Re: Use to be able to VPN/RDP. After installing SBS2003, can only VPN
- From: "David Copeland [MSFT]" <davidcop@xxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 16 Jun 2005 18:23:30 -0500
Tony,
Looking at the route print output it looks like it may be after you
disconnected the VPN since it's a) only showing one IP address for the nic.
b) only showing one default gateway entry (by default our VPN would change
the default gateway IP address to the IP address received on the virtual
interface for the VPN.
As far as the Zywall is concerned with respect to being the endpoint.. is
the Zywall simply reverse NAT'ing (passing the VPN) traffic to the SBS 2000
server and it where you are getting VPN authenticated, IP address, DNS
server IP addresses etc. Or does the virtual tunnel end and the Zywall.
Think of it this way.. if the VPN was a physical pipe.. when you came out at
the far side (where the SBS 2000 server is) would you be standing between
the Zywall and the SBS 2000 server or on the inside network to the SBS 2000
server.
Hmm.. just noticed SSH Virtual Network Adapter (sshvnic) so it looks like
you are using a 3rd party VPN solution. So, you might want to connect the
machine back to the modem directly, connect the VPN connection and run the
route print again.. (and an ipconfig /all) to see if you get another IP
address while the VPN is connected. Just doing a quick search, looks like it
may be using IPSec instead of PPTP.. which would be using different ports
and may need different configuration settings for your Linksys.
With our PPTP connection while you were connected the routing table would
have something like the following (Say the address I'm VPN'ing into is
1.1.1.1 and get assigned a 10.1.1.99 IP address)
Active Routes:
Network Destination Netmask Gateway
Interface Metric
0.0.0.0 0.0.0.0
192.168.16.2 192.168.16.11 2
0.0.0.0 0.0.0.0 10.1.1.99
10.1.1.99 1
10.1.1.99 255.255.255.255 127.0.0.1
127.0.0.1 1
1.1.1.1 255.255.255.255 192.168.16.2
192.168.16.11 1
192.168.16.11 255.255.255.255 127.0.0.1
127.0.0.1 1
So, the default gateway that would be used would be 10.1.1.99 (until the VPN
connection was disconnected.. at which point the default gateway would go
back to 192.168.16.2)
The 1.1.1.1 route is used in order to keep the physical connection for the
tunnel alive.
---
Hope that helps,
David Copeland
Microsoft Small Business Server Support
This posting is provided "AS IS" with no warranties, and confers no rights.
Newsgroups:
SBS v4.x : microsoft.public.backoffice.smallbiz
SBS 2000: microsoft.public.backoffice.smallbiz2000
SBS 2003: microsoft.public.windows.server.sbs
"Tony Girgenti" <tony@xxxxxxxxxxxxxx> wrote in message
news:e8vX0BscFHA.3184@xxxxxxxxxxxxxxxxxxxxxxx
> Hello David.
>
> Here are answers to your questions.
>
> As i stated earlier, your assumption of the connection is correct.
>
> The IP address i am VPNing to is the external nic of the office SBS2000
> server.
>
> After VPNing to the office SBS2000 server, icannot ping 10.1.1.1,
> 192.168.1.2 by name or ip address.
>
> After VPNing to the office SBS2000 server, the ip address of the XP
> machine i am using stays the same, 192.168.16.11.
>
> Here are the results of the route print command after VPNing:
> C:\Documents and Settings\Administrator>route print
> ===========================================================================
> Interface List
> 0x1 ........................... MS TCP Loopback interface
> 0x2 ...00 d0 09 af a1 d6 ...... SiS 900 PCI Fast Ethernet Adapter - Packet
> Sched
> uler Miniport
> 0x3 ...0a b2 94 38 1b 00 ...... SSH Virtual Network Adapter (sshvnic) -
> Packet S
> cheduler Miniport
> ===========================================================================
> ===========================================================================
> Active Routes:
> Network Destination Netmask Gateway Interface
> Metric
> 0.0.0.0 0.0.0.0 192.168.16.2 192.168.16.11
> 20
> 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
> 192.168.16.0 255.255.255.0 192.168.16.11 192.168.16.11
> 20
> 192.168.16.11 255.255.255.255 127.0.0.1 127.0.0.1
> 20
> 192.168.16.255 255.255.255.255 192.168.16.11 192.168.16.11
> 20
> 224.0.0.0 240.0.0.0 192.168.16.11 192.168.16.11
> 20
> 255.255.255.255 255.255.255.255 192.168.16.11 192.168.16.11 1
> 255.255.255.255 255.255.255.255 192.168.16.11 3 1
> Default Gateway: 192.168.16.2
> ===========================================================================
> Persistent Routes:
> None
>
> C:\Documents and Settings\Administrator>
>
> I can't answer the question about wether the Zywall is the endpoint or
> not. I don't know what you mean.
>
> Thanks for all your help.
> Tony
>
> "David Copeland [MSFT]" <davidcop@xxxxxxxxxxxxxxxxxxxx> wrote in message
> news:OZ%23HY%23hcFHA.612@xxxxxxxxxxxxxxxxxxxxxxx
>> Tony,
>>
>> Just to make sure the connection is like..
>>
>> XP----SBS 2003---Linksys router/NAT-----Internet----Zyxel
>> (NAT/Firewall)---SBS 2000---internal lan
>>
>> Is the IP address you are VPN'ing into the external IP address of the
>> Zyxel? and is the Zyxel the VPN endpoint or is it passing the VPN (PPTP)
>> traffic back to the SBS server as the endpoint?
>>
>> Once VPN'ed in are you able to ping the 10.1.1.1 address of the SBS 2000
>> server? If so, can you RDP to that IP address?
>>
>> What IP address does the XP client get once VPN'ed in? Can you post the
>> output from the XP client of the route print command (after the machine
>> is VPN'ed in)
>>
>>
>> --
>>
>> Hope that helps,
>> David Copeland
>> Microsoft Small Business Server Support
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>>
>> SBS Newsgroups:
>>
>> SBS v4.x: microsoft.public.backoffice.smallbiz
>> SBS 2000: microsoft.public.backoffice.smallbiz2000
>> SBS 2003: microsoft.public.windows.server.sbs
>>
>> "Tony Girgenti" <antoniongirgenti@xxxxxxxxxxx> wrote in message
>> news:elShREhcFHA.3252@xxxxxxxxxxxxxxxxxxxxxxx
>> Hello Merv.
>>
>> Considering the fact that the whole thing works and has worked fine for
>> over a year before i brought home the SBS2003 server, is that really an
>> issue.
>>
>> I don't think the problem is with the office SBS2000 server, but then i
>> am not the expert.
>>
>> I could be way off base here, but as soon as i plug my computer into the
>> cable modem directly, the whole thing works fine.
>>
>> Thanks,
>> Tony
>>
>> "Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx> wrote in message
>> news:%23PDyfxgcFHA.1384@xxxxxxxxxxxxxxxxxxxxxxx
>> Hi Tony,
>>
>> One thing I notice is that the subnet mask for the internal NIC on the
>> SBS
>> 2000 server may be incorrect. Your 10.1.1.1 IP address is for a Class A
>> network which normally would have a subnet mask of 255.0.0.0 rather than
>> 255.255.255.0 (as with a Class C network => 10.0.0.1).
>>
>> --
>> Merv Porter [SBS MVP]
>> ===================================
>> "Tony Girgenti" <antoniongirgenti@xxxxxxxxxxx> wrote in message
>> news:O0WjiUfcFHA.3204@xxxxxxxxxxxxxxxxxxxxxxx
>> Hello.
>>
>> If i plug my computer at home (WIN XP Pro SP2) directly into the cable
>> modem, i can VPN and RDP to my office without a problem. Office setup:
>> (SBS2000 SBS2000 server, 2 nics, Zyxel Prestige 650 ADSL Modem, Zyxel
>> Zywall
>> 10 firewall 192.168.1.1, External nic: 192.168.1.2, Internal nic:
>> 10.1.1.1, ).
>>
>> I brought home a Dell server, installed SBS2003 Premium, SP1, no ISA,
>> two
>> nics(Internal:192.168.16.2, External:192.168.2.15), Linksys
>> router(192.168.2.1), Belkin switch and plugged cable modem into Linksys
>> router. I also plugged the home computer into the Belkin switch.
>>
>> Everthing works fine, server and home computers can access internet and
>> email just being plugged into switch, not really logging onto server,
>> just
>> staying local.
>>
>> Problem: Workstation that was able to VPN/RDP, can now establish VPN
>> but
>> cannot RDP. Message "The client could not connect to the remote
>> computer"
>> comes up.
>> Cannot ping 192.168.1.2 after VPN is established on
>> workstation
>> Cannot Open http://SBS_IP/remote in Internet Explorer
>> after
>> VPN established on workstation
>> PPTP Passthrough is enabled on Linksys router
>> Ports 47 and 1723 are being forwarded by Linksys router
>> I have run CEICW numerous times
>> There are no errors in the event log after attempting
>> this
>>
>> If i plug home computer workstation into Linksys router or cable modem,
>> I
>> can again
>> VPN/RDP. Once i put it back to switch on network, VPN OK but cannot
>> RDP.
>>
>> I am trying to RDP to the same server that i am VPNing to.
>>
>> I have included IPCONGIG /ALL for home computer, home SBS2003 server and
>> office SBS2000 server.
>>
>> I have been trying to fix this problem for weeks now. Any help would be
>> greatly appreciated.
>>
>> Thanks,
>> Tony
>>
>> Home computer================================================
>> C:\Documents and Settings\Administrator>ipconfig /all
>> Windows IP Configuration
>>
>> Host Name . . . . . . . . . . . . : TONYHOME
>> Primary Dns Suffix . . . . . . . :
>> Node Type . . . . . . . . . . . . : Hybrid
>> IP Routing Enabled. . . . . . . . : No
>> WINS Proxy Enabled. . . . . . . . : No
>> DNS Suffix Search List. . . . . . :
>> LakesideOfficeSystemsInc.local
>>
>> Ethernet adapter Local Area Connection:
>>
>> Connection-specific DNS Suffix . :
>> LakesideOfficeSystemsInc.local
>> Description . . . . . . . . . . . : SiS 900 PCI Fast Ethernet
>> Adapter
>> Physical Address. . . . . . . . . : 00-D0-09-AF-A1-D6
>> Dhcp Enabled. . . . . . . . . . . : Yes
>> Autoconfiguration Enabled . . . . : Yes
>> IP Address. . . . . . . . . . . . : 192.168.16.11
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . : 192.168.16.2
>> DHCP Server . . . . . . . . . . . : 192.168.16.2
>> DNS Servers . . . . . . . . . . . : 192.168.16.2
>> Primary WINS Server . . . . . . . : 192.168.16.2
>> Lease Obtained. . . . . . . . . . : Sunday, June 05, 2005
>> 9:11:01 AM
>> Lease Expires . . . . . . . . . . : Monday, June 13, 2005
>> 9:11:01 AM
>>
>> Home server==================================================
>> C:\Documents and Settings\Administrator>ipconfig /all
>>
>> Windows IP Configuration
>> Host Name . . . . . . . . . . . . : lakeside
>> Primary Dns Suffix . . . . . . . : LakesideOfficeSystemsInc.local
>> Node Type . . . . . . . . . . . . : Hybrid
>> IP Routing Enabled. . . . . . . . : Yes
>> WINS Proxy Enabled. . . . . . . . : No
>> DNS Suffix Search List. . . . . . : LakesideOfficeSystemsInc.local
>>
>> Ethernet adapter Internal Server Local Area Connection:
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
>> Server
>> Adapter
>> Physical Address. . . . . . . . . : 00-04-23-A5-CF-83
>> DHCP Enabled. . . . . . . . . . . : No
>> IP Address. . . . . . . . . . . . : 192.168.16.2
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . :
>> DNS Servers . . . . . . . . . . . : 192.168.16.2
>> Primary WINS Server . . . . . . . : 192.168.16.2
>>
>> Ethernet adapter External Network Connection 2:
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
>> Server
>> Adapter #2
>> Physical Address. . . . . . . . . : 00-04-23-A5-CF-82
>> DHCP Enabled. . . . . . . . . . . : No
>> IP Address. . . . . . . . . . . . : 192.168.2.15
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . : 192.168.2.1
>> DNS Servers . . . . . . . . . . . : 192.168.16.2
>> NetBIOS over Tcpip. . . . . . . . : Disabled
>>
>> C:\Documents and Settings\Administrator>
>>
>> Office server==================================================
>> C:\Documents and Settings\Administrator>ipconfig /all
>>
>> Windows 2000 IP Configuration
>> Host Name . . . . . . . . . . . . : compexserver
>> Primary DNS Suffix . . . . . . . : compex.local
>> Node Type . . . . . . . . . . . . : Hybrid
>> IP Routing Enabled. . . . . . . . : Yes
>> WINS Proxy Enabled. . . . . . . . : No
>> DNS Suffix Search List. . . . . . : compex.local
>>
>> Ethernet adapter Local Area Connection:
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : 3Com EtherLink III ISA
>> (3C509b-Combo)
>> Physical Address. . . . . . . . . : 00-60-08-A6-40-F6
>> DHCP Enabled. . . . . . . . . . . : No
>> IP Address. . . . . . . . . . . . : 10.1.1.1
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . :
>> DNS Servers . . . . . . . . . . . : 10.1.1.1
>> Primary WINS Server . . . . . . . : 10.1.1.1
>>
>> Ethernet adapter External:
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : Intel(R) PRO/100+ Management
>> Adapter
>> Physical Address. . . . . . . . . : 00-90-27-9D-64-11
>> DHCP Enabled. . . . . . . . . . . : No
>> IP Address. . . . . . . . . . . . : 192.168.1.2
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . : 192.168.1.1
>> DNS Servers . . . . . . . . . . . : 10.1.1.1
>>
>>
>>
>
>
.
- References:
- Use to be able to VPN/RDP. After installing SBS2003, can only VPN
- From: Tony Girgenti
- Re: Use to be able to VPN/RDP. After installing SBS2003, can only VPN
- From: Merv Porter [SBS-MVP]
- Re: Use to be able to VPN/RDP. After installing SBS2003, can only VPN
- From: Tony Girgenti
- Re: Use to be able to VPN/RDP. After installing SBS2003, can only VPN
- From: David Copeland [MSFT]
- Re: Use to be able to VPN/RDP. After installing SBS2003, can only VPN
- From: Tony Girgenti
- Use to be able to VPN/RDP. After installing SBS2003, can only VPN
- Prev by Date: Re: Rights for certain Security Groups
- Next by Date: Re: Replace Server 2003 Std with SBS2003
- Previous by thread: Re: Use to be able to VPN/RDP. After installing SBS2003, can only VPN
- Next by thread: Re: Use to be able to VPN/RDP. After installing SBS2003, can only VPN
- Index(es):
Relevant Pages
|
