Re: Issue with Cisco VPN after adding second NIC to server...
- From: Joe <joe@xxxxxxxxxxxxxx>
- Date: Fri, 04 May 2007 22:34:26 +0100
Garbis wrote:
This past weekend I added a second nic to the server, opened some
ports on the firewall, and kicked on Exchange.
Setup is as follows:
PIX 506e:
Outside: 76.160.xxx.xxx
Inside: 192.168.0.1
Server:
External: 192.168.0.2 (connected to inside interface on PIX), Gateway:
192.168.0.1, DNS: 192.168.1.2
Internal: 192.168.1.2, Gateway: none, DNS/WINS: 192.168.1.2
Clients: 192.168.1.x, DNS/WINS/Gateway: 192.168.1.2
VPN Clients: 192.168.2.x, DNS/WINS: 192.168.1.2
I can connect with the VPN client, but I can't ping the external NIC
(same subnet) as the PIX. I can't ping the internal NIC or any other
internal devices either. Because of this, none of the network drives
are accessible from the VPN client. However, when on the server, I
can ping both NICs, the PIX, and the VPN client IP address. So it
works from the server going out, but not going in to the server.
I thought this was an issue with the PIX, but Cisco tells me it's a
routing table issue with the server.
My routing table is as follows:
IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 72 fd c2 94 ...... Intel(R) PRO/1000 MT Network
Connection - Packet Scheduler Miniport
0x10004 ...00 04 23 e0 39 62 ...... Intel(R) PRO/1000 MT Dual Port
Server Adapte r
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface
Metric
0.0.0.0 0.0.0.0 192.168.0.1 > 192.168.0.2 1
127.0.0.0 255.0.0.0 127.0.0.1 > 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.2 > 192.168.0.2 20
192.168.0.2 255.255.255.255 127.0.0.1 > 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.2 > 192.168.0.2 20
192.168.1.0 255.255.255.0 192.168.1.2 > 192.168.1.2 10
192.168.1.2 255.255.255.255 127.0.0.1 > 127.0.0.1 10
192.168.1.255 255.255.255.255 192.168.1.2 > 192.168.1.2 10
192.168.2.0 255.255.255.0 192.168.0.1 > 192.168.0.2 1
224.0.0.0 240.0.0.0 192.168.0.2 > 192.168.0.2 20
224.0.0.0 240.0.0.0 192.168.1.2 > 192.168.1.2 10
255.255.255.255 255.255.255.255 192.168.0.2 > 192.168.0.2 1
255.255.255.255 255.255.255.255 192.168.1.2 > 192.168.1.2 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
So what am I missing? It's probably just one simple entry, but I'm
having a brain fart.
At first glance it looks OK. I would have said that if you can ping the
remote client from the server, then the server knows what it's doing.
How did this start? You added a second NIC. Did you already have the VPN
set up to the single-NIC system and did that all work? What was the
network address then, 192.168.0. or 192.168.1.?
You don't mention the SBS version i.e. does it have ISA? There are
routing possibilities, but when ping works one way but not the other,
the first suspect is firewalling. A successful ping requires routing
to work both ways.
.
- Follow-Ups:
- References:
- Prev by Date: Re: Sharepoint Web Site not sending alerts for new calendar items
- Next by Date: Re: SBS2003 & Trend Micro
- Previous by thread: Re: Issue with Cisco VPN after adding second NIC to server...
- Next by thread: Re: Issue with Cisco VPN after adding second NIC to server...
- Index(es):
Relevant Pages
|
