Re: VPN and remote gateway
From: Bill (nospam_at_nospam.com)
Date: 08/03/04
- Next message: Ray Fong [MSFT]: "RE: OWA"
- Previous message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: IIS lockdown"
- Maybe in reply to: Eric Sun [MSFT]: "Re: VPN and remote gateway"
- Next in thread: Eric Sun [MSFT]: "Re: VPN and remote gateway"
- Reply: Eric Sun [MSFT]: "Re: VPN and remote gateway"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 3 Aug 2004 15:52:21 -0400
Yes thats clear. But what benefit do I get from setting this static route?
Bill
""Eric Sun [MSFT]"" <v-ericsu@online.microsoft.com> wrote in message
news:A4zkfamdEHA.3204@cpmsftngxa10.phx.gbl...
> It seems you use the wrong route add command.
>
> Firstly, per the KB317025, the Static IP address pool for the VPN client
should be on the different network segment of the local
> LAN.
>
> For example: your original LAN on the SBS server is 192.168.0.0 with mask
255.255.255.0. You could use 192.168.10.1 - 192.168.10.10
> as static IP address pool. Then, the route add command should be:
>
> route -p add 192.168.0.0 mask 255.255.255.0 192.168.10.1
>
> Is that clear for you? If not, please feel free to let me know.
>
> After the route record is successfully added, please try to test this
issue again. if it still not work, please let me know the route table
> when the VPN connection is established.
>
> Best Regards,
>
> Eric Sun,
> MCSE2000 / MSCA / MCDBA
> Microsoft Partner Support Professional
>
> Get Secure! - www.microsoft.com/security
>
> =====================================================
> When responding to posts, please "Reply to Group" via
> your newsreader so that others may learn and benefit
> from your issue.
> =====================================================
>
> This posting is provided "AS IS" with no warranties, and confers no rights
> --------------------
> | From: "Bill" <nospam@nospam.com>
> | References: <#iG6K9LdEHA.3704@TK2MSFTNGP09.phx.gbl>
<bmL5jmUdEHA.3912@cpmsftngxa10.phx.gbl>
> | Subject: Re: VPN and remote gateway
> | Date: Thu, 29 Jul 2004 10:30:26 -0400
> | Lines: 125
> | X-Priority: 3
> | X-MSMail-Priority: Normal
> | X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
> | Message-ID: <#EdVaiXdEHA.3512@TK2MSFTNGP12.phx.gbl>
> | Newsgroups: microsoft.public.windows.server.sbs
> | NNTP-Posting-Host: 64.74.146.100
> | Path:
cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA02.phx.gbl!cpmsftngxa0
6.phx.gbl!TK2MSFTNGP08.phx.gbl!
> TK2MSFTNGP12.phx.gbl
> | Xref: cpmsftngxa10.phx.gbl microsoft.public.windows.server.sbs:91486
> | X-Tomcat-NG: microsoft.public.windows.server.sbs
> |
> | Well that looked like a great answer and I thank you very much but...
After
> | changing Gateway_On_Remote=1 to Gateway_On_Remote=0 it still seems that
I am
> | using the remote network as my gateway. To test I am doing a traceroute
and
> | watching the hops. I have tried this on two machines. An XP Pro and a
W2k
> | Pro. I have also verified this by connecting to an client/server app
that we
> | have and the IP showing from the client is the IP of the VPN server. Now
if
> | I use the VPN connection that I set up manually that is setup to not use
the
> | remote gateway it does not use it. All internet traffic is from local
> | gateway (Broadband connect) running the same tests. So it seems that
> | something else needs to be changed locally? Any other suggestions? BTW I
did
> | enable TCP/IP forwarding on the server as per
> |
http://support.microsoft.com/default.aspx?scid=kb;en-us;323339&Product=winsvr2003
> | but when setting up the static route locally seems to fail. The static
IP
> | pool for the server is 10.0.0.3 -10.0.0.100 , IP 10.0.0.0 mask
> | 255.255.255.128 so on the client I run
> |
> | route -p add 10.0.0.0 mask 255.255.255.128 10.0.0.3
> |
> | and I get
> |
> | "The route addition failed: Either the interface index is wrong or the
> | gateway does not lie on the same network as the interface. Check the IP
> | Address Table for the machine."
> |
> | Any additional help would be great!
> |
> | Bill
> |
> | ""Eric Sun [MSFT]"" <v-ericsu@online.microsoft.com> wrote in message
> | news:bmL5jmUdEHA.3912@cpmsftngxa10.phx.gbl...
> | > Hi Bill,
> | >
> | > Thanks for posting herer.
> | >
> | > It appears that you are using Connection Manager in SBS 2003. In order
to
> | provide higher security, Connection Manager does not
> | > have the option to display this option. To change this setting, we
need to
> | edit the configuration file. Please try the following:
> | >
> | > 1. Locate the following folder:
> | >
> | > C:\Documents and Settings\<username>\Application
> | Data\Microsoft\Network\Connections\Cm\remote\
> | >
> | > 2. Use Notepad to open the remote.cms file. It is in plain text
format.
> | >
> | > 3. Locate Gateway_On_Remote
> | >
> | > 4. Change Gateway_On_Remote=1 to Gateway_On_Remote=0
> | >
> | > 5. Save this file.
> | >
> | > 6. Reconnect with Connection Manager and the default gateway will be
> | changed.
> | >
> | > In addition, you may have a look at the following KB article:
> | >
> | > 317025 You Cannot Connect to the Internet After You Connect to a VPN
> | Server
> | > http://support.microsoft.com/?id=317025
> | >
> | > Hope that helps.
> | >
> | > Best Regards,
> | >
> | > Eric Sun,
> | > MCSE2000 / MSCA / MCDBA
> | > Microsoft Partner Support Professional
> | >
> | > Get Secure! - www.microsoft.com/security
> | >
> | > =====================================================
> | > When responding to posts, please "Reply to Group" via
> | > your newsreader so that others may learn and benefit
> | > from your issue.
> | > =====================================================
> | >
> | > This posting is provided "AS IS" with no warranties, and confers no
rights
> | > --------------------
> | > | From: "Bill" <nospam@nospam.com>
> | > | Subject: VPN and remote gateway
> | > | Date: Wed, 28 Jul 2004 12:24:00 -0400
> | > | Lines: 16
> | > | X-Priority: 3
> | > | X-MSMail-Priority: Normal
> | > | X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
> | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
> | > | Message-ID: <#iG6K9LdEHA.3704@TK2MSFTNGP09.phx.gbl>
> | > | Newsgroups: microsoft.public.windows.server.sbs
> | > | NNTP-Posting-Host: 69-164-73-139.lndnnh.adelphia.net 69.164.73.139
> | > | Path:
> |
cpmsftngxa10.phx.gbl!TK2MSFTFEED01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09
> | .phx.gbl
> | > | Xref: cpmsftngxa10.phx.gbl microsoft.public.windows.server.sbs:91147
> | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
> | > |
> | > | How can I set the VPN connections to NOT use the default gateway on
the
> | > | remote network. I want the remote users to use their own internet
> | connection
> | > | for internet access and not the SBS servers connection. I know if
you
> | create
> | > | a VPN connection manually it has an option to not use the remote
gateway
> | but
> | > | when I create them manually they always fail to connect. The
> | sbspackage.exe
> | > | creates a VPN connection that works everytime BUT it does not have
the
> | same
> | > | options under the "Properties" menu as a normal VPN connection and
does
> | not
> | > | have an option to NOT use the remote gateway. I know of the security
> | risks
> | > | of allowing connections via VPN while still having an internet
> | connection
> | > | all users are already behind firewalls and NAT.
> | > |
> | > | Thank you
> | > |
> | > | Bill
> | > |
> | > |
> | > |
> | >
> | >
> |
> |
> |
>
>
- Next message: Ray Fong [MSFT]: "RE: OWA"
- Previous message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: IIS lockdown"
- Maybe in reply to: Eric Sun [MSFT]: "Re: VPN and remote gateway"
- Next in thread: Eric Sun [MSFT]: "Re: VPN and remote gateway"
- Reply: Eric Sun [MSFT]: "Re: VPN and remote gateway"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
