Re: Site VPN between SBS 2003 and Windows 2003/ISA 2004
From: Ray Collins (ray.collins_at_nospambigpond.com)
Date: 02/20/05
- Next message: Real John: "service pack/critical updates ->blue screen?"
- Previous message: Hollis D. Paul: "Re: WUS"
- In reply to: David Copeland [MSFT]: "Re: Site VPN between SBS 2003 and Windows 2003/ISA 2004"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 21 Feb 2005 08:22:28 +1100
Hi David,
1. Yes ISA 2000 is installed and the internal subnets are in the LAT. But
on the SBS server (ISA 2000) when you ping the other subnet it goes out via
the normal internet connection and fails rather than going via the VPN.
Yes there is a static route in RRAS pointing to the DOD interface for that
subnet. The SBS IP are the standard 192.168.x.x, the new site internal
addresses are 172.31.x.x.
2. The clients are pointing the their respective servers as the gateway
3. Had a long fight getting the ports open in ISA 2004, this new secure by
default is a bitch. :-)
4. Network Neighbourhood browsing, Internet (web) browsing is fine. WINS is
setup, will check the supplied article.
Regarding #2
Yes they are both DOD, I will check the settings, but why would this
behaviour cause RRAS to lock up on the ISA 2004 box ?
Thanks for the suggestions.
"David Copeland [MSFT]" <davidcop@online.microsoft.com> wrote in message
news:ea9dej3FFHA.548@TK2MSFTNGP14.phx.gbl...
> Ray,
>
> Some things to look at
>
> Regarding #1..
>
> 1) Does the SBS server have ISA 2000 installed on it? If so, make sure
> that all internal subnets are included in the ISA LAT table.
> 2) Make sure that the clients on both subnets are either pointing their
> default gateways to their respective servers, or have a static route for
> the subnet at the other location, or the router that they are pointing the
> default gateway to has a route to go to the other subnet via the local
> server's internal IP.
> 3) Verify that the access rules on the ISA 2004 server are allowing the
> type of traffic you are attempting to do.. (can check in ISA 2004's
> monitoring to see if it's being blocked)
> 4) When you say the the server can connect to shares but no browsing.. is
> that Web browsing from IE on the server or Network Neighborhood type
> browsing? If you are referring to web browsing from the server then
> something you may want to try on both servers.. Create a vpn connectoid
> with the same name as the DOD connection.. then go into IE Tools/Internet
> Options/Connections tab and select the VPN connectoid and then click on
> the settings button.. specify the appropriate proxy server settings.. Ok
> out of the dialog and then attempt to browse the web.. If you are
> referring to Network Neighborhood browsing.. then I'd suggest taking a
> look at the following article that discusses how browsing works on a WAN
> with WINS.. You will want to make sure that all of the machines resolve
> the server's name to their respective internal IP address..
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;120151
>
> 5) For troubleshooting the clients.. I'd start with the basics (if you
> haven't already) and start pinging various IP addresses and/or traceroute
> 'ing to see how far the packets go before it gets a timeout or some kind
> of error (if one occurs)
>
>
> Regarding #2
>
> I'm assuming that both sides are using demand dial interfaces (DOD).. If
> so, you might want to set one of the dod's to a persistent connection and
> then on the other configure it to not redial.. Curious, why the interface
> would be attempting to dial if it's already connected though?
>
>
> --
>
> Hope that helps,
> David Copeland
> Microsoft Small Business Server Support
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
> SBS Newsgroups:
>
> SBS v4.x: microsoft.public.backoffice.smallbiz
> SBS 2000: microsoft.public.backoffice.smallbiz2000
> SBS 2003: microsoft.public.windows.server.sbs
>
> "Ray Collins" <ray.collins@nospambigpond.com> wrote in message
> news:unHx9c1FFHA.3928@TK2MSFTNGP15.phx.gbl...
>> Hi,
>>
>> Our main Office is SBS 2003, we have a new branch site that is Windows
>> 2003 Std and ISA 2004. I have setup the VPN by following the steps in
>> this guide http://www.isaserver.org/articles/2004s2s2000.html.
>>
>> I have two issues:
>>
>> 1. The ISA 2004 site can connect to SBS, the server can connect to shares
>> in the SBS site but no browsing. The workstation can't do anything !
>>
>> 2. If the SBS server initiates the connection while the ISA 2004 server
>> already has one the SBS RRAS gives error "An error occurred during
>> connection of the interface. The modem (or other connecting device) has
>> reported an error."
>> When this happens the RRAS on the ISA2004 server locks up and the server
>> has to be powered off and on (shut down doesn't work).
>>
>> Any suggestions ?
>>
>
>
- Next message: Real John: "service pack/critical updates ->blue screen?"
- Previous message: Hollis D. Paul: "Re: WUS"
- In reply to: David Copeland [MSFT]: "Re: Site VPN between SBS 2003 and Windows 2003/ISA 2004"
- Messages sorted by: [ date ] [ thread ]
