Re: VPN and remote gateway

From: Eric Sun [MSFT] (v-ericsu_at_online.microsoft.com)
Date: 08/04/04

• Next message: Devendra Deshmukh: "Re: EMAIL FORWARDING NOT WORKING"
• Previous message: Axel Larson: "Re: VSSADMIN.EXE"
• In reply to: Bill: "Re: VPN and remote gateway"
• Messages sorted by: [ date ] [ thread ]

Date: Wed, 04 Aug 2004 01:40:09 GMT

Hi Bill,

Per the KB 317025 You Cannot Connect to the Internet After You Connect to a VPN Server - http://support.microsoft.com/?id=
317025, we could know that if you use local gateway, your internet connection will not be a problem, but, you could not access your
remote network since there is no route between you computer and your remote company network. So, this route should be added to
allow the communication of VPN.

Regarding your Outlook, after the static route is added, it will connect to your network fine. In addition, you could use RPC over
HTTP on the internet to connect your Outlook to your company.

833401 How to configure RPC over HTTP on a single server in Exchange Server 2003
http://support.microsoft.com/?id=833401

Best Regards,

Eric Sun,
MCSE2000 / MSCA / MCDBA
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights
--------------------
| From: "Bill" <nospam@nospam.com>
| References: <#iG6K9LdEHA.3704@TK2MSFTNGP09.phx.gbl> <bmL5jmUdEHA.3912@cpmsftngxa10.phx.gbl> <#EdVaiXdEHA.3512
@TK2MSFTNGP12.phx.gbl> <A4zkfamdEHA.3204@cpmsftngxa10.phx.gbl>
| Subject: Re: VPN and remote gateway
| Date: Tue, 3 Aug 2004 15:52:21 -0400
| Lines: 210
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
| Message-ID: <O31$kNZeEHA.592@TK2MSFTNGP11.phx.gbl>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: 69-164-73-139.lndnnh.adelphia.net 69.164.73.139
| Path: cpmsftngxa10.phx.gbl!TK2MSFTFEED01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
| Xref: cpmsftngxa10.phx.gbl microsoft.public.windows.server.sbs:93082
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Yes thats clear. But what benefit do I get from setting this static route?
|
| Bill
|
| ""Eric Sun [MSFT]"" <v-ericsu@online.microsoft.com> wrote in message
| news:A4zkfamdEHA.3204@cpmsftngxa10.phx.gbl...
| > It seems you use the wrong route add command.
| >
| > Firstly, per the KB317025, the Static IP address pool for the VPN client
| should be on the different network segment of the local
| > LAN.
| >
| > For example: your original LAN on the SBS server is 192.168.0.0 with mask
| 255.255.255.0. You could use 192.168.10.1 - 192.168.10.10
| > as static IP address pool. Then, the route add command should be:
| >
| > route -p add 192.168.0.0 mask 255.255.255.0 192.168.10.1
| >
| > Is that clear for you? If not, please feel free to let me know.
| >
| > After the route record is successfully added, please try to test this
| issue again. if it still not work, please let me know the route table
| > when the VPN connection is established.
| >
| > Best Regards,
| >
| > Eric Sun,
| > MCSE2000 / MSCA / MCDBA
| > Microsoft Partner Support Professional
| >
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > When responding to posts, please "Reply to Group" via
| > your newsreader so that others may learn and benefit
| > from your issue.
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no rights
| > --------------------
| > | From: "Bill" <nospam@nospam.com>
| > | References: <#iG6K9LdEHA.3704@TK2MSFTNGP09.phx.gbl>
| <bmL5jmUdEHA.3912@cpmsftngxa10.phx.gbl>
| > | Subject: Re: VPN and remote gateway
| > | Date: Thu, 29 Jul 2004 10:30:26 -0400
| > | Lines: 125
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
| > | Message-ID: <#EdVaiXdEHA.3512@TK2MSFTNGP12.phx.gbl>
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | NNTP-Posting-Host: 64.74.146.100
| > | Path:
| cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA02.phx.gbl!cpmsftngxa0
| 6.phx.gbl!TK2MSFTNGP08.phx.gbl!
| > TK2MSFTNGP12.phx.gbl
| > | Xref: cpmsftngxa10.phx.gbl microsoft.public.windows.server.sbs:91486
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | Well that looked like a great answer and I thank you very much but...
| After
| > | changing Gateway_On_Remote=1 to Gateway_On_Remote=0 it still seems that
| I am
| > | using the remote network as my gateway. To test I am doing a traceroute
| and
| > | watching the hops. I have tried this on two machines. An XP Pro and a
| W2k
| > | Pro. I have also verified this by connecting to an client/server app
| that we
| > | have and the IP showing from the client is the IP of the VPN server. Now
| if
| > | I use the VPN connection that I set up manually that is setup to not use
| the
| > | remote gateway it does not use it. All internet traffic is from local
| > | gateway (Broadband connect) running the same tests. So it seems that
| > | something else needs to be changed locally? Any other suggestions? BTW I
| did
| > | enable TCP/IP forwarding on the server as per
| > |
| http://support.microsoft.com/default.aspx?scid=kb;en-us;323339&Product=winsvr2003
| > | but when setting up the static route locally seems to fail. The static
| IP
| > | pool for the server is 10.0.0.3 -10.0.0.100 , IP 10.0.0.0 mask
| > | 255.255.255.128 so on the client I run
| > |
| > | route -p add 10.0.0.0 mask 255.255.255.128 10.0.0.3
| > |
| > | and I get
| > |
| > | "The route addition failed: Either the interface index is wrong or the
| > | gateway does not lie on the same network as the interface. Check the IP
| > | Address Table for the machine."
| > |
| > | Any additional help would be great!
| > |
| > | Bill
| > |
| > | ""Eric Sun [MSFT]"" <v-ericsu@online.microsoft.com> wrote in message
| > | news:bmL5jmUdEHA.3912@cpmsftngxa10.phx.gbl...
| > | > Hi Bill,
| > | >
| > | > Thanks for posting herer.
| > | >
| > | > It appears that you are using Connection Manager in SBS 2003. In order
| to
| > | provide higher security, Connection Manager does not
| > | > have the option to display this option. To change this setting, we
| need to
| > | edit the configuration file. Please try the following:
| > | >
| > | > 1. Locate the following folder:
| > | >
| > | > C:\Documents and Settings\<username>\Application
| > | Data\Microsoft\Network\Connections\Cm\remote\
| > | >
| > | > 2. Use Notepad to open the remote.cms file. It is in plain text
| format.
| > | >
| > | > 3. Locate Gateway_On_Remote
| > | >
| > | > 4. Change Gateway_On_Remote=1 to Gateway_On_Remote=0
| > | >
| > | > 5. Save this file.
| > | >
| > | > 6. Reconnect with Connection Manager and the default gateway will be
| > | changed.
| > | >
| > | > In addition, you may have a look at the following KB article:
| > | >
| > | > 317025 You Cannot Connect to the Internet After You Connect to a VPN
| > | Server
| > | > http://support.microsoft.com/?id=317025
| > | >
| > | > Hope that helps.
| > | >
| > | > Best Regards,
| > | >
| > | > Eric Sun,
| > | > MCSE2000 / MSCA / MCDBA
| > | > Microsoft Partner Support Professional
| > | >
| > | > Get Secure! - www.microsoft.com/security
| > | >
| > | > =====================================================
| > | > When responding to posts, please "Reply to Group" via
| > | > your newsreader so that others may learn and benefit
| > | > from your issue.
| > | > =====================================================
| > | >
| > | > This posting is provided "AS IS" with no warranties, and confers no
| rights
| > | > --------------------
| > | > | From: "Bill" <nospam@nospam.com>
| > | > | Subject: VPN and remote gateway
| > | > | Date: Wed, 28 Jul 2004 12:24:00 -0400
| > | > | Lines: 16
| > | > | X-Priority: 3
| > | > | X-MSMail-Priority: Normal
| > | > | X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
| > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
| > | > | Message-ID: <#iG6K9LdEHA.3704@TK2MSFTNGP09.phx.gbl>
| > | > | Newsgroups: microsoft.public.windows.server.sbs
| > | > | NNTP-Posting-Host: 69-164-73-139.lndnnh.adelphia.net 69.164.73.139
| > | > | Path:
| > |
| cpmsftngxa10.phx.gbl!TK2MSFTFEED01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09
| > | .phx.gbl
| > | > | Xref: cpmsftngxa10.phx.gbl microsoft.public.windows.server.sbs:91147
| > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | > |
| > | > | How can I set the VPN connections to NOT use the default gateway on
| the
| > | > | remote network. I want the remote users to use their own internet
| > | connection
| > | > | for internet access and not the SBS servers connection. I know if
| you
| > | create
| > | > | a VPN connection manually it has an option to not use the remote
| gateway
| > | but
| > | > | when I create them manually they always fail to connect. The
| > | sbspackage.exe
| > | > | creates a VPN connection that works everytime BUT it does not have
| the
| > | same
| > | > | options under the "Properties" menu as a normal VPN connection and
| does
| > | not
| > | > | have an option to NOT use the remote gateway. I know of the security
| > | risks
| > | > | of allowing connections via VPN while still having an internet
| > | connection
| > | > | all users are already behind firewalls and NAT.
| > | > |
| > | > | Thank you
| > | > |
| > | > | Bill
| > | > |
| > | > |
| > | > |
| > | >
| > | >
| > |
| > |
| > |
| >
| >
|
|
|

• Next message: Devendra Deshmukh: "Re: EMAIL FORWARDING NOT WORKING"
• Previous message: Axel Larson: "Re: VSSADMIN.EXE"
• In reply to: Bill: "Re: VPN and remote gateway"
• Messages sorted by: [ date ] [ thread ]

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint