Re: PLEASE HELP-Router to RRAS Problem

fieldy <fieldy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Hi Les,

Thank you so much, your reply narrows down my options. I would like
to look at the SBS router passthrough option, does this involve a
static route from the SBS router end, as i can not see how the VPN
from the remote router will get through to the LAN traffic? also does
DNS factor in here for the remote machines to resolve to the SBS
network

You really are better off going with single NICs and hardware/router VPN.
Seriously.


Thanks again,

"Les Connor [SBS MVP]" wrote:

Hi Fieldy,

You can create a hardware VPN with your existing two nic setup, but
the vpn endpoint on the SBS end is the router, not the SBS lan.
That's not what you want.

You have two choices:

a) remove the external nic from the SBS, and then your
router<>router VPN will work correctly.
b) if you think ISA will be in the mix in future, then your SBS must
be the VPN endpoint on that end. The router on the SBS end must then
be configured to pass through the VPN traffic from the remote site.

--
Les Connor [SBS MVP]


"fieldy" <fieldy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B49C6C29-7278-4371-A199-B8575818DB2B@xxxxxxxxxxxxxxxx
Hi again,

I am only running one SBS server with a router router VPN. My
question is, can this be done with a dual nic config or do i need
to go to a single nic?

Here is the Ipconfig from my server:

Windows IP Configuration



Host Name . . . . . . . . . . . . : xxxxxxx

Primary Dns Suffix . . . . . . . : xxxxxxxxxxxxxx.local

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : Yes

DNS Suffix Search List. . . . . . : xxxxxxxxxxxxxx.local



Ethernet adapter Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection

Physical Address. . . . . . . . . : 00-14-22-0B-73-88

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 10.0.0.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : 10.0.0.1

Primary WINS Server . . . . . . . : 10.0.0.1



PPP adapter RAS Server (Dial In) Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface

Physical Address. . . . . . . . . : 00-53-45-00-00-00

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 10.0.0.24

Subnet Mask . . . . . . . . . . . : 255.255.255.255

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled



Ethernet adapter External:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel(R) PRO/100 S Server
Adapter #2

Physical Address. . . . . . . . . : 00-0E-0C-82-C3-36

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.0.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 10.0.0.1

NetBIOS over Tcpip. . . . . . . . : Disable

Many thanks

"Lanwench [MVP - Exchange]" wrote:

fieldy <fieldy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Hi again,

The config i am using is Local LAN start IP address (SBS router)
is 192.168.0.3, with SM of 255.255.255.0 and Local LAN start IP
address (Remote router)192.168.2.3, with SM of 255.255.255.0
which are different subnets. I am now at the remote office and
will not leave until i get this sorted (may be a while!)

I have looked again and have a VPN established and verify that by
logging into both routers to confirm.

This does seem like DNS or static routing from SBS2003 end to me
as i can ping the first IP on the remote router (192.168.2.x) but
cannot ping the first available on the SBS router (192.168.0.x)

Any thoughts?

I really don't like the 2-NIC/No ISA config, as mentioned. I think
Leythos'
post is pretty clear on this too. That said, try posting an
unedited ipconfig /all from each server....


..

Thanks so much

"Lanwench [MVP - Exchange]" wrote:

fieldy wrote:
Hi again,

Local LAN start IP address (SBS router) is 192.168.0.3, with SM
of 255.255.255.0 and Local LAN start IP address (Remote router)
192.168.2.3, with SM of 255.255.255.0

This is replicated on the Remote router end

You wrote:
" The IP address range is 192.168.0.3 (SBS)
and 192.168.0.3 (Remote IP) with 255.255.255.0 Subnet
masks."

Again, you must not, and cannot, use 192.168.0.__ as the private
/ internal *subnet* in both locations. The VPN tunnel will not
work. Change one of the networks to something else, like
192.168.1.__ with 192.168.1.1 as the internal-facing IP address
on that Netgear.

Since you're so far away from the other office, it may be
easiest to do it on the SBS box by using theChange IP address
wizard..... but someone in the other office will have to do some
work, or perhaps you can walk them through it or have them ship
the router to you so you can preconfigure it & send it back.

I don't use a two NIC setup and don't see the value in it unless
you're using ISA; to me it adds additional complexity for minimal
benefit. I prefer decent firewall appliances. However, RRAS has
nothing to do with this as you're using a hardware-based VPN
config, which is what I prefer to use too.

You might post an unedited ipconfig /all from your server...


Thanks again,


"Leythos" wrote:

On Sat, 17 Mar 2007 12:13:08 -0700, fieldy wrote:

Hi,

The remote office is 40 miles away, which i will be leaving
for shortly to try and get this issue fixed :)

The remote lan can ping all on its subnet but the Main office
cannot ping anything on the remote site.

I have configured the VPN exactly in this link fro Netgear:
http://kbserver.netgear.com/kb_web_files/n101479.asp

It seems like there is nothing resolving as the machines have
Internet access but cannot see the SBS Network?

But you've not told me how you setup the details.

On each side, under TRAFFIC SELECTOR, what did you enter?

If you followed their setup, what specifically did you enter in
those boxes on BOTH sides?


--
Leythos
spam999free@xxxxxxxxxx (remove 999 for proper email address)



.

Relevant Pages

  • Router to ISA 2K VPN Problem
    ... I am trying to setup a site to site VPN from an ADSL Draytek 2600 router ... (Remote site with Static Public IP Address, ... I have run the Local ISA VPN Server Wizard on the SBS and have set it up ...
    (microsoft.public.isa.vpn)
  • Re: VPN Problems
    ... I have run the Configure Remote Access Wizard and ... I am able to VPN in to another SBS 2003 network that I take care of so I ... I'll pop over and eliminate the router to see if that improves matters. ...
    (microsoft.public.windows.server.sbs)
  • Re: More Than One VPN from Home?
    ... I am using the SBS VPN connector on the server and WinXP VPN at the remote location. ... I just tried this again, unsuccessfully, from another remote location, with another brand of router. ...
    (microsoft.public.windows.server.sbs)
  • RE: File Access Over VPN
    ... remote clients access Shares of SBS. ... sure Virtual Private Networking (VPN) is selected in the Services ... server on the Web Server Certificate page. ...
    (microsoft.public.windows.server.sbs)
  • Re: netopia 3346 and site to site vpn with sbs 2003 premium
    ... unavailable and the client uses cached creds. ... everythime its an issue with the route from the remote site router. ... SBS 2003 SP 1 with ISA 2004 installed. ...
    (microsoft.public.windows.server.sbs)
Loading