Re: VPN clients unable to connect to other resources.



I can't think of a way to cover up for this, so I'll just admit it: I don't know squat about XP Home. Are you saying that an XP Home PC wouldn't be able to connect to a server share over VPN?

I don't think that's what we're seeing here, because I'm reading the OP to say that after connecting the VPN, he can connect to \\sbs\share but not \\clientpc\share. Can ping the SBS but not the client PCs on the same network. And he gets the same result using the IP instead of the host name. And from within the LAN, everything works as expected, attempting to connect in the same way, and with the same credentials. (And user rights aren't a factor at the point where ping fails and he gets a "path not found" error).

J Smith, are you sure you're not terminating the VPN at the SonicWall rather than the SBS? The only route the SonicWall knows is from itself to the SBS, right?


"kj [SBS MVP]" <KevinJ.SBS@xxxxxxxxxxxxxxxxxx> wrote in message news:OB8IpqZfIHA.4120@xxxxxxxxxxxxxxxxxxxxxxx
XP Home?

Dave Nickason [SBS-MVP] wrote:
I logged in to my SBS domain from home (XP, not joined to domain) and
checked the IP info - what you're seeing there is normal. The default
gateway matches the IP of the remote client, and DNS and WINS point
to the SBS. I can go to Run -> \\hostname\sharename or
\\IPAddress\sharename from remote (although it takes close to a
minute to connect, and I get a password prompt the first time), and I
can ping the SBS and my office desktop by name and IP.

So now the question is why you appear to be getting logged in
correctly, and getting the right IP addressing, but can't connect to
shares. I'm drawing a blank, but this is bugging me, so I'll keep
thinking about it. You don't have any 3rd party security software on
those client PCs that you can't connect to, right? If you try to RDP
into one over VPN, do you get a login prompt, or do you get path not
found?
This is just regular Windows VPN, right? From the remote XP box,
you're just connecting a regular VPN connection to the SBS by IP or
mail.sbs.com (or whatever), then opening Run on the remote client and
trying \\john\share? And \\john\share fails while \\sbs\share
succeeds?
The only thing that comes to mind right offhand is that Windows
Firewall thing I mentioned earlier. That would block ping and
connection to a share, but it would block it from the LAN as well as
remotely. It could be inconsistent, though, showing up after some
but not all reboots. This can't be something as simple as power mgmt
putting that PC into sleep or hibernate, right? (Sorry for asking,
but stranger things have happened).
You've compared an ipconfig /all from a LAN PC and the remote VPN
client PC, right? And they match in all respsects except for the
subnet mask and default gateway?



"J Smith" <JSmith@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C4517E44-2244-4299-8626-38D669025789@xxxxxxxxxxxxxxxx
Hi Dave,

After I connect to the VPN on the SBS 2003 machine I'm unable to log
onto another resource on another machine. If I go to start, run,
\\john\share I get the network path was not found. Like the share
doesn't exist. All shares
and network settings work on the LAN. We only have this problem with
VPN clients. The XP clients are not part of the domain either. They
are strickly
home PC's. I'm wanting to use the VPN client to simply join them to
our network and browse and use the network resources as they were in
the LAN. I'm not missing the concept of how this functions am I? I
understand that the
VPN server, remote routing and access running on the SBS 2003 server
manages
the connections and allows the connection to come in and connect. I'm
getting
this far but it stops there. It's like the remote connections are not
updated
with the VPN route table or VPN LAN network information.

Once the connection is successful I am able to go to Start, Run,
\\192.168.2.25 and open all the shares on the server. I'm wanting
to be able
to do this with other PC's on the same LAN and this is what is not
working.
Also once connected I'm not able to use the PC name to connect
either. WINS
and DNS are configured and hardset on the VPN client side as well for
192.168.2.25.

Again thanks for your help and time.

"Dave Nickason [SBS MVP]" wrote:

After you connect the VPN to the SBS as expected, can you please
describe what you're trying to do that's failing, and how you're
trying to do it? Please post back what's failing, and the specific
error message (if there is
one).

For example, if you have a share on a desktop PC that you're trying
to access, what happens if on the remote client, you go to Start ->
Run and type in \\hostname\sharename? And if that fails, what
happens when you try
to do it from another machine on the SBS LAN?

I wouldn't worry about ping except in the absence of the ability to
actually
connect. For example, your SonicWall is probably configured to
ignore pings. I would start by seeing if you can connect to a
resource from within the LAN, and if not, look at the firewall
settings and the remote access permissions on that machine. Besides networking, which appears to be
working properly, you could be running up against the local
machine's firewall settings, NTFS permissions, etc.

One thing to check - if you're having trouble connecting to an XP
box, go to
CP -> Windows Firewall and make sure it's set to use the domain
settings (it'll tell at the bottom of the first page in the
firewall properties). If
it's set to non-domain, set the Network Location Awareness service
to automatic startup, and either reboot or do a gpupdate /force. In the non-domain configuration, remote access is blocked, and so
is ping. "J Smith" <JSmith@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D8F9B880-7B16-49F0-9A73-1EF4D0A395C5@xxxxxxxxxxxxxxxx
The XP Pro clients are connecting to the SBS 2003 server. I did
use the wizard to setup remote access. The clients connect to the
server and can
access the server shares and so forth. The IP of clients when they
connect
is 192.168.2.XXX matches the subnet of the 2003 server. I find it
strange
that the IP and Gateway match the on the network IP given by the
DHCP server.
I need the VPN because we have a sonicwall device that will backup
client
laptops on the network via VPN access. I can't ping the sonicwall
device
nor
the gateway. I need the VPN to work for the device to pick-up the
CDP data
protection for the remote clients this rules out the RWW.

"Dave Nickason [SBS MVP]" wrote:

Are you using the SBS as the VPN end point? If your SBS and your
local
client PCs are on 192.168.2.x, your remote clients should be
getting an
IP
address from the DHCP server on the SBS that's in the 192.168.2.x
subnet.

If you haven't already, I'd go to the Server Mgmt Console,
Internet page,
and run the Configure Remote Access wizard. Not sure that'll fix
this,
but
it's a start.

Do you need VPN for some reason? If not, why not use RWW instead?


"J Smith" <JSmith@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9606D119-6C75-4A7C-B5F2-FCF5ABBC1E75@xxxxxxxxxxxxxxxx
XP Client machines that can successfully connect to the SBS 2003
server
via
VPN cannot access other shares or network resources outside of
the SBS
2003
server. After connecting to the VPN server the IP assigned from
the server
matches the gateway on the DHCP assigned address from the server.

IP 192.168.2.57
Gateway 192.168.2.57

I can ping and connect to the server 192.168.2.25 but I can not
ping the
true gateway 192.168.2.1 nor ping any other machine on the
subnet. The
IP
scheme of the XP Client machines are 192.168.1.XXX so I'm pretty
sure
this
is
not an issue. I think there is a route problem or
misconfiguration on
the
VPN
server. I'm wanting to be able to let the XP client access other
shares
on
a
couple different locations 192.168.2.250 and 192.168.2.225.
Thanks for
your
feedback and assistance.

J Smith

--
/kj


.



Relevant Pages

  • Re: VPN Client Incorrect Netmask (Vista -> Win2K3)
    ... The remote client gets its network config from the remote access server as part of the ppp negotiation. ... Microsoft programmers SEVERLY damaged the VPN Client in Vista and Server 2008. ...
    (microsoft.public.windows.server.networking)
  • RE: VPN error with sbs2003 and isa 2000 installed
    ... connection from a remote client, the connection terminated in the process ... You receive an "Error 721" error message when you try to establish a VPN ... Open Server Management console and navigate to 'To Do ... Please temporarily place a client directly connected to the external NIC ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN PPTP problem
    ... external NIC IP is in the same subnet with the remote client. ... Please try to establish the VPN connection from the internal clients. ... |> How to configure Internet access in Windows Small Business Server ...
    (microsoft.public.windows.server.sbs)
  • RE: Problems with connectcomputer and active directory
    ... I understand that you would like to join a remote client to the domain. ... If you have hardware VPN tunnel setup using Linksys or others, ... In this scenario you have to configure the SBS Server computer to enable ...
    (microsoft.public.windows.server.sbs)
  • [Full-Disclosure] R: Full-Disclosure Digest, Vol 3, Issue 42
    ... Full-Disclosure Digest, Vol 3, Issue 42 ... SD Server 4.0.70 Directory Traversal Bug ... Arkeia Network Backup Client Remote Access ...
    (Full-Disclosure)