Re: VPN and remote gateway

From: Eric Sun [MSFT] (v-ericsu_at_online.microsoft.com)
Date: 07/31/04 

Date: Sun, 1 Aug 2004 01:03:39 +0800

A couple of more things may help on this issue.

Since the remote.cms file contains several section which may take effect in
different situation, there are sevral same parameters named
Gateway_On_Remote. They are in the below section:

[TCP/IP&sbs Tunnel]

[TCP/IP&sbs]

[TCP/IP&Connect to Small Business Server Tunnel]

[TCP/IP&Connect to Small Business Server]

The parameter you should modify is in the [TCP/IP&Connect to Small Business
Server Tunnel] section. Did you configure it correctly? To ensure that you
have the corrent settings, you could modify this parameter in all four
sections.

Hope that also helps. 

-- 
Best Regards,
Eric Sun,
MCSE2000 / MSCA / MCDBA
Microsoft Partner Support Professional
Get Secure! - www.microsoft.com/security
===============================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
===============================================
This posting is provided "AS IS" with no warranties, and confers no rights
""Eric Sun [MSFT]"" <v-ericsu@online.microsoft.com> дÈëÓʼþ
news:A4zkfamdEHA.3204@cpmsftngxa10.phx.gbl...
> It seems you use the wrong route add command.
>
> Firstly, per the KB317025, the Static IP address pool for the VPN client
should be on the different network segment of the local
> LAN.
>
> For example: your original LAN on the SBS server is 192.168.0.0 with mask
255.255.255.0. You could use 192.168.10.1 - 192.168.10.10
> as static IP address pool. Then, the route add command should be:
>
> route -p add 192.168.0.0 mask 255.255.255.0 192.168.10.1
>
> Is that clear for you? If not, please feel free to let me know.
>
> After the route record is successfully added, please try to test this
issue again. if it still not work, please let me know the route table
> when the VPN connection is established.
>
> Best Regards,
>
> Eric Sun,
> MCSE2000 / MSCA / MCDBA
> Microsoft Partner Support Professional
>
> Get Secure! - www.microsoft.com/security
>
> =====================================================
> When responding to posts, please "Reply to Group" via
> your newsreader so that others may learn and benefit
> from your issue.
> =====================================================
>
> This posting is provided "AS IS" with no warranties, and confers no rights
> --------------------
> | From: "Bill" <nospam@nospam.com>
> | References: <#iG6K9LdEHA.3704@TK2MSFTNGP09.phx.gbl>
<bmL5jmUdEHA.3912@cpmsftngxa10.phx.gbl>
> | Subject: Re: VPN and remote gateway
> | Date: Thu, 29 Jul 2004 10:30:26 -0400
> | Lines: 125
> | X-Priority: 3
> | X-MSMail-Priority: Normal
> | X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
> | Message-ID: <#EdVaiXdEHA.3512@TK2MSFTNGP12.phx.gbl>
> | Newsgroups: microsoft.public.windows.server.sbs
> | NNTP-Posting-Host: 64.74.146.100
> | Path:
cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA02.phx.gbl!cpmsftngxa0
6.phx.gbl!TK2MSFTNGP08.phx.gbl!
> TK2MSFTNGP12.phx.gbl
> | Xref: cpmsftngxa10.phx.gbl microsoft.public.windows.server.sbs:91486
> | X-Tomcat-NG: microsoft.public.windows.server.sbs
> |
> | Well that looked like a great answer and I thank you very much but...
After
> | changing Gateway_On_Remote=1 to Gateway_On_Remote=0 it still seems that
I am
> | using the remote network as my gateway. To test I am doing a traceroute
and
> | watching the hops. I have tried this on two machines. An XP Pro and a
W2k
> | Pro. I have also verified this by connecting to an client/server app
that we
> | have and the IP showing from the client is the IP of the VPN server. Now
if
> | I use the VPN connection that I set up manually that is setup to not use
the
> | remote gateway it does not use it. All internet traffic is from local
> | gateway (Broadband connect) running the same tests. So it seems that
> | something else needs to be changed locally? Any other suggestions? BTW I
did
> | enable TCP/IP forwarding on the server as per
> |
http://support.microsoft.com/default.aspx?scid=kb;en-us;323339&Product=winsvr2003
> | but when setting up the static route locally seems to fail. The static
IP
> | pool for the server is 10.0.0.3 -10.0.0.100 , IP 10.0.0.0 mask
> | 255.255.255.128 so on the client I run
> |
> | route -p add 10.0.0.0 mask 255.255.255.128 10.0.0.3
> |
> | and I get
> |
> | "The route addition failed: Either the interface index is wrong or the
> | gateway does not lie on the same network as the interface. Check the IP
> | Address Table for the machine."
> |
> | Any additional help would be great!
> |
> | Bill
> |
> | ""Eric Sun [MSFT]"" <v-ericsu@online.microsoft.com> wrote in message
> | news:bmL5jmUdEHA.3912@cpmsftngxa10.phx.gbl...
> | > Hi Bill,
> | >
> | > Thanks for posting herer.
> | >
> | > It appears that you are using Connection Manager in SBS 2003. In order
to
> | provide higher security, Connection Manager does not
> | > have the option to display this option. To change this setting, we
need to
> | edit the configuration file. Please try the following:
> | >
> | > 1. Locate the following folder:
> | >
> | > C:\Documents and Settings\<username>\Application
> | Data\Microsoft\Network\Connections\Cm\remote\
> | >
> | > 2. Use Notepad to open the remote.cms file. It is in plain text
format.
> | >
> | > 3. Locate Gateway_On_Remote
> | >
> | > 4. Change Gateway_On_Remote=1 to Gateway_On_Remote=0
> | >
> | > 5. Save this file.
> | >
> | > 6. Reconnect with Connection Manager and the default gateway will be
> | changed.
> | >
> | > In addition, you may have a look at the following KB article:
> | >
> | > 317025 You Cannot Connect to the Internet After You Connect to a VPN
> | Server
> | > http://support.microsoft.com/?id=317025
> | >
> | > Hope that helps.
> | >
> | > Best Regards,
> | >
> | > Eric Sun,
> | > MCSE2000 / MSCA / MCDBA
> | > Microsoft Partner Support Professional
> | >
> | > Get Secure! - www.microsoft.com/security
> | >
> | > =====================================================
> | > When responding to posts, please "Reply to Group" via
> | > your newsreader so that others may learn and benefit
> | > from your issue.
> | > =====================================================
> | >
> | > This posting is provided "AS IS" with no warranties, and confers no
rights
> | > --------------------
> | > | From: "Bill" <nospam@nospam.com>
> | > | Subject: VPN and remote gateway
> | > | Date: Wed, 28 Jul 2004 12:24:00 -0400
> | > | Lines: 16
> | > | X-Priority: 3
> | > | X-MSMail-Priority: Normal
> | > | X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
> | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
> | > | Message-ID: <#iG6K9LdEHA.3704@TK2MSFTNGP09.phx.gbl>
> | > | Newsgroups: microsoft.public.windows.server.sbs
> | > | NNTP-Posting-Host: 69-164-73-139.lndnnh.adelphia.net 69.164.73.139
> | > | Path:
> |
cpmsftngxa10.phx.gbl!TK2MSFTFEED01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09
> | .phx.gbl
> | > | Xref: cpmsftngxa10.phx.gbl microsoft.public.windows.server.sbs:91147
> | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
> | > |
> | > | How can I set the VPN connections to NOT use the default gateway on
the
> | > | remote network. I want the remote users to use their own internet
> | connection
> | > | for internet access and not the SBS servers connection. I know if
you
> | create
> | > | a VPN connection manually it has an option to not use the remote
gateway
> | but
> | > | when I create them manually they always fail to connect. The
> | sbspackage.exe
> | > | creates a VPN connection that works everytime BUT it does not have
the
> | same
> | > | options under the "Properties" menu as a normal VPN connection and
does
> | not
> | > | have an option to NOT use the remote gateway. I know of the security
> | risks
> | > | of allowing connections via VPN while still having an internet
> | connection
> | > | all users are already behind firewalls and NAT.
> | > |
> | > | Thank you
> | > |
> | > | Bill
> | > |
> | > |
> | > |
> | >
> | >
> |
> |
> |
>
>

Relevant Pages

  • RE: Non-domain connection problem
    ... The connection is not a MS VPN connection. ... I talked to Symantec and there defaults are to use the remote gateway. ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN and XP SP2 woes
    ... I connected VPN, default gateway box Checked, and got a route print. ... Nothing is going over my VPN connection. ... >>> traffic in to the corporate network. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: 1 NIC Windows 2003 Domain; 1 Wireless NIC to Internet - Cant get both working
    ... >and also needs to use a Wireless NIC to connect to the Internet ... Each connection can specify a default gateway, ... and ittue the command 'route print' when both are ...
    (microsoft.public.windowsxp.network_web)
  • Re: 1 NIC Windows 2003 Domain; 1 Wireless NIC to Internet - Cant get both working
    ... >and also needs to use a Wireless NIC to connect to the Internet ... Each connection can specify a default gateway, ... and ittue the command 'route print' when both are ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN and LAN gateway casuing problem to get to internet
    ... assign the gateway on the WAN NIC2 card and remove the LAN Gateway. ... Wan, the local PCs can access the internet, but the VPN connection will not ... Name resulotion on VPN Connection issues on DC, ISA, DNS and WINS server as VPN server How to assign DNS and WINS on VPN client manually Name resolution Issue in a VPN client ... ...
    (microsoft.public.windows.server.networking)