RE: Connecting to resources over a SBS 2003 VPN
- From: "Neil TCC" <NeilTCC@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 3 Aug 2005 01:06:12 -0700
Many Thanks Edward!
I changed the Server LAN onto a different IP range as most locations the
clienst are using will be on the 192.168.0 range.
Now the server is on a different IP range the VPN works perfectly.
Many Thanks again.
Just one quick point, i seem to only be able to connect one client at a time
over the VPN, is there an easy way to change this? I am using the SBS2003
standard default settings so there are 5 Ports available, however i seem to
only be able to connect one at a time.
Kind Regards and many thanks
Neil TCC
"Edward Tian" wrote:
> Hi Neil:
> Thank you for your reply.:)
>
> According to the routing table you provided, I notice that both your remote
> VPN client and your SBS server are using a same subnet network
> (192.168.0.0/255.255.0.0). That is the root cause of your issue.
> Hi Neil:
> Thank you for your reply.:)
>
> According to the routing table you provided, I notice that both your remote
> VPN client and your SBS server are using a same subnet network
> (192.168.0.0/255.255.0.0). That is the root cause of your issue.
>
> Technically speaking, the system uses route table to route IP traffics. By
> default, the local subnet does not need route. The system will use
> broadcast to find local clients or send traffic directly to the local
> address. In your case, the remote client has the IP address which is in the
> range of your local subnet. Once the VPN client tries to access the
> resource in the destination network (where the VPN server resides), it will
> not find the way out since its route table treat the request as a local
> network request. That's why there is no response from the server.
>
> In the routing table, we can find this route item:
> 192.168.0.0 255.255.0.0 192.168.0.20 192.168.0.20 20
>
> That is to say, all requests to the subnet 192.168.x.x are sent to
> 192.168.0.20 (the local network adapter of the VPN client). So the traffic
> is failed to send to the correct gateway (192.168.0.53).
>
> 1. To resolve this issue, we need to use different subnet addressing in the
> VPN client and VPN server sites. For example, assign 10.0.0.x to the VPN
> client side and 192.168.x.x to the SBS Server side. That is the recommended
> configuration to establish a VPN connection.
>
> 2. I would also like to provide a workaround to you if it seems difficult
> to change the subnet addressing.
> To work around this problem, you can try the following method:
>
> In your client, add a static routing after the VPN connection is
> established.
> - Click Start, Run, type CMD
> - Type "route add <remote end IP> MASK 255.255.255.255 <IP address of your
> VPN PPP adapter>"
> - Type "route print". You will see a routing entry is added. The
> destination IP is the route end client's IP. Subnet MASK is
> 255.255.255.255. The Gateway is your VPN gateway's IP.
>
> Hope this helps, I look forward to hearing from you. If anything is
> unclear, please feel to let me know, I am glad to be of assistance.
>
> Have a nice day, Neil!:)
>
> Best Regards
> Edward Tian(MSFT)
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> --------------------
> | Thread-Topic: Connecting to resources over a SBS 2003 VPN
> | thread-index: AcWNDiqWl9o+P3yjSjKYUAsN7pz4qw==
> | X-WBNR-Posting-Host: 82.118.121.88
> | From: "=?Utf-8?B?TmVpbCBUQ0M=?=" <NeilTCC@xxxxxxxxxxxxxxxxxxxxxxxxx>
> | References: <55B46F8D-0CE3-46C4-984F-8453B3C9C35C@xxxxxxxxxxxxx>
> <$SP$Gu3iFHA.2700@xxxxxxxxxxxxxxxxxxxxx>
> | Subject: RE: Connecting to resources over a SBS 2003 VPN
> | Date: Wed, 20 Jul 2005 02:34:03 -0700
> | Lines: 236
> | Message-ID: <DC709D03-F592-4D26-9AB9-5AFFE351404A@xxxxxxxxxxxxx>
> | MIME-Version: 1.0
> | Content-Type: text/plain;
> | charset="Utf-8"
> | Content-Transfer-Encoding: 7bit
> | X-Newsreader: Microsoft CDO for Windows 2000
> | Content-Class: urn:content-classes:message
> | Importance: normal
> | Priority: normal
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> | Newsgroups: microsoft.public.windows.server.sbs
> | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
> | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:137368
> | X-Tomcat-NG: microsoft.public.windows.server.sbs
> |
> | Hi Edward, thanks for your reply,
> |
> | Sorry for the delay i had a problem with my Net passport as i could not
> view
> | this thread.
> |
> | Yes you are right regarding the tunnel connecting, just to let you know
> we
> | are using
> | In response to your questions:-
> |
> | 1: SBS 2003 Standard so ISA server is not installed.
> | Service PAck 1 is applied
> |
> | The routing table for the server is:-
> |
> | Active Routes:
> | Network Destination Netmask Gateway
> Interface
> | Metric
> | 0.0.0.0 0.0.0.0 192.168.0.1
>
> | 192.168.0.254 1
> | 82.118.121.88 255.255.255.255 192.168.0.1
> | 192.168.0.254 1
> | 127.0.0.0 255.0.0.0 127.0.0.1
> | 127.0.0.1 1
> | 169.254.0.0 255.255.0.0 169.254.254.223
> | 169.254.254.223 10
> | 169.254.254.223 255.255.255.255 127.0.0.1
> 127.0.0.1
> | 10
> | 169.254.255.255 255.255.255.255 169.254.254.223
> 169.254.254.223
> | 10
> | 192.168.0.0 255.255.255.0 192.168.0.254
> | 192.168.0.254 20
> | 192.168.0.56 255.255.255.255 127.0.0.1
> | 127.0.0.1 50
> | 192.168.0.254 255.255.255.255 127.0.0.1
> 127.0.0.1
> | 20
> | 192.168.0.255 255.255.255.255 192.168.0.254
> | 192.168.0.254 20
> | 224.0.0.0 240.0.0.0 169.254.254.223
> | 169.254.254.223 10
> | 224.0.0.0 240.0.0.0 192.168.0.254
> | 192.168.0.254 20
> | 255.255.255.255 255.255.255.255 169.254.254.223
> 169.254.254.223
> | 1
> | 255.255.255.255 255.255.255.255 192.168.0.254
> 192.168.0.254
> | 1
> | Default Gateway: 192.168.0.1
> |
> ===========================================================================
> | Persistent Routes:
> | None
> |
> | Client when the VPN is enabled is as follows:-
> |
> |
> ===========================================================================
> | Active Routes:
> | Network Destination Netmask Gateway Interface
>
> | Metric
> | 0.0.0.0 0.0.0.0 192.168.0.1
> | 192.168.0.20 21
> | 0.0.0.0 0.0.0.0 192.168.0.53
> | 192.168.0.53 1
> | 83.105.49.143 255.255.255.255 192.168.0.1 192.168.0.20
>
> | 20
> | 127.0.0.0 255.0.0.0 127.0.0.1
> 127.0.0.1
> | 1
> | 192.168.0.0 255.255.0.0 192.168.0.20
> 192.168.0.20
> | 20
> | 192.168.0.20 255.255.255.255 127.0.0.1 127.0.0.1
>
> | 20
> | 192.168.0.53 255.255.255.255 127.0.0.1 127.0.0.1
>
> | 50
> | 192.168.0.255 255.255.255.255 192.168.0.20 192.168.0.20
>
> | 20
> | 192.168.0.255 255.255.255.255 192.168.0.53 192.168.0.53
>
> | 50
> | 224.0.0.0 240.0.0.0 192.168.0.20
> | 192.168.0.20 20
> | 224.0.0.0 240.0.0.0 192.168.0.53
> | 192.168.0.53 1
> | 255.255.255.255 255.255.255.255 192.168.0.20 192.168.0.20
>
> | 1
> | 255.255.255.255 255.255.255.255 192.168.0.20 4
>
> | 1
> | 255.255.255.255 255.255.255.255 192.168.0.53 192.168.0.53
>
> | 1
> | Default Gateway: 192.168.0.53
> |
> ===========================================================================
> | Persistent Routes:
> | None
> |
> | 2: Clients have been added to the Domain, they connect to resources fine
> | when they are i the LAN, the problem only occurs over the VPN
> | 3: I am trying to connect two clients and both are having the same
> problem,
> | i have also tried to use the VPN on clients not part of this domain,
> again
> | they authenticate fine but cannopt browse any Network locations, however
> it
> | seems that a lot more packets are sent and received using the machines
> that
> | are not part of the domain.
> | 4: Can Ping the IP Address but not the server name
> | 5: Internal users can connect fine
> | 6:Windows IP Configuration
> |
> | Host Name . . . . . . . . . . . . : SimonJan05
> | Primary Dns Suffix . . . . . . . : FUAL.local
> | Node Type . . . . . . . . . . . . : Hybrid
> | IP Routing Enabled. . . . . . . . : No
> | WINS Proxy Enabled. . . . . . . . : No
> | DNS Suffix Search List. . . . . . : FUAL.local
> |
> | Ethernet adapter Local Area Connection:
> |
> | Connection-specific DNS Suffix . :
> | Description . . . . . . . . . . . : Realtek RTL8169/8110 Family
> Gigab
> | Ethernet NIC
> | Physical Address. . . . . . . . . : 00-01-4A-1C-57-5F
> | Dhcp Enabled. . . . . . . . . . . : Yes
> | Autoconfiguration Enabled . . . . : Yes
> | IP Address. . . . . . . . . . . . : 192.168.0.20
> | Subnet Mask . . . . . . . . . . . : 255.255.0.0
> | Default Gateway . . . . . . . . . : 192.168.0.1
> | DHCP Server . . . . . . . . . . . : 192.168.0.1
> | DNS Servers . . . . . . . . . . . : 192.168.0.1
> | Lease Obtained. . . . . . . . . . : 20 July 2005 10:21:05
> | Lease Expires . . . . . . . . . . : 23 July 2005 10:21:05
> |
> | Ethernet adapter Wireless Network Connection:
> |
> | Connection-specific DNS Suffix . :
> | Description . . . . . . . . . . . : Intel(R) PRO/Wireless 2200BG
> Netw
> | Connection
> | Physical Address. . . . . . . . . : 00-0E-35-B6-7C-7B
> | Dhcp Enabled. . . . . . . . . . . : Yes
> | Autoconfiguration Enabled . . . . : Yes
> | IP Address. . . . . . . . . . . . : 0.0.0.0
> | Subnet Mask . . . . . . . . . . . : 0.0.0.0
> | Default Gateway . . . . . . . . . :
> | DHCP Server . . . . . . . . . . . : 255.255.255.255
> |
> | PPP adapter FUAL:
> |
> | Connection-specific DNS Suffix . :
> | Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
> | Physical Address. . . . . . . . . : 00-53-45-00-00-00
> | Dhcp Enabled. . . . . . . . . . . : No
> | IP Address. . . . . . . . . . . . : 192.168.0.52
> | Subnet Mask . . . . . . . . . . . : 255.255.255.255
> | Default Gateway . . . . . . . . . : 192.168.0.52
> | DNS Servers . . . . . . . . . . . : 192.168.0.254
> | Primary WINS Server . . . . . . . : 192.168.16.2
> |
> | 7: No we cannot connect using \\servername\shared folder
> |
> | Many thanks for your help on this one i look forward to hearing from you.
> |
> | Kind Regards
> |
> | Neil TCC
> |
> |
> |
> |
> |
> |
> |
> |
.
- Follow-Ups:
- RE: Connecting to resources over a SBS 2003 VPN
- From: Edward Tian
- RE: Connecting to resources over a SBS 2003 VPN
- Prev by Date: RE: I would like to know my options with adding TS Clients to SBS 2000
- Next by Date: Re: ISA 2004 upgrade fails
- Previous by thread: GPO to LOCK workstations
- Next by thread: RE: Connecting to resources over a SBS 2003 VPN
- Index(es):
Relevant Pages
|
