RE: 2 router to internal sbs std network
- From: "rpaverd" <rpaverd@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 7 Apr 2005 02:05:02 -0700
Mike,
That identifies the first part of the problem. From yopur description, it
appaers that you have set up a firewall (ISA server) on your internal network.
Normally when setting up the firewall on SBS 2003, the external NIC would
have the public (internet) IP address (for example 68.54.128.29) and the
internal NIC would have a private address (in your instance, this would be
192.168.0.2 - if 192.168.0.1 was your router - and all your PCs would be in
this IP address range).
Given that you are using VPN routers which almost always have fairly good
firewall functionality, my suggestion would be to use these as your firewall
protection and change the server back to using a single NIC. You don't need
to change your IP address range on SBS 2003, just change the internal IP
address of your vpn router to 192.168.16.1
Your vpn routers are then providing firewall functionality and secure
connectivity between the two networks is provided by the vpn tunnel - and all
devices should be able to ping all other devices.
I am not certain about the possibility of configuring ISA server to open the
remote address range. Possibly somene with more ISA expertise could assist.
We do have specialists like that in our consulting company, but they would
need to be billed out to resolve this type of problem.
Unless you really need the ISA firewall, I would try my recommendations as
above.
Good luck
Richard
"mike" wrote:
> Hi!
>
> I forgot to tell you that from the remote site i cant ping the
> server(192.168.16.2) but from the main office once the router to router
> establish a vpn i can ping the remote computers(192.168.2.XXX). On my sbs2003
> in using 2 nics.
>
> and one ont thing from the remote site i can ping the main office
> router(192.168.0.1) and back and forth(main office router ping>>>remote
> office router>>>main office router) but not the sbs2003 internal ip or client
> pc's (192.168.16.2).
>
> what do you think? do i need to configure the server to accept the
> 192.168.2.XXX?
>
> thanks
>
> "rpaverd" wrote:
>
> > SBS2003 is great - very friendly and you don't need to do much with it!
> >
> > First step, (even before you set up static routes which, on second thoughts,
> > we might not need!) is to see if we can communicate cleanly with your sbs2003
> > server across the vpn. To do this, set up a PC at the remote site with static
> > IP in the remote site address range, gateway of the remote router IP address
> > and DNS and WINS with the SBS server IP address (in the main office address
> > range).
> >
> > In a browser window, at that remote PC, type in the address
> > http://servername/connectcomputer and install as if it were a local PC. If
> > errors, let me know
> >
> > If it completes fully, then log in and open a browser to http://Companyweb.
> > If that does not open, let me know the error message.
> >
> > Richard
> >
> >
> > "mike" wrote:
> >
> > > can you teach me how to do it step by step and where in sbs2003? kinda new
> > > here..
> > >
> > > router to router vpn has no problen... i can ping all machines wherever i am
> > >
> > > thanks
> > >
> > > "rpaverd" wrote:
> > >
> > > > Mike,
> > > >
> > > > Assuming you have your VPN set up correctly, all your Ip addresses in your
> > > > remote location should be visible to the main office location - that is, you
> > > > can ping all PCs from both locations, you may need to set up static routes
> > > > for the remote site to communicate with the main office.
> > > >
> > > > Therefore, assuming main office address range is 10.0.120.x with router at
> > > > 10.0.120.1 and remote office range is 192.168.120.x with router at
> > > > 192.168.120.1 you should add the static routes 10.0.120.0 255.255.255.0
> > > > 192.168.120.1 to your remote office router and 192.168.20.0 255.255.255.0
> > > > 10.0.120.1 to the main office router.
> > > >
> > > > This is dependent on the type of LAN to LAN VPN you have set up..
> > > >
> > > > You may have to change your IIS settings to allow users on the 192.168.120
> > > > network to access companyweb.
> > > >
> > > > DHCP will not work across a routed connection therefore the remote site IP
> > > > addresses will need to be allocated by your router, but remember to retain
> > > > the server IP address for DNS
> > > >
> > > > Have fun,
> > > >
> > > > good luck
> > > >
> > > >
> > > > "mike" wrote:
> > > >
> > > > > Im able to connect to router to router(main office to remote site) but how is
> > > > > it done that i want my network to see it only one big network and i want to
> > > > > use the log on screen with out using the xp VPN( i just want to use the
> > > > > router to router vpn)
> > > > >
> > > > > thanks
.
- Follow-Ups:
- RE: 2 router to internal sbs std network
- From: mike
- RE: 2 router to internal sbs std network
- References:
- 2 router to internal sbs std network
- From: mike
- RE: 2 router to internal sbs std network
- From: rpaverd
- RE: 2 router to internal sbs std network
- From: mike
- RE: 2 router to internal sbs std network
- From: rpaverd
- RE: 2 router to internal sbs std network
- From: mike
- 2 router to internal sbs std network
- Prev by Date: Re: OMA Error
- Next by Date: Re: Web Server & OWA
- Previous by thread: RE: 2 router to internal sbs std network
- Next by thread: RE: 2 router to internal sbs std network
- Index(es):
Relevant Pages
|
