
Merv  Porter  [SBS MVP]
===================================
"Jim Garrett" <jimg_comp@nospam.yahoo.com> wrote in message
news:%23$Lns46ZEHA.1248@TK2MSFTNGP11.phx.gbl...
> There is a way to make this work. I have VPN access into another domain
(one
> I did not configure) from my domain and everything works. TS and RWW work
> fine but VPN are the only ports we really want to open up.
>
> Guess I will keep digging in to this.
>
> Thanks,
>
> -- 
> Jim
>
>
> "Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
message
> news:OAm52B2ZEHA.2944@TK2MSFTNGP11.phx.gbl...
> > Hi Jim,
> >
> > This is expected behavior, because your machine is not a member of that
> > other domain. However, to administer that server, you don't have to use
> VPN.
> > You can TS into that server, which will give you the server console.
> > Or use RWW from your machine and connect from there to the server
desktop.
> >
> > -- 
> > Regards,
> >
> > Marina
> > Microsoft SBS-MVP
> >
> > "Jim Garrett" <jimg_comp@nospam.yahoo.com> schreef in bericht
> > news:%23%23DIY81ZEHA.524@TK2MSFTNGP09.phx.gbl...
> > > Thanks Merv.
> > >
> > > For testing purposes, the laptop I'm using as the VPN client is
sitting
> > > between the external and internal routers. The SBS network is behind
the
> > > internal router and DHCP is handled by the SBS server. The external
> router
> > > is doing DHCP and that is where the VPN client initially gets it's IP
> > > address. The IP ranges are as follows:
> > >
> > > External: 192.168.1.xxx
> > > Internal SBS: 192.168.2.xxx
> > >
> > > The laptop I am using is joined to another domain (lets call that
domain
> > A).
> > > The SBS network is domain B.
> > >
> > > If I take a machine joined to domain B and connect it to the external
> > router
> > > (IP 192.168.1.xxx), I can VPN in to domain B and access all resources
by
> > > name or IP without issue (this includes machines, server, printers,
> etc.).
> > >
> > > When I connect the laptop joined to domain A and connect it to the
> > external
> > > router (IP 192.168.1.xxx) and then VPN in to domain B, the connection
is
> > > successful but I cannot access any resources either by name or IP.
This
> > > includes the SBS server. When I ping the server by IP, the request
times
> > > out. By name, it cannot be found.
> > >
> > > Other potentially helpful information:
> > >
> > > Both routers are doing firewall and NAT. The external router is
> connected
> > to
> > > the internet via cable modem. The internal router is getting it's IP
> from
> > > the external router but DHCP is handled by the SBS server.
> > >
> > > -- 
> > > Jim
> > >
> > > "Merv Porter [SBS-MVP]" <mwport@no_spam_hotmail.com> wrote in message
> > > news:ufdRaguZEHA.1048@tk2msftngp13.phx.gbl...
> > > > Hi Jim:
> > > >
> > > > Maybe I'm not reading your replies correctly, but I'm not sure I see
> > where
> > > > you've answered David's question... Is the IP address range on your
> > > network
> > > > the same as that of your client's network.  If you're internal
network
> > > (LAN)
> > > > is 192.168.2.x and your client's LAN is 192.168.2.x, you're going to
> > have
> > > a
> > > > problem with VPN.  Likewise, if both networks have routers that use
> the
> > > same
> > > > IP range, you may have some problems, depending on what you need to
> do.
> > > >
> > > > If you're doing administrive tasks, then you need access to the SBS
> > > server.
> > > > After you establish a VPN, create an RDC session to the SBS.  From
> > there,
> > > > you can create other RDC sessions to WinXP Pro workstations or fire
up
> > > > something like Netmeeting or VNC to administer workstations with
> earlier
> > > > OS's.  Of course, the workstations will need to be configured for
> > whatever
> > > > method of remote control you choose to use.
> > > >
> > > > --
> > > > Merv  Porter  [SBS MVP]
> > > > ===================================
> > > > "Jim Garrett" <jimg_comp@nospam.yahoo.com> wrote in message
> > > > news:u$kx9UuZEHA.2816@TK2MSFTNGP11.phx.gbl...
> > > > > I've discovered the problem and I'm wondering if there is a way
> around
> > > > this.
> > > > >
> > > > > I have a domain of my own and my machine is joined to it. I've set
> up
> > an
> > > > SBS
> > > > > 2k3 network for a customer and I want to be able to VPN in to that
> > > network
> > > > > for administrative tasks.
> > > > >
> > > > > For the problem that I originally posted, I cannot access
resources
> on
> > > the
> > > > > network because my machine is joined to my network and not the
> network
> > > I'm
> > > > > creating the VPN connection to. A machine joined to the domain,
put
> > > > outside
> > > > > the network and VPN in and access resources without a problem.
> > > > >
> > > > > Is there a way to VPN from a machine joined to another domain and
> > still
> > > > > access resources?
> > > > >
> > > > > Thanks,
> > > > >
> > > > > Jim
> > > > > "Jim Garrett" <jimg_comp@nospam.yahoo.com> wrote in message
> > > > > news:OUt$yFkZEHA.2944@TK2MSFTNGP11.phx.gbl...
> > > > > > David,
> > > > > >
> > > > > > Thanks for the reply.
> > > > > >
> > > > > > The external router is giving addresses in the 192.168.1.xxx
range
> > and
> > > > the
> > > > > > SBS server is giving addresses in the 192.168.2.xxx range so
they
> > are
> > > > > > different.
> > > > > >
> > > > > > As far as accessing resources, after making the VPN connection,
I
> > have
> > > > > > tried
> > > > > > the following:
> > > > > >
> > > > > >> Ping the server by name: Ping request could not find host.
> > > > > >> Ping server by IP: Request timed out. 100% packet loss
> > > > > >> Browse a network share: Windows cannot find '\\share'. Check
> > spelling
> > > > and
> > > > > > try again.
> > > > > >
> > > > > > On the server, if I open the Routing and Remote Access console,
I
> > can
> > > > see
> > > > > > the active connection. I also ran a netmon. I see a successful
> hand
> > > > shake
> > > > > > but the trace of a ping simply shows it hitting my router. I
think
> > the
> > > > > > router is the issue (it's a Netgear FVS318) and will try some
> other
> > > > stuff
> > > > > > to
> > > > > > test.
> > > > > >
> > > > > > Any suggestions?
> > > > > > --
> > > > > > Jim
> > > > > >
> > > > > >
> > > > > >
> > > > > > "David Jones [MSFT]" <dajones@online.microsoft.com> wrote in
> message
> > > > > > news:OOi4r5cZEHA.1000@TK2MSFTNGP12.phx.gbl...
> > > > > >> Hi Jim,
> > > > > >>
> > > > > >> On the LAN this client is on (before connecting the VPN), does
it
> > use
> > > > the
> > > > > >> same IP subnet that the SBS server uses for it's internal
> network?
> > > If
> > > > > >> so,
> > > > > >> you'll need to change one of the two before this will work.
> > > > > >> For example, if your client gets a 192.168.0.xxx address from
its
> > > > router
> > > > > >> before connecting the VPN, and SBS also uses 192.168.0.xxx for
> it's
> > > > > > internal
> > > > > >> network, this will cause the problems you're experiencing.
> > > > > >>
> > > > > >> If those are different, and you're still having this problem,
> could
> > > you
> > > > > > walk
> > > > > >> us through step by step how you attempt to access the
resources,
> > and
> > > > what
> > > > > >> (if any) error messages you get back along the way?
> > > > > >>
> > > > > >> Thanks for posting!
> > > > > >>
> > > > > >> David Jones
> > > > > >> SBS Product Team
> > > > > >>
> > > > > >> --
> > > > > >> This posting is provided "AS IS" with no warranties, and
confers
> no
> > > > > > rights.
> > > > > >>
> > > > > >>
> > > > > >> "Jim Garrett" <jimg_comp@nospam.yahoo.com> wrote in message
> > > > > >> news:e7U7WsbZEHA.2408@tk2msftngp13.phx.gbl...
> > > > > >> > Hello,
> > > > > >> >
> > > > > >> > I'm new to SBS 2003 and to this group so thanks in advance
for
> > any
> > > > > >> > assistance.
> > > > > >> >
> > > > > >> > I'm trying to work out a VPN issue. Because of my particular
> > > > > >> > situation, I'm not able to use the SBS connection manager but
> > > > > >> > instead I'm creating a manual VPN connection in Windows XP. I
> can
> > > > > >> > connect and get authenticated but cannot access any resources
> on
> > > the
> > > > > >> > network. My VPN machine is getting one of the remote access
> > > reserved
> > > > > >> > IP addresses but the subnet is 255.255.255.255 instead of
> > > > > >> > 255.255.255.0 and the default gateway is set to the local
> > machines
> > > > > >> > IP address assigned by the VPN connection.
> > > > > >> >
> > > > > >> > More detail on the setup:
> > > > > >> >
> > > > > >> > > Wireless router connected to the internet
> > > > > >> >           > Wireless VPN client (laptop)
> > > > > >> > > Router in front of internal network
> > > > > >> >           > SBS Server & other network machines/devices
> > > > > >> >
> > > > > >> > I'm using the IP address of the internal router for the VPN
> > > > > >> > connection which forwards to the SBS server. Like I said, I
get
> > > > > >> > authenticated and can see that I have an active session on
the
> > SBS
> > > > > >> > server but cannot access any internal resources.
> > > > > >> >
> > > > > >> > Also, the laptop machine itself is not joined to the internal
> > > domain.
> > > > > >> > It
> > > > > >> is
> > > > > >> > actually joined to another domain. I notice that when testing
> > this
> > > > > > inside
> > > > > >> > the network (from an internal machine), the status box states
> > > > > > "Registering
> > > > > >> > your computer on the network". The laptop does not say that.
> > > > > >> >
> > > > > >> > Ideas?
> > > > > >> >
> > > > > >> > Thanks!
> > > > > >> >
> > > > > >> > Jim
> > > > > >> >
> > > > > >> >
> > > > > >>
> > > > > >>
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • RE: SBS2003 & VPN
    ... VPN connection through your Windows Server-based remote access server ... ISA Server 2000 at the Main and Branch Offices ... | an XP client can I set up a site-2-site VPN with the hardware firewalls? ... |> Based on my experience, to enable the VPN function on the SBS Server, ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN Advice...do I need a purchased static ip address on the external interface?
    ... >> Server then that server must have a been assigned a purchased static IP ... >> if I was to try and use Windows 2000 SBS as the server for the VPN, ... >> If I used a router instead then the router would have this purchased IP ... > supports dynamic dns, then users connect to the dynamic dns name and ...
    (comp.dcom.vpn)
  • Re: vpn probl
    ... not to vpn server, so when workstations needed to reply to the ping requests ... they were trying to respond though their gateway that was the adsl router ... static route 172.16.x..x pointing to vpn remote router in rras, ...
    (microsoft.public.windows.server.networking)
  • Re: Problem
    ... telephoned the office where the server was and asked her to re-boot the ... Once I saw the config of the VPN router there, I knew what to do on the ... on the remote site and see if they have the connection manager installed. ...
    (microsoft.public.windows.server.sbs)
  • Re: Please Help Site-To-Site without ISA
    ... You can configure more than one site to site VPN connection on the ... You set up a new demand-dial interface and configure a new site to ... public IP of the VPN server at the second site on the front. ... to router connection. ...
    (microsoft.public.windows.server.networking)