Re: Remote Access Routing Questions

Hi,

Thanks for your update!

I am sorry for the delayed response due to weekend. Please understand that
the newsgroups are staffed weekdays by Microsoft Support professionals to
answer your systems and applications questions. Your understanding is
greatly appreciated!

I am sorry for misunderstand you. Based on my search, the VPN connection
launched by nevertheless New Connection or Remote Connection Disk is the
same. The difference of both methods is that the client VPN setup
connection wizard is saved in a floppy or disk of Remote Connection Disk
method. After setup VPN connection uses the either methods, we can access
companyweb and internet.

For your now scenario, I suggest that you follow my suggestion to isolate
the issue:

A. Configure SBS 2003 accept VPN inbound connection by using CEICW

You can open "Server Management" -> To do lists -> Connect to Internet to
open CEICW, please refer to this KB article

825763 How to configure Internet access in Windows Small Business Server
2003
http://support.microsoft.com/?id=825763

B. Have you installed ISA server on the server box? If yes, you may refer
to the following KB article to configure ISA firewall rule:

283628 How to Enable PPTP Clients to Connect Through an ISA Firewall
http://support.microsoft.com/?id=283628

Enabling Dial-Out Access ISA Winsock Proxy, Firewall, and SecureNAT Clients
http://support.microsoft.com/kb/283635/EN-US/

C. Create a VPN connection to the SBS 2003 Server, then you can connect to
http://companyweb which is located on the SBS 2003.

How about the result? If the issue persists, in the VPN client side, can
you ping companyweb? Please double check the VPN client is a member of the
SBS domain. If you type in http://companyweb.domainname.local where
domainname.local is your Active Directory domain name can you connect then?
If so, then on the client you may need to add domainname.local to the
client''s DNS suffix search order so that when they type http://companyweb
it can resolve in DNS as companyweb.domainname.local to the IP address.

And now how about the result?

To the Remote Connection Disk issue, please check the following settings:

The TunnelAddress should be FQDN of the SBS server, and it is set when you
run the Remote Access Wizard. You may want to rerun the Remote Access
Wizard with the correct FQDN and then rerun the Create Remote Connection
Disk. To do so:

1. Click Start and then click Server Management.

2. Select Internet and E-mail, click Configure Remote Access in the right
pane.

3. On the VPN Server Name dialog, type the fully qualified host name used
to access your server from the Internet or the external IP address of the
router in the "Server name" box.

As a workaround, you can try the steps below on the client side:

1. Open Windows Explorer.

2. Locate the file "%Documents and Settings%\<username>\Application
Data\Microsoft\Network\Connections\Cm\remote\remote.cms".

3. Open this file with Notepad.

4. Change TunnelAddress to reflect to the correct address.

In addition, PPTP is negotiating a connection on TCP port 1723 and send
data to and from the PPTP server using the GRE protocol (IP Protocol 47,
0x2F if you are looking in Network Monitor). Please make sure IP Protocol
47 is allowed on the router.

Related Knowledge Base article:

241251 VPN Tunnels - GRE Protocol 47 Packet Description and Use
http://support.microsoft.com/?kbid=241251

I appreciate your time! I am happy to be assistance and look forward to
your updates.

Have a nice day!

Sincerely,

Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
>From: "CCMiami" <nospam@xxxxxxxxxxxxxxx>
>Newsgroups: microsoft.public.windows.server.sbs
>References: <cLYef.10366$Mi5.9390@dukeread07>
<d4sqc4B7FHA.3580@xxxxxxxxxxxxxxxxxxxxx>
>Subject: Re: Remote Access Routing Questions
>Lines: 180
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
>X-RFC2646: Format=Flowed; Original
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
>Message-ID: <WI%ff.11345$Mi5.9876@dukeread07>
>Date: Sun, 20 Nov 2005 09:26:20 -0500
>NNTP-Posting-Host: 70.184.241.162
>X-Complaints-To: abuse@xxxxxxx
>X-Trace: dukeread07 1132496822 70.184.241.162 (Sun, 20 Nov 2005 09:27:02
EST)
>NNTP-Posting-Date: Sun, 20 Nov 2005 09:27:02 EST
>Organization: Cox Communications
>Path:
TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli
ne.de!border2.nntp.dca.giganews.com!nntp.giganews.com!peer01.cox.net!cox.net
!p01!dukeread07.POSTED!53ab2750!not-for-mail
>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:223925
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>Jenny,
>The question does not involve RWW at all. I have 2 VPN connections, one I
>set up with "New connection" and one set up from the SBS remote connection
>disk.
>The "new connection" VPN will not access \\companyweb" - it will access
the
>rest of the internet as well as <companyname>.local
>
>The remote connection disk VPN (not using RWW) will access \\companyweb -
it
>will not access the rest of the internet.
>
>I set up the "New connection" to not use the VPN as a gateway. How do I
do
>this for the remote connection disk?
>And, why would the "New connection" not access \\companyweb?
>
>Thanks!
>
>
>""Jenny wu [MSFT]"" <v-yanniw@xxxxxxxxxxxxxxxxxxxx> wrote in message
>news:d4sqc4B7FHA.3580@xxxxxxxxxxxxxxxxxxxxxxxx
>> Hi,
>>
>> Thanks for posting here!
>>
>> For your description, I understand that you have some question to
>> connecting to SBS network though VPN and RWW site. If I am off base,
>> please
>> don't hesitate to let me know.
>>
>> I. When we setup VPN connection to some network from internet, the
>> internet
>> computer will be assigned a private IP address of the network and works
>> like internal computers and access resources with appropriate
permissions.
>>
>> When we VPN to the SBS network, we surely can access the Companyweb site
>> by
>> URL: http://companyweb. When you VPN to SBS network, what is error you
got
>> when you try to access the companyweb site?
>>
>> How you setup VPN connection? By Microsoft VPN client application or
third
>> party application such as router vendor?
>>
>> II. I would like to explain how RWW works when a remote client connects
to
>> an internal client computer or server box, so that you can have a brief
>> understanding about RWW issue.
>>
>> The following is the process:
>>
>> 1. User navigates to the Computer Selection page of the Remote User
Portal
>> in a web browser, and is prompted to download the stanard Terminal
>> Services
>> ActiveX Component, if necessary.
>> 2. SBS queries the Active Directory for all internal client computers
>> running an OS that supports Remote Desktop and provides the list to the
>> user.
>> 3. User selects a computer from the list and presses Connect button.
>> 4. Server listens on TCP port 4125 which is already opened by firewall.
>> 5. SBS creates a connection to the internal client on port 3389 which is
>> designed for TS and Remote Desktop.
>> 6. The TS ActiveX Control downloaded and installed on the external client
>> creates a TS connection to the SBS server on port 4125.
>> 7. SBS Server forwards the connection to the internal Remote Desktop
>> client
>> or itself as a Remote Desktop client.
>>
>> When you RDP the SBS server, you can operate the server like locally. So
I
>> am not clearly know what is your meaning "The SBS connection can't access
>> an external web site.". If the server can access external web site, when
>> you connect the server, it still can access internet.
>>
>> More information:
>> How to install and configure a Virtual Private Network server in Windows
>> Server 2003
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;323441
>>
>> 314076 HOW TO: Configure a Connection to a Virtual Private Network (VPN)
>> in
>> Windows XP
>> http://support.microsoft.com/?id=314076
>>
>> After understanding the RWW/Remote Desktop process, you will know that
>> after RWW traffic entered internal network, it will use terminal services
>> and do RDP process, so use the RRAS console, we can not see which one
>> session from the RWW, which one from VPN or RDP session.
>>
>> Hope above information helps! I am happy to be assistance of you and look
>> forward to your reply.
>>
>> Have a nice day!
>>
>> Sincerely,
>>
>> Jenny Wu
>> Microsoft CSS Online Newsgroup Support
>> Get Secure! - www.microsoft.com/security
>> ======================================================
>> This newsgroup only focuses on SBS technical issues. If you have issues
>> regarding other Microsoft products, you'd better post in the
corresponding
>> newsgroups so that they can be resolved in an efficient and timely
manner.
>> You can locate the newsgroup here:
>> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>>
>> When opening a new thread via the web interface, we recommend you check
>> the
>> "Notify me of replies" box to receive e-mail notifications when there are
>> any updates in your thread. When responding to posts via your newsreader,
>> please "Reply to Group" so that others may learn and benefit from your
>> issue.
>>
>> Microsoft engineers can only focus on one issue per thread. Although we
>> provide other information for your reference, we recommend you post
>> different incidents in different threads to keep the thread clean. In
>> doing
>> so, it will ensure your issues are resolved in a timely manner.
>>
>> For urgent issues, you may want to contact Microsoft CSS directly. Please
>> check http://support.microsoft.com for regional support phone numbers.
>>
>> Any input or comments in this thread are highly appreciated.
>> ======================================================
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> --------------------
>>>From: "CCMiami" <nospam@xxxxxxxxxxxxxxx>
>>>Newsgroups: microsoft.public.windows.server.sbs
>>>Subject: Remote Access Routing Questions
>>>Lines: 24
>>>X-Priority: 3
>>>X-MSMail-Priority: Normal
>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
>>>X-RFC2646: Format=Flowed; Original
>>>Message-ID: <cLYef.10366$Mi5.9390@dukeread07>
>>>Date: Thu, 17 Nov 2005 05:15:09 -0500
>>>NNTP-Posting-Host: 70.184.241.162
>>>X-Complaints-To: abuse@xxxxxxx
>>>X-Trace: dukeread07 1132222536 70.184.241.162 (Thu, 17 Nov 2005 05:15:36
>> EST)
>>>NNTP-Posting-Date: Thu, 17 Nov 2005 05:15:36 EST
>>>Organization: Cox Communications
>>>Path:
>>
TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli
>>
ne.de!border2.nntp.dca.giganews.com!nntp.giganews.com!peer01.cox.net!cox.net
>> !p01!dukeread07.POSTED!53ab2750!not-for-mail
>>>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:223152
>>>X-Tomcat-NG: microsoft.public.windows.server.sbs
>>>
>>>Hi,
>>>I am trying to understand the VPN routing and how it is different between
>> a
>>>"Connect to SBS" connection, made from a remote connection disk, and a
VPN
>>>connection set up manually.
>>>
>>>First, these act differently. For example the "SBS" connection can
access
>>>\\companyweb but the VPN can't, but both can access <servername>.local or
>>>even companyweb.<servername>.local. Why can't the VPN access
>> \\conpanyweb?
>>>How are these not the same thing?
>>>
>>>The SBS connection can't access an external web site. What makes the
>> server
>>>perform the routing?
>>>
>>>I have configured the VPN connection to allow direct local access by
>>>unchecking "Use default gateway on remote network". I don't know how to
>> do
>>>the same with the "remote connection disk"? How do I set the parameters
>> of
>>>the remote connection disk?
>>>
>>>On a somewhat related note - how would I create a VPN user that is not an
>>>SBS user (For access to a secure web site, CVS server, etc).
>>>
>>>Thanks!
>>>
>>>
>>>
>>
>
>
>

.

Loading