Re: Use to be able to VPN/RDP. After installing SBS2003, can only VPN
- From: "David Copeland [MSFT]" <davidcop@xxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 18 Jun 2005 14:15:38 -0500
Tony,
Based on the routing table, your VPN client software must be intercepting
the traffic in the IP stack, encrypting it and then sending it to the
destination using the same source IP address. Not know for sure how there
software works in conjuction with the Zywall.. something you might try is to
do the following on the SBS 2000 server to add a route.
route -p add 192.168.16.0 mask 255.255.255.0 192.168.1.1
Which would be telling the server to send the traffic destined for the
192.168.16.0 subnet (if that's what the VPN client's source IP address is)
via the Zywall... and see if it will then be able to get it back to your
client via the tunnel.
Also, do you know if their VPN client software is supported going through a
NAT (whether it be SBS 2003 and/or the Linksys)?
--
Hope that helps,
David Copeland
Microsoft Small Business Server Support
This posting is provided "AS IS" with no warranties, and confers no rights.
SBS Newsgroups:
SBS v4.x: microsoft.public.backoffice.smallbiz
SBS 2000: microsoft.public.backoffice.smallbiz2000
SBS 2003: microsoft.public.windows.server.sbs
"Tony Girgenti" <antoniongirgenti@xxxxxxxxxxx> wrote in message
news:%232Pb47CdFHA.4060@xxxxxxxxxxxxxxxxxxxxxxx
Hello David.
Here is the information you requested. While connected directly to the
cable modem, I did an ipconfig /all before the VPN connection. After the
VPN connection was established and before i did an RDP to the office sbs2000
server, i did another ipconfig /all and a route print.
Hope you find sometging that helps. I really want to get this problem
resolved.
Thanks again for all of your help.
Tony
C:\Documents and Settings\Administrator>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : TONYHOME
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.pa.comcast.net.
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : hsd1.pa.comcast.net.
Description . . . . . . . . . . . : SiS 900 PCI Fast Ethernet
Adapter
Physical Address. . . . . . . . . : 00-D0-09-AF-A1-D6
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 68.81.217.146
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 68.81.217.1
DHCP Server . . . . . . . . . . . : 68.87.64.10
DNS Servers . . . . . . . . . . . : 68.87.64.196
68.80.0.5
68.87.66.196
Lease Obtained. . . . . . . . . . : Saturday, June 18, 2005 12:53:09
PM
Lease Expires . . . . . . . . . . : Monday, June 20, 2005 5:01:51 PM
Ethernet adapter {7B7B9F34-D922-4305-AC2C-6F032197218B}:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : SSH Virtual Network Adapter
(sshvnic) -
Packet Scheduler Miniport
Physical Address. . . . . . . . . : 0A-B2-2A-3A-03-00
C:\Documents and Settings\Administrator>
C:\Documents and Settings\Administrator>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : TONYHOME
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.pa.comcast.net.
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : hsd1.pa.comcast.net.
Description . . . . . . . . . . . : SiS 900 PCI Fast Ethernet
Adapter
Physical Address. . . . . . . . . : 00-D0-09-AF-A1-D6
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 68.81.217.146
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 68.81.217.1
DHCP Server . . . . . . . . . . . : 68.87.64.10
DNS Servers . . . . . . . . . . . : 68.87.64.196
68.80.0.5
68.87.66.196
Lease Obtained. . . . . . . . . . : Saturday, June 18, 2005 12:53:09
PM
Lease Expires . . . . . . . . . . : Monday, June 20, 2005 5:01:51 PM
Ethernet adapter {7B7B9F34-D922-4305-AC2C-6F032197218B}:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : SSH Virtual Network Adapter
(sshvnic) -
Packet Scheduler Miniport
Physical Address. . . . . . . . . : 0A-B2-2A-3A-03-00
C:\Documents and Settings\Administrator>
C:\Documents and Settings\Administrator>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 d0 09 af a1 d6 ...... SiS 900 PCI Fast Ethernet Adapter - Packet
Scheduler Miniport
0x3 ...0a b2 2a 3a 03 00 ...... SSH Virtual Network Adapter (sshvnic) -
Packet S
cheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 68.81.217.1 68.81.217.146 20
68.81.217.0 255.255.255.0 68.81.217.146 68.81.217.146 20
68.81.217.146 255.255.255.255 127.0.0.1 127.0.0.1 20
68.255.255.255 255.255.255.255 68.81.217.146 68.81.217.146 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 68.81.217.146 68.81.217.146 20
255.255.255.255 255.255.255.255 68.81.217.146 68.81.217.146 1
255.255.255.255 255.255.255.255 68.81.217.146 3 1
Default Gateway: 68.81.217.1
===========================================================================
Persistent Routes:
None
C:\Documents and Settings\Administrator>
"David Copeland [MSFT]" <davidcop@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:OsEippscFHA.3204@xxxxxxxxxxxxxxxxxxxxxxx
Tony,
Looking at the route print output it looks like it may be after you
disconnected the VPN since it's a) only showing one IP address for the
nic.
b) only showing one default gateway entry (by default our VPN would change
the default gateway IP address to the IP address received on the virtual
interface for the VPN.
As far as the Zywall is concerned with respect to being the endpoint.. is
the Zywall simply reverse NAT'ing (passing the VPN) traffic to the SBS
2000
server and it where you are getting VPN authenticated, IP address, DNS
server IP addresses etc. Or does the virtual tunnel end and the Zywall.
Think of it this way.. if the VPN was a physical pipe.. when you came out
at
the far side (where the SBS 2000 server is) would you be standing between
the Zywall and the SBS 2000 server or on the inside network to the SBS
2000
server.
Hmm.. just noticed SSH Virtual Network Adapter (sshvnic) so it looks like
you are using a 3rd party VPN solution. So, you might want to connect
the
machine back to the modem directly, connect the VPN connection and run the
route print again.. (and an ipconfig /all) to see if you get another IP
address while the VPN is connected. Just doing a quick search, looks like
it
may be using IPSec instead of PPTP.. which would be using different ports
and may need different configuration settings for your Linksys.
With our PPTP connection while you were connected the routing table would
have something like the following (Say the address I'm VPN'ing into is
1.1.1.1 and get assigned a 10.1.1.99 IP address)
Active Routes:
Network Destination Netmask Gateway
Interface Metric
0.0.0.0 0.0.0.0
192.168.16.2 192.168.16.11 2
0.0.0.0 0.0.0.0 10.1.1.99
10.1.1.99 1
10.1.1.99 255.255.255.255 127.0.0.1
127.0.0.1 1
1.1.1.1 255.255.255.255 192.168.16.2
192.168.16.11 1
192.168.16.11 255.255.255.255 127.0.0.1
127.0.0.1 1
So, the default gateway that would be used would be 10.1.1.99 (until the
VPN
connection was disconnected.. at which point the default gateway would go
back to 192.168.16.2)
The 1.1.1.1 route is used in order to keep the physical connection for the
tunnel alive.
---
Hope that helps,
David Copeland
Microsoft Small Business Server Support
This posting is provided "AS IS" with no warranties, and confers no
rights.
Newsgroups:
SBS v4.x : microsoft.public.backoffice.smallbiz
SBS 2000: microsoft.public.backoffice.smallbiz2000
SBS 2003: microsoft.public.windows.server.sbs
"Tony Girgenti" <tony@xxxxxxxxxxxxxx> wrote in message
news:e8vX0BscFHA.3184@xxxxxxxxxxxxxxxxxxxxxxx
> Hello David.
>
> Here are answers to your questions.
>
> As i stated earlier, your assumption of the connection is correct.
>
> The IP address i am VPNing to is the external nic of the office SBS2000
> server.
>
> After VPNing to the office SBS2000 server, icannot ping 10.1.1.1,
> 192.168.1.2 by name or ip address.
>
> After VPNing to the office SBS2000 server, the ip address of the XP
> machine i am using stays the same, 192.168.16.11.
>
> Here are the results of the route print command after VPNing:
> C:\Documents and Settings\Administrator>route print
>
===========================================================================
> Interface List
> 0x1 ........................... MS TCP Loopback interface
> 0x2 ...00 d0 09 af a1 d6 ...... SiS 900 PCI Fast Ethernet Adapter -
Packet
> Sched
> uler Miniport
> 0x3 ...0a b2 94 38 1b 00 ...... SSH Virtual Network Adapter (sshvnic) -
> Packet S
> cheduler Miniport
>
===========================================================================
>
===========================================================================
> Active Routes:
> Network Destination Netmask Gateway Interface
> Metric
> 0.0.0.0 0.0.0.0 192.168.16.2 192.168.16.11
> 20
> 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
1
> 192.168.16.0 255.255.255.0 192.168.16.11 192.168.16.11
> 20
> 192.168.16.11 255.255.255.255 127.0.0.1 127.0.0.1
> 20
> 192.168.16.255 255.255.255.255 192.168.16.11 192.168.16.11
> 20
> 224.0.0.0 240.0.0.0 192.168.16.11 192.168.16.11
> 20
> 255.255.255.255 255.255.255.255 192.168.16.11 192.168.16.11
1
> 255.255.255.255 255.255.255.255 192.168.16.11 3
1
> Default Gateway: 192.168.16.2
>
===========================================================================
> Persistent Routes:
> None
>
> C:\Documents and Settings\Administrator>
>
> I can't answer the question about wether the Zywall is the endpoint or
> not. I don't know what you mean.
>
> Thanks for all your help.
> Tony
>
> "David Copeland [MSFT]" <davidcop@xxxxxxxxxxxxxxxxxxxx> wrote in message
> news:OZ%23HY%23hcFHA.612@xxxxxxxxxxxxxxxxxxxxxxx
>> Tony,
>>
>> Just to make sure the connection is like..
>>
>> XP----SBS 2003---Linksys router/NAT-----Internet----Zyxel
>> (NAT/Firewall)---SBS 2000---internal lan
>>
>> Is the IP address you are VPN'ing into the external IP address of the
>> Zyxel? and is the Zyxel the VPN endpoint or is it passing the VPN
(PPTP)
>> traffic back to the SBS server as the endpoint?
>>
>> Once VPN'ed in are you able to ping the 10.1.1.1 address of the SBS
2000
>> server? If so, can you RDP to that IP address?
>>
>> What IP address does the XP client get once VPN'ed in? Can you post the
>> output from the XP client of the route print command (after the machine
>> is VPN'ed in)
>>
>>
>> --
>>
>> Hope that helps,
>> David Copeland
>> Microsoft Small Business Server Support
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>>
>> SBS Newsgroups:
>>
>> SBS v4.x: microsoft.public.backoffice.smallbiz
>> SBS 2000: microsoft.public.backoffice.smallbiz2000
>> SBS 2003: microsoft.public.windows.server.sbs
>>
>> "Tony Girgenti" <antoniongirgenti@xxxxxxxxxxx> wrote in message
>> news:elShREhcFHA.3252@xxxxxxxxxxxxxxxxxxxxxxx
>> Hello Merv.
>>
>> Considering the fact that the whole thing works and has worked fine for
>> over a year before i brought home the SBS2003 server, is that really an
>> issue.
>>
>> I don't think the problem is with the office SBS2000 server, but then i
>> am not the expert.
>>
>> I could be way off base here, but as soon as i plug my computer into
the
>> cable modem directly, the whole thing works fine.
>>
>> Thanks,
>> Tony
>>
>> "Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx> wrote in message
>> news:%23PDyfxgcFHA.1384@xxxxxxxxxxxxxxxxxxxxxxx
>> Hi Tony,
>>
>> One thing I notice is that the subnet mask for the internal NIC on the
>> SBS
>> 2000 server may be incorrect. Your 10.1.1.1 IP address is for a Class
A
>> network which normally would have a subnet mask of 255.0.0.0 rather
than
>> 255.255.255.0 (as with a Class C network => 10.0.0.1).
>>
>> --
>> Merv Porter [SBS MVP]
>> ===================================
>> "Tony Girgenti" <antoniongirgenti@xxxxxxxxxxx> wrote in message
>> news:O0WjiUfcFHA.3204@xxxxxxxxxxxxxxxxxxxxxxx
>> Hello.
>>
>> If i plug my computer at home (WIN XP Pro SP2) directly into the cable
>> modem, i can VPN and RDP to my office without a problem. Office
setup:
>> (SBS2000 SBS2000 server, 2 nics, Zyxel Prestige 650 ADSL Modem, Zyxel
>> Zywall
>> 10 firewall 192.168.1.1, External nic: 192.168.1.2, Internal nic:
>> 10.1.1.1, ).
>>
>> I brought home a Dell server, installed SBS2003 Premium, SP1, no ISA,
>> two
>> nics(Internal:192.168.16.2, External:192.168.2.15), Linksys
>> router(192.168.2.1), Belkin switch and plugged cable modem into
Linksys
>> router. I also plugged the home computer into the Belkin switch.
>>
>> Everthing works fine, server and home computers can access internet
and
>> email just being plugged into switch, not really logging onto server,
>> just
>> staying local.
>>
>> Problem: Workstation that was able to VPN/RDP, can now establish VPN
>> but
>> cannot RDP. Message "The client could not connect to the remote
>> computer"
>> comes up.
>> Cannot ping 192.168.1.2 after VPN is established on
>> workstation
>> Cannot Open http://SBS_IP/remote in Internet Explorer
>> after
>> VPN established on workstation
>> PPTP Passthrough is enabled on Linksys router
>> Ports 47 and 1723 are being forwarded by Linksys
router
>> I have run CEICW numerous times
>> There are no errors in the event log after attempting
>> this
>>
>> If i plug home computer workstation into Linksys router or cable
modem,
>> I
>> can again
>> VPN/RDP. Once i put it back to switch on network, VPN OK but cannot
>> RDP.
>>
>> I am trying to RDP to the same server that i am VPNing to.
>>
>> I have included IPCONGIG /ALL for home computer, home SBS2003 server
and
>> office SBS2000 server.
>>
>> I have been trying to fix this problem for weeks now. Any help would
be
>> greatly appreciated.
>>
>> Thanks,
>> Tony
>>
>> Home computer================================================
>> C:\Documents and Settings\Administrator>ipconfig /all
>> Windows IP Configuration
>>
>> Host Name . . . . . . . . . . . . : TONYHOME
>> Primary Dns Suffix . . . . . . . :
>> Node Type . . . . . . . . . . . . : Hybrid
>> IP Routing Enabled. . . . . . . . : No
>> WINS Proxy Enabled. . . . . . . . : No
>> DNS Suffix Search List. . . . . . :
>> LakesideOfficeSystemsInc.local
>>
>> Ethernet adapter Local Area Connection:
>>
>> Connection-specific DNS Suffix . :
>> LakesideOfficeSystemsInc.local
>> Description . . . . . . . . . . . : SiS 900 PCI Fast Ethernet
>> Adapter
>> Physical Address. . . . . . . . . : 00-D0-09-AF-A1-D6
>> Dhcp Enabled. . . . . . . . . . . : Yes
>> Autoconfiguration Enabled . . . . : Yes
>> IP Address. . . . . . . . . . . . : 192.168.16.11
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . : 192.168.16.2
>> DHCP Server . . . . . . . . . . . : 192.168.16.2
>> DNS Servers . . . . . . . . . . . : 192.168.16.2
>> Primary WINS Server . . . . . . . : 192.168.16.2
>> Lease Obtained. . . . . . . . . . : Sunday, June 05, 2005
>> 9:11:01 AM
>> Lease Expires . . . . . . . . . . : Monday, June 13, 2005
>> 9:11:01 AM
>>
>> Home server==================================================
>> C:\Documents and Settings\Administrator>ipconfig /all
>>
>> Windows IP Configuration
>> Host Name . . . . . . . . . . . . : lakeside
>> Primary Dns Suffix . . . . . . . : LakesideOfficeSystemsInc.local
>> Node Type . . . . . . . . . . . . : Hybrid
>> IP Routing Enabled. . . . . . . . : Yes
>> WINS Proxy Enabled. . . . . . . . : No
>> DNS Suffix Search List. . . . . . : LakesideOfficeSystemsInc.local
>>
>> Ethernet adapter Internal Server Local Area Connection:
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
>> Server
>> Adapter
>> Physical Address. . . . . . . . . : 00-04-23-A5-CF-83
>> DHCP Enabled. . . . . . . . . . . : No
>> IP Address. . . . . . . . . . . . : 192.168.16.2
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . :
>> DNS Servers . . . . . . . . . . . : 192.168.16.2
>> Primary WINS Server . . . . . . . : 192.168.16.2
>>
>> Ethernet adapter External Network Connection 2:
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
>> Server
>> Adapter #2
>> Physical Address. . . . . . . . . : 00-04-23-A5-CF-82
>> DHCP Enabled. . . . . . . . . . . : No
>> IP Address. . . . . . . . . . . . : 192.168.2.15
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . : 192.168.2.1
>> DNS Servers . . . . . . . . . . . : 192.168.16.2
>> NetBIOS over Tcpip. . . . . . . . : Disabled
>>
>> C:\Documents and Settings\Administrator>
>>
>> Office server==================================================
>> C:\Documents and Settings\Administrator>ipconfig /all
>>
>> Windows 2000 IP Configuration
>> Host Name . . . . . . . . . . . . : compexserver
>> Primary DNS Suffix . . . . . . . : compex.local
>> Node Type . . . . . . . . . . . . : Hybrid
>> IP Routing Enabled. . . . . . . . : Yes
>> WINS Proxy Enabled. . . . . . . . : No
>> DNS Suffix Search List. . . . . . : compex.local
>>
>> Ethernet adapter Local Area Connection:
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : 3Com EtherLink III ISA
>> (3C509b-Combo)
>> Physical Address. . . . . . . . . : 00-60-08-A6-40-F6
>> DHCP Enabled. . . . . . . . . . . : No
>> IP Address. . . . . . . . . . . . : 10.1.1.1
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . :
>> DNS Servers . . . . . . . . . . . : 10.1.1.1
>> Primary WINS Server . . . . . . . : 10.1.1.1
>>
>> Ethernet adapter External:
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : Intel(R) PRO/100+
Management
>> Adapter
>> Physical Address. . . . . . . . . : 00-90-27-9D-64-11
>> DHCP Enabled. . . . . . . . . . . : No
>> IP Address. . . . . . . . . . . . : 192.168.1.2
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . : 192.168.1.1
>> DNS Servers . . . . . . . . . . . : 10.1.1.1
>>
>>
>>
>
>
.
- References:
- Use to be able to VPN/RDP. After installing SBS2003, can only VPN
- From: Tony Girgenti
- Re: Use to be able to VPN/RDP. After installing SBS2003, can only VPN
- From: Merv Porter [SBS-MVP]
- Re: Use to be able to VPN/RDP. After installing SBS2003, can only VPN
- From: Tony Girgenti
- Re: Use to be able to VPN/RDP. After installing SBS2003, can only VPN
- From: David Copeland [MSFT]
- Re: Use to be able to VPN/RDP. After installing SBS2003, can only VPN
- From: Tony Girgenti
- Re: Use to be able to VPN/RDP. After installing SBS2003, can only VPN
- From: David Copeland [MSFT]
- Use to be able to VPN/RDP. After installing SBS2003, can only VPN
- Prev by Date: Re: No Server Rmt Desktop after applying Msft June Updates
- Next by Date: Re: SBS2003 Clients will not remote
- Previous by thread: Re: Use to be able to VPN/RDP. After installing SBS2003, can only VPN
- Next by thread: Re: Use to be able to VPN/RDP. After installing SBS2003, can only VPN
- Index(es):
Relevant Pages
|
