Re: Remote site browsing and file access
- From: msb-2007@xxxxxxxxxxxxx <msb2007nospamnospam@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 17 Nov 2007 13:33:01 -0800
"Claus" wrote:
Matt,.
I'm not quite sure why you are using this schema unless you anticipate that
you are going to need several subnets at the remote site. Also, from your
SBS box point of view, the remote site is in the same subnet as the SBS. I
also don't understand why (in a 2NIC setup) the clients don't point to the
SBS as the GW.
I have set up quite a few of those scenarios. I'm not a big fan of using
10.x unless I need a whole bunch of remote subnets and I don't recommend a
class A subnet mask for routing purposes. In your case your SBS sends all
packets for the HQ traffic first to the VPN router and then the router (if
configured right) sends it back to another client at HQ.
My approach would be to use something like this:
HQ 192.168.100.x with 255.255.255.0
SBS LAN NIC 192.168.100.1
HQ VPN router 192.168.100.5
All clients point to SBS as DNS, WINS and GW
Static route on SBS 192.168.101.0 255.255.255.0 192.168.100.5
Remote site 192.168.101.x with 255.255.255.0
(setup is assuming that ALL traffic goes to HQ if that's not the case this
can be changed)
DC at the remote site 192.168.101.2
VPN router 192.168.101.1
All computers point to the VPN router for GW and to the SBS box for WINS and
DNS.
Depending on the number of clients at the remote site and possible separate
internet access you can make the routing more complex and only route the
traffic for 192.168.100.x through the VPN router.
You could adjust your current configuration by just changing the subnet
masks but I have seen some weird behavior with 10.x networks and class C
subnetting - although there is not technical explanation why it should be
any different.
--
Claus
"msb-2007@xxxxxxxxxxxxx" <msb2007nospamnospam@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message news:AC4A17DE-1AE0-4EC2-9D4C-1C15898AD577@xxxxxxxxxxxxxxxx
Thanks for taking the time to post -- I appreciate the response. However,
I'm pretty skeptical its a routing issue (at least not any more of an
issue
than routing typically causes for remote netbios name resolution). That
being said, by all means, let me know what I'm missing:
HQ Site:
-DSL cnx w/ multiple public IPs
-OpenWRT based VPN gateway
-- uses software VPN to connect 10.10.0.0/255.255.248.0 network to remote
site
-SBS Server 2003 R2 w/ 2 NICs
-- Nic1 has public IP assigned, connected through OpenWRT router with
extra
firewall and specific transparent port forwards assigned for RWW, HTTP(s),
SMTP, etc
-- Nic2 has internal IP address assigned on 10.10.0.0 network
-- SBS has default route on internet gateway assigned to upstream DSL gw
-- SBS has persistent route added for 10.0.0.0/255.0.0.0 to the VPN
gateway
(10.10.0.1)
-- SBS provides all local DNS and DHCP
-All client PC's are default routed to 10.10.0.1 (vpn gateway) which also
does NAT and web proxy/filter
Remote Site:
-DSL cnx w/ multiple public IPs
-OpenWRT based VPN gateway
-- uses software VPN to connect 10.10.8.0/255.255.248.0 network to HQ
site
-Server 2003x64 R2 w/ 1 NIC
-- Nic has internal IP address assigned on 10.10.8.0 network
-- Server has default route assigned to vpn gateway (10.10.8.1)
-- Server provides all local DNS and DHCP
-All client PC's are default routed to 10.10.8.1 (vpn gateway) which also
does NAT and web proxy/filter
Pretty much everything works if directly connected via
\\remote_machine_ip_or_fqdn_address\share or some such variant. But
browsing
doesn't work. Everything in DNS is properly registering (forward and
reverse).
Thanks in advance for any insight.
-Matt
"Claus" wrote:
Your problem isn't NetBIOS, DNS or WINS, it's a routing issue. To give
you
specifics, I would need to know more details about your network (SBS
version, 1NIC/2NIC setup, subnet at HQ, VPN Router at HQ, Subnet at the
remote office with router IP, server IP, is all traffic from the remote
site
supposed to be routed to HQ or do they have a separate Internet access)
In general terms think about the networks as 2 houses that are separated
by
a few city blocks. If you want to assure that each person living in the
respective house gets the right direction to the other house you need to
assure that at every exit (front door, back door, garage) there is a set
of
instruction that will guide them to the other house. There also need to
be
instructions how to get to the supermarket.
In the networking world you do that with routing tables at ALL possible
exit
points meaning hardware that is referenced as a GW anywhere in your
network
structure(SBS box, routers, remote server etc.).
I hope this helps to clarify a bit.
--
Claus
"msb-2007@xxxxxxxxxxxxx" <msb2007nospamnospam@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:376DF80F-D0F7-41A5-9543-B0F0D3FA062B@xxxxxxxxxxxxxxxx
Ok, I thought I understood NetBIOS over TCP, DNS, and WINS and their
respective pieces in the puzzle to enable remote network file sharing
and
browsing... but I was wrong. Banging my head against the wall...
Can someone point me to a good document for how to configure site to
site
file sharing and browsing (with a SBS server at the core of the
network,
and
a DC at the remote site)???
The sites are connected via VPN, but not MS VPN server to server
(hardware
routers at each site). We're routing private address space (10.x.x.x)
behind
the VPNs, and most things work, but I still get intermittent browsing
issues
and can't connect from the SBS server to \\Remote_XP_Client\admin$ but
I
can
connect from Remote_XP_Client to the SBS server shares.
Thanks.
-Matt
- References:
- Re: Remote site browsing and file access
- From: Claus
- Re: Remote site browsing and file access
- From: msb-2007@nospam.nospam
- Re: Remote site browsing and file access
- From: Claus
- Re: Remote site browsing and file access
- Prev by Date: Re: loss of SOME connectivity
- Next by Date: Re: Unable to get WM5 to synch with Godaddy Cert
- Previous by thread: Re: Remote site browsing and file access
- Next by thread: Server security
- Index(es):
Relevant Pages
|
