RE: IP addresses and VPN

Hi Denis:
Thank you for your update.

I am gled to hear everything is working fine now.

It's my pleasure to work with you in this post. If you encounter any
difficulties in the future, please feel free to let me know, I am standing
by to help you.

Again, thanks for using newsgroup.

Have a nice day! :)

Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: IP addresses and VPN
| thread-index: AcXTZq70ANzLipHCTSC5brHDoZC+hA==
| X-WBNR-Posting-Host: 212.159.44.244
| From: "=?Utf-8?B?RGVuaXM=?=" <Denis@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <BA30032E-FB2C-4FA6-AD8E-0CD78021E643@xxxxxxxxxxxxx>
<KpDXxqv0FHA.1468@xxxxxxxxxxxxxxxxxxxxx>
<E195C8DA-1774-4FD7-B673-7270471130F4@xxxxxxxxxxxxx>
<DD673CB0-DEFB-4050-A1DC-63E7FEE0FB2D@xxxxxxxxxxxxx>
<DABBE411-017B-4D9B-88AA-588296DB5822@xxxxxxxxxxxxx>
| Subject: RE: IP addresses and VPN
| Date: Mon, 17 Oct 2005 15:04:02 -0700
| Lines: 231
| Message-ID: <2F7DD8A3-3D8F-4E9B-9A5C-5B56860D5289@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:162149
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I think that update to the DNS/WINS setting has worked, I have managed to
log
| onto the SBS domain (after many tries) and I can access the resources
| (although only if I persevere). I think it is just a very slow/unstable
VPN
| connection problem now.
|
| Thanks for your help.
|
| "Denis" wrote:
|
| > New update: After playing with the DNS and WINS settings I can now get
the
| > Remote server (192.168.32.2) to "join" the SBS Domain (192.168.16.2) by
| > manual config' in the System Properties. However when I try to log on
to the
| > domain I always get a DC not available error (is this due to a very
| > slow/unstable VPN?). If I log on to the local machine account I cannot
access
| > any more resources than indicated in earlier messages.
| >
| > The remote TZ170 LAN is set to 192.168.32.1
| > Lan setup on server attached to the remote TZ:
| > IP Add' 192.168.32.2
| > Default gateway 192.168.32.1
| > DNS1 10.0.0.1 (Netgear ADSL router on wan port of TZ)
| > DNS2 192.168.32.1
| > WINS 192.168.32.1
| >
| > "Denis" wrote:
| >
| > > The exact IIS error message:
| > > HTTP error 403.6 - Forbidden: IP Address of the client has been
rejected.
| > >
| > > "Denis" wrote:
| > >
| > > > Thanks for your respnse, a bit of clarification:
| > > >
| > > > When I access the SBS network (192.168.16.0...) over the TZ170 VPN
link from
| > > > the remote network (192.168.32.0...) I can see the systems in the
office
| > > > (via Network Places) however I cannot access any of their
resources, I can
| > > > also access the companyweb public page (at address 192.168.16.2)
but the
| > > > "connect computer" (to attach a new computer to the network link)
is
| > > > unavailable (IIS error 403, IP address not authorised). I can
access SBS
| > > > Remote desktop etc.
| > > >
| > > > I have added the remote server to the SBS servers list in the
Manage Server
| > > > MMC.
| > > >
| > > > The remote 2003 server (192.168.32.2) is not in a domain, just a
workgroup,
| > > > since I cannot get it to join the domain until I can get the
"connect
| > > > computer" link to operate.
| > > >
| > > > "Edward Tian" wrote:
| > > >
| > > > > Hi:
| > > > > Thank you for posting here. I am sorry for the delayed response
due to
| > > > > weekend. Please understand that the newsgroups are staffed
weekdays by
| > > > > Microsoft Support professionals to answer your systems and
applications
| > > > > questions. Your understanding is greatly appreciated!
| > > > >
| > > > > From the description, I understand that your remote office and
main office
| > > > > are connected by site-to-site VPN using two Sonic Wall TZ170
routers. From
| > > > > the remote office, you can access the share folders and public
web page on
| > > > > the main office, but you cannot access a particular link on the
companyweb
| > > > > entry page. If I have misunderstood your concern, please do let
me know.
| > > > >
| > > > > First, can I assume the link you mentioned is "Remote Server
Management" on
| > > > > the companyweb entry page which is used to connect to the SBS
Server via
| > > > > RDP? (If I am wrong, please send me a screenshot and tell me the
correct
| > > > > link) Then, can I assume your SBS Server only has one network
card with the
| > > > > IP address 192.168.16.2 and the network diagram looks like the
following:
| > > > >
| > > > > Workstations--|
| > > > > SBS Server-----|----Router----Internet----Router----Windows
Server 2003
| > > > >
| > > > > Please kindly correct me if my understanding is not accurate.
| > > > >
| > > > > First I would suggest you re-run the CEICW Wizard, the wizard
will help us
| > > > > configure the networking settings for a SBS server. More info:
| > > > > 825763 How to configure Internet access in Windows Small Business
Server
| > > > > 2003
| > > > > http://support.microsoft.com/?id=825763
| > > > >
| > > > > To narrow down this issue, please help to gather the following
information:
| > > > > 1. Please capture a screenshot of the error page (error 403), and
save it
| > > > > to a .jpg file, then send this file directly to my mailbox:
| > > > > v-edtian@xxxxxxxxxxxxx .
| > > > >
| > > > > Regarding the error 403 message, it appears that your remote
client is not
| > > > > authorized to view this page. I suggest you check the following
settings:
| > > > >
| > > > > a. Go to the SBS Server, open the IIS (Internet Information
Services)
| > > > > management console, navigate to Web Sites-> Default Web
Site->tsweb, right
| > > > > click it and choose Properties.
| > > > >
| > > > > b. Go to the Directory Security tab, click the second Edit button
under "IP
| > > > > address and domain name restrictions". By default, all computers
will be
| > > > > denied access except the 192.168.16.2 and 127.0.0.1 which
represents the
| > > > > SBS Server itself. That is why the remote client was unable to
access this
| > > > > link. Please change the option from "Denied access" to "Granted
access" and
| > > > > ensure no IP addresses are listed. After modifying the settings,
please run
| > > > > "iisreset" from the command prompt (without quotation mark) to
apply the
| > > > > settings.
| > > > >
| > > > > Then will you be able to access this link?
| > > > >
| > > > > 2. Once the VPN connection is established, please type
"ipconfig/all >
| > > > > d:\filename.txt" (without quotation mark) on both the server side
and
| > > > > remote client side, and send these .txt files to my mailbox for
further
| > > > > analysis.
| > > > >
| > > > > 3. Does this problem occur on all your remote clients?
| > > > >
| > > > > 4. Is your remote server in the same domain of the SBS Server?
| > > > >
| > > > > In addition, regarding your concern on the DNS configuration, I
would like
| > > > > to provide you the following information:
| > > > > By default, the order of the DNS query depends on the binding
order of the
| > > > > network cards. You can perform the steps below to check the
binding order:
| > > > > a. Open the Network Connections.
| > > > > b. Click Advanced, choose Advanced Settings.
| > > > > c. Go to the Adapters and Bindings tab, you will find all the
network cards
| > > > > are listed under the Connections.
| > > > >
| > > > > For example, we suppose that the local network card is listed on
the top
| > > > > and the [Remote Access connections] adapter is in the second
order. Once
| > > > > the client attempts to resolve a DNS name, it will first send the
DNS query
| > > > > packet to the DNS Server which is assigned on your first local
network
| > > > > card. If this DNS Server cannot find a matched record, this DNS
query
| > > > > packet will be sent to the second DNS Server which is assigned on
the
| > > > > Remote Access network adapter (a virtual PPP NIC which is created
by the
| > > > > hardware router). In your case, since you are using the hardware
router to
| > > > > deploy the site-to-site VPN, if you have configured the router to
assign a
| > > > > DNS Server (192.168.16.2) for the PPP NIC, the DNS query packet
will be
| > > > > sent to 192.168.16.2 which is the DNS Server on your SBS box.
Then this DNS
| > > > > Server will take the responsibility to perform the DNS resolution
and send
| > > > > back the correct result to the remote client.
| > > > >
| > > > > A workaround is also feasible: You can add the related entry in
the local
| > > > > LMHOST file. In this way, the DNS query will first check the
LMHOST file
| > > > > and then send to the corresponding DNS Server. This method is
widely used
| > > > > to workaround DNS issue in VPN scenario.
| > > > >
| > > > > Hope the above information helps. Please feel free to let me know
if there
| > > > > is anything I can do for you.
| > > > >
| > > > > I look forward to hearing from you.
| > > > > Have a nice day! :)
| > > > >
| > > > > Best Regards
| > > > > Edward Tian(MSFT)
| > > > > Microsoft CSS Online Newsgroup Support
| > > > >
| > > > > Get Secure! - www.microsoft.com/security
| > > > > ======================================================
| > > > > This newsgroup only focuses on SBS technical issues. If you have
issues
| > > > > regarding other Microsoft products, you'd better post in the
corresponding
| > > > > newsgroups so that they can be resolved in an efficient and
timely manner.
| > > > > You can locate the newsgroup here:
| > > > > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > > > >
| > > > > When opening a new thread via the web interface, we recommend you
check the
| > > > > "Notify me of replies" box to receive e-mail notifications when
there are
| > > > > any updates in your thread. When responding to posts via your
newsreader,
| > > > > please "Reply to Group" so that others may learn and benefit from
your
| > > > > issue.
| > > > >
| > > > > Microsoft engineers can only focus on one issue per thread.
Although we
| > > > > provide other information for your reference, we recommend you
post
| > > > > different incidents in different threads to keep the thread
clean. In doing
| > > > > so, it will ensure your issues are resolved in a timely manner.
| > > > >
| > > > > For urgent issues, you may want to contact Microsoft CSS
directly. Please
| > > > > check http://support.microsoft.com for regional support phone
numbers.
| > > > >
| > > > > Any input or comments in this thread are highly appreciated.
| > > > > ======================================================
| > > > > This posting is provided "AS IS" with no warranties, and confers
no rights.
| > > > >
| > > > > --------------------
| > > > > | Thread-Topic: IP addresses and VPN
| > > > > | thread-index: AcXR2GaqpjTm76EhQTaqUox0CyXOUA==
| > > > > | X-WBNR-Posting-Host: 212.159.44.244
| > > > > | From: "=?Utf-8?B?RGVuaXM=?=" <Denis@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > > > > | Subject: IP addresses and VPN
| > > > > | Date: Sat, 15 Oct 2005 15:33:01 -0700
| > > > > | Lines: 20
| > > > > | Message-ID: <BA30032E-FB2C-4FA6-AD8E-0CD78021E643@xxxxxxxxxxxxx>
| > > > > | MIME-Version: 1.0
| > > > > | Content-Type: text/plain;
| > > > > | charset="Utf-8"
| > > > > | Content-Transfer-Encoding: 7bit
| > > > > | X-Newsreader: Microsoft CDO for Windows 2000
| > > > > | Content-Class: urn:content-classes:message
| > > > > | Importance: normal
| > > > > | Priority: normal
| > > > > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > > > > | Newsgroups: microsoft.public.windows.server.sbs
| > > > > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > > > > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > > > > | Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.sbs:161702
| > > > > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > > > > |
| > > > > | I'm trying to set up a Sonic Wall TZ170 VPN network between a
number of
| > > > > small
| > > > > | offices, the local office using a 2003SBS, the remote offices
will use
| > > > > | Server2003
| > > > > | Standard Ed'. In my test setup I have two TZ170's an SBS2003
and a
| > > > > 2003Std
| > > > > | Svr. I have not installed ISA on the SBS Server.
| > > > > | The SBS Server (Local) IP range 192.168.16.x
| > > > > | Standard Server (Remote) IP range 192.168.32.x
| > > > > | I am not using DHCP over the VPN link.
| > > > > | The VPN link is established and I can view the SBS local
network machines
| > > > > | via Network Places... (although not their contents), and public
Web page
| > > > > at
| > > > > | the SBS Servers IP address 192.168.16.2 via the VPN link.
| > > > > | However I get error 403, IP address not authorised when I try
to connect
| > > > > the
| > > > > | remote server to the SBS Server via "connect computer" link on
the
| > > > > comanyweb
| > > > > | entry page.
| > > > > | I have read elsewhere that I should set my remote DNS servers
as the
| > > > > local
| > > > > | SBS Server DNS. Would this not result in all DNS requests being
sent via
| > > > > the
| > > > > | VPN tunnel? Since the VPN tunnel will be over an ADSL link I do
not want
| > > > > to
| > > > > | have to commit to a "perfect" connection for the remote offices
to
| > > > > function
| > > > > | efficiently (thus the 2003 Standard server in each remote
office.)
| > > > > | Apologies if this has been covered recently.
| > > > > |
| > > > >
| > > > >
|

.