Re: VPN, Two LAN Cards and a Router
- From: John F Kappler <john@xxxxxxxxxxxxxx>
- Date: Fri, 29 Sep 2006 13:11:18 +0100
Thanks for all that input. I've changed the settings on the SBS with
the router and it all still seems to work ok, but I haven't managed to
VPN yet.
Meanwhile, another problem has occured on the other SBS system that
does not have a router but just an ADSL modem talking to the external
network card.
Thinking that I know understood the settings (dangerous I know!) I set
it up according to the document and everything seemed ok. Until users
on the road started screaming that OWA now doesn't work!!
I think there are two possible problem areas:
1) This SBS system didn't have DHCP installed when setup. I've had to
do it manually and setup my own Scope. I didn't setup any of Server
Options, so should I have done?
2) In addition, I'm unsure of the significance of the VPN Server Name
entry in the Configure Remote Access wizard. We dont host a domain on
our server, just having a static IP, so I entered that number there.
Is this ok?
Any help urgently appreciated,
JohnK
On Wed, 27 Sep 2006 07:52:04 -0700, "Steve" <newsgroup@xxxxxxxxxx>
wrote:
You might want to consider RWW as an alternative to VPN depending on your
specific needs.
"Joe" <joe@xxxxxxxxxxxxxx> wrote in message
news:euTIhvj4GHA.1848@xxxxxxxxxxxxxxxxxxxxxxx
John F Kappler wrote:
Hi. We're running SBS 2003 Premium with two LAN cards and a Router to
Broadband. This all works at present!
I'm in the process of trying to do two changes:
1) Changing our router to a load balancing variant with two broadband
lines, each with a static ip.
2) Trying to setup the server for VPN access by our users.
I've been reading various MS articles on VPN setup, and in particular
306082. In that article, section 1.f, it says you should setup the
external
network card's ip address as the static ip given by your ISP.
However, ours is set to an address specific to that card in the server
(192.168.1.251).
In addition, the paragraph also says the default gateway should be a
static address provided by the ISP. Ours is pointing to the Router
(192.168.1.253), which then has a setting for the ISP provided static
ip.
Lastly, the article says the preferred DNS server should be pointing
to the address assigned to the internal LAN card (192.168.0.251). Ours
is pointing to the DNS addresses provided by our ISP.
I have noticed the article is for SBS 2000. Does this make a
difference? I'm reluctant to change to the articles recommendations
whilst the server appears to provide the services we need. Or do I
need to change to get VPN working?
Microsoft is assuming the use of a DSL modem, rather than a router.
Those things will be true for your router, not your SBS. That's
mainly why using a router is a good idea, as the SBS configuration
is not affected by your ISP changing its default gateway or DNS
servers, such changes being picked up automatically by the router
without bothering SBS. As far as SBS is concerned, the router is
the default gateway. SBS should neither know nor care how many
Internet connections are available to the router.
The SBS and all LAN machines must use the SBS itself, on its LAN
address, as the DNS server. If the clients are set to collect IP
configuration and DNS server by DHCP, and SBS is used for DHCP, this
will happen automatically. DNS is central to many of the SBS features,
so if either SBS itself or a workstation uses any other DNS server,
even as secondaries, there will be problems.
The router itself will pick up your ISP's DNS server information,
which is not a problem. The only place in the SBS system those
DNS servers should appear is as forwarders to the SBS. The CEICW
wizard will ask for those at one point, though you can leave that
entry blank. If you run the 'ipconfig /all' command for workstations
and SBS, all DNS server entries should show the SBS LAN address only.
For VPN, the router must forward the relevant IP streams (TCP/IP
port 1723, IP protocol 47 or GRE) to the SBS external NIC. Those
streams together are referred to as 'PPTP' by some routers which
don't forward them separately. Clients will connect to the public
name or IP address of the router, which will appear to be the VPN
endpoint.
For VPN configuration on the SBS, run the CEICW and the Remote Access
wizards. They will do all the jobs necessary, and are specific to SBS
and not to standard Windows Server. I'm not sure what the older SBS
used, but I think these wizards are new to SBS2003.
Users will need to be members of the Mobile Users group to use VPN.
If you have problems come back here with the error messages.
.
- Follow-Ups:
- Re: VPN, Two LAN Cards and a Router
- From: John F Kappler
- Re: VPN, Two LAN Cards and a Router
- Prev by Date: Re: sbs exchange is squelching my email from a pop account
- Next by Date: Re: Allowing Remote Clients to Access Network Shares
- Previous by thread: Recover deleted message from public folder
- Next by thread: Re: VPN, Two LAN Cards and a Router
- Index(es):
Relevant Pages
|
