Re: VPN login using hardware based VPN/ firewall device - cannot reach SBS internal network
- From: Joe <joe@xxxxxxxxxxxxxx>
- Date: Fri, 13 May 2005 19:44:43 +0100
Rob Sassamon wrote:
L.S.
I have got and issue were I cannot find a solution for nor is mentioned on any forum (as far as a 48 hour search brought me)
I choose a hardware based firewall/VPN (bradn hotbrick) instead of the software based firewall VPN possibilities in SBS 2003.
Usind the SBS VPN (over PPTP) I can perfectly do everything I want on my remote network (in which the SBS2003 is situated)
Now I am trying to reach the same situation with the hardware based firewall. Her an overviw of my topology:
LOCATION 1 LOCATION 2
SBS 2003 VPN/firewall (device) modem/router client
192.168.18.2/192.168.2.6 ----192.168.2.1/x.x.x.x--WAN(internet)--x.x.x.x / 192.168.1.254---192.168.1.35
two things happen trying to reach SBS2003 over the hardware based VPN. I can ping 192.168.2.1 and I can access all services like Outlook Web Access, Remote Server Manegement (RDP over terminal server).
Presumably you meant 192.168.2.6?
I cannot ping anything in the 192.168.18.x range (i ve already trie working with static routes in the SBS2003 ans in my VPN device (Hotbrick) nor can I get to \\servername to view the (shared)folder. It is also not possible to ping/reach clients behid the SBS2003 in the 192.168.18.x range.
When I try command: NET VIEW \\192.168.2.6 (which would be the WAN port of the SBS2003) I get Systemerror 5 - Access denied.
Is there somebody who can help me in this matter. My guess is that the standard security settings of SBS2003 forbid network access from WAN to LAN. In this case this does not need to be blocked as my Hardware Based VPN/firewall does the security work.
There's quite a bit of that kind of security enabled, but mostly for VPN connections actually terminating on the SBS. I don't think there are restrictions on another LAN connection, but routing may not be enabled. Have a look at this registry value:
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\IPEnableRouter
If this is zero, the solution may be as simple as changing it to 1. IP routing is disabled by default on all Windows versions, and all use this key.
Other issues are dependent on the VPN setup. Does the client end of the VPN know that the 192.168.18.0 network is accessible via the SBS? If not, it will try routing messages out onto the Internet instead of down the VPN. Presumably anything received by the server end of the VPN from the SBS addressed to 192.168.1.x will be routed down the VPN. If the SBS IP routing is enabled, then the problem is probably a TCP/IP one. Try getting outputs of 'route print' on the Windows machines, which may help, and try tracert.
The business of share browsing over VPN is a bit problematic, and you may need the client machine to be a registered domain member to get consistent results. Everybody mumbles at this point, and suggests arcane host and lmhost file entries, but nothing much seems to help. I've never seen network browsing working properly over VPN without a full domain logon. By the way, when you get OWA, etc., are you using the server name or IP address? If you use the name, then run \\server really also ought to work. .
- Follow-Ups:
- Re: VPN login using hardware based VPN/ firewall device - cannot reach SBS internal network
- From: Rob Sassamon
- Re: VPN login using hardware based VPN/ firewall device - cannot reach SBS internal network
- From: Rob Sassamon
- Re: VPN login using hardware based VPN/ firewall device - cannot reach SBS internal network
- From: Rob Sassamon
- Re: VPN login using hardware based VPN/ firewall device - cannot reach SBS internal network
- References:
- Prev by Date: Re: External Fax modem recommendations for 2003 SBS
- Next by Date: Re: UPGRADE CONTROL CARD
- Previous by thread: VPN login using hardware based VPN/ firewall device - cannot reach SBS internal network
- Next by thread: Re: VPN login using hardware based VPN/ firewall device - cannot reach SBS internal network
- Index(es):
Relevant Pages
|
