Re: Remote Client VPN access.

From: "Andy" <andy.baguley@xxxxxxxxx>
Date: Sat, 20 Aug 2005 09:22:42 +0100

Cris

1) No. The remote workstation is set to DHCP from the remote router. ipconfig /all is below.

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Eth

ernet NIC

Physical Address. . . . . . . . . : 00-30-1B-34-33-62

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.10.51

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.10.1

DHCP Server . . . . . . . . . . . : 192.168.10.1

DNS Servers . . . . . . . . . . . : 192.168.10.1

Lease Obtained. . . . . . . . . . : 20 August 2005 08:40:50

Lease Expires . . . . . . . . . . : 23 August 2005 08:40:50

2) Yes, confirmed. They were first connected via a hardwire LAN and /connectcomputer was run.

Additional info:-

The remote router is set up as

http://www.draytek.com/support/support_note/router/application/vpn_solution/3/b_pptp_3.php

with one exception. The remote Network IP is set to 192.168.16.0. The router LAN IP is 192.168.10.1

The server is set up broadly as

http://www.draytek.com/support/support_note/router/application/vpn_solution/3/b_pptp_4.php

The server LAN NIC is 192.168.16.2. WAN NIC is 192.168.1.2.

I'm using a separate "user account" to authenticate the tunnel within the server. The static route for that user is set to 192.168.10.0. There are no static routes set up in RRAS, but RRAS is enabled to supply DHCP from a specific range of 192.168.16.211 - 220.

I've not followed the Draytek script regarding RRAS routing policy's. There are three showing, which I presume are standard.

Small Business Remote Access Policy 1

Connections to Microsoft Routing and Remote Access Server 2

Connections to other access servers 3

The Draytek HowTo's are for W2K but I'm using SBS 2K3

The Vigor generated tunnel has currently been up for nearly two days no probs.

Thanks for your time

Rgds

Andy

"Cris Hanna [SBS-MVP]" <crisnospamhanna@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:u$8rLZQpFHA.3828@xxxxxxxxxxxxxxxxxxxx...

two potential issues

is the local IP address of the remote workstation the same as the local IP scheme?

are the remote workstations members of the domain?

--
Cris Hanna [SBS-MVP]
-------------------------------------------------
Please do not email me directly for assistance. Reply only in the Newsgroups for the benefit of everyone

"Andy" <andy.baguley@xxxxxxxxx> wrote in message news:ObH69OOpFHA.320@xxxxxxxxxxxxxxxxxxxx...
SBS 2003 std SP1

I'm familiar with Remote VPN access when the client (XP Pro SP2) initiates
the tunnel using dial up Networking, and it works well.

I have a group of remote clients, and would like them to connect via the
same shared tunnel.

I have Draytek Vigor 2600 routers both ends, and can get the remote Vigor to
initiate a tunnel direct into the SBS RRAS. It stays connected for hours.
This is as per info on the Draytek support site.

From one of the remote clients I can browse the server using "run
\\server-sbs". I can also get Outlook to reach Exchange OK. I can also ping
the server by private IP.

This suggests the routing / DNS etc is working OK?

I have however a problem in that every time I try and access a server
resources from a remote client I am asked to authenticate with username and
password, so I think I am not correctly logging on to the server when I log
into the remote PC. This is more evident when I try to access "my documents"
(which are on the server) and even though I have valid server credentials, I
get a message that I am already connected "elsewhere" and I cannot connect
twice !!!

I'm not using off-line file synchronisation.

Are there any FAQ's / HowTo's etc that can assist with this final step of
getting a remote XP client to correctly log onto an SBS 2003 domain, via a
third party created VPN tunnel?

Or if it's simple, what am I missing?

TIA

References:
- Remote Client VPN access.
  - From: Andy
- Re: Remote Client VPN access.
  - From: Cris Hanna [SBS-MVP]

Prev by Date: Re: Can't send or receive e-mail to POP3 users on same domain--HELP!
Next by Date: Re: New SBS 2003 and domain
Previous by thread: Re: Remote Client VPN access.
Next by thread: Offer Remote Assistance Not Working
Index(es):
- Date
- Thread

Relevant Pages

SecurityFocus Microsoft Newsletter #152
... MICROSOFT VULNERABILITY SUMMARY ... Real Networks Helix Universal Server Remote Buffer Overflow ... ... NEW PRODUCTS FOR MICROSOFT PLATFORMS ...
(Focus-Microsoft)
Re: reverse shell session
... I want to open a session on a client that connects to my server and makes ... a tunnel. ... You may ask why i want to do that, well the remote machine is behind a ... You could run an ssh server on the machine that's behind the FW on some ...
(comp.security.ssh)
SecurityFocus Microsoft Newsletter #140
... Cafelog b2 Remote File Include Vulnerability ... Webfroot Shoutbox Remote Command Execution Vulnerability ... Pablo Software Solutions Baby POP3 Server Multiple Connection... ... Microsoft Windows XP Nested Directory Denial of Service... ...
(Focus-Microsoft)
RE: Download connection Manager through RWW
... the issue may occur due to the Remote VD is ... Then please rerun the CEICW wizard and Configure Remote access wizard ... Start Internet Explorer. ... Since the Symantec anti-virus application installed on the server, ...
(microsoft.public.windows.server.sbs)
Re: Connecting a remote workstation to a domain
... Terminal Server to go with the SBS server. ... I can remotely join XP Pro computers at the remote ... either way it loads her cached roaming profile ... I need the local printers at the remote office to be set up ...
(microsoft.public.windows.server.sbs)