Re: SBS 2003 RRAS VPN - print to local network

As a general VPN idea remote systems (PC/devices/networks) should _never_ be in the same subnet. Having them in the same subnet creates routing issues.

--
SBS remote support services. (Fees apply)
mickm at mickmalloy dot dyndns dot org

"Jack" <Jack@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:2424DE4B-FE38-4226-BB10-5360F5268F09@xxxxxxxxxxxxxxxx
In this case the remote office and the SBS / RRAS server use the same private
IP addressing -

RRAS server - 192.168.222.2

Remote PC - 192.168.222.10 - assigned 192.168.222.18 by RRAS
Remote printer 192.168.222.51

Will that make a difference? Should the remote office be placed on a
different IP 's?

"kj [SBS MVP]" wrote:

SuperGumby [SBS MVP] wrote:
> the routes on the remote are of no value. It is routing on the RRAS
> server that is of consequence.
>
> HomeLAN
> IP Printer - 192.168.27.5
> HomePC - 192.168.27.6 gets IP 192.168.55.100 from RRAS.
>>
> Internet
>>
> RRAS Server (SBS?) 192.168.55.2
> CompanyPC - 192.168.55.33
>
> If 55.33 uses 55.2 as the default gateway no additional routing
> required on 55.33. If the RRAS server is not default gateway 55.33 > needs
> to be
> told to route 27.x through 55.2.
>
> To do this the AD must be a minimum 2000 functional level (OK,
> SBS00/03/08) and RRAS told (through ADUC) to assign a static IP to
> the user, 55.100. RRAS is then told to static route traffic for 27.x
> through 55.100.


Ah, OK. I think I'd buy that solution SG, and if the OP's user only VPN's in
from that one remote location it should work with those modifciations.


>
>
> "kj [SBS MVP]" <KevinJ.SBS@xxxxxxxxxxxxxxxxxx> wrote in message
> news:unHeEeMrJHA.496@xxxxxxxxxxxxxxxxxxxxxxx
>> SuperGumby [SBS MVP] wrote:
>>> split tunneling is not necessary for this. The machine behind RRAS
>>> simply needs to route back through the VPN, this will occur if the
>>> RRAS server is the default route for the LAN client, and RRAS has
>>> the route set.
>>
>> not been my experience. But if as you say SG, then it should be
>> working, but is not.
>>
>> So if the above is true, then one or both of the above conditions
>> are not true.
>>
>> a route print from before a VPN conneciton and a route print durring
>> a VPN connection would then be illuminating.
>>
>>
>>>
>>> "kj [SBS MVP]" <KevinJ.SBS@xxxxxxxxxxxxxxxxxx> wrote in message
>>> news:%23f30MNMrJHA.3584@xxxxxxxxxxxxxxxxxxxxxxx
>>>> SuperGumby [SBS MVP] wrote:
>>>>> funnily, though I expect it likely there is, so far, no indication
>>>>> of split tunneling.
>>>>
>>>> Right, but that's what it would entail to use LAN printer
>>>> concurrent with a RRAS VPN connection. Without it, the remote
>>>> client route is to the default gateway which is the VPN connection
>>>> to the SBS server. Without a route back to the remote LAN it won't
>>>> get to the printer.
>>>>>
>>>>>
>>>>> "kj [SBS MVP]" <KevinJ.SBS@xxxxxxxxxxxxxxxxxx> wrote in message
>>>>> news:OO4niqLrJHA.724@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>> Jack wrote:
>>>>>>> A user in a remote office connects to the SBS through RRAS. Is
>>>>>>> there a way for them to print to a local networked printer in
>>>>>>> their office while connected to the VPN? Printer has a private
>>>>>>> static IP in the same subnet as their desktop. Thanks.
>>>>>>
>>>>>> Split tunnel VPN. Yikes. There are some pretty good write ups on
>>>>>> this and you might find the explanation here acceptable.
>>>>>>
>>>>>> http://cramsession.brainbuzz.com/articles/print-article.asp?article_id=316&article_url=%2Farticles%2Fget-article.asp
>>>>>>
>>>>>> If they are in an "office" other than a home office, you might
>>>>>> want to configure a site-to-site VPN rather than risk a split
>>>>>> tunnel VPN. --
>>>>>> /kj
>>>>
>>>> --
>>>> /kj
>>
>> --
>> /kj

--
/kj




.

Relevant Pages

  • Re: RRAS, NAT & External VPN Problem
    ... You were on the right track, but you can't route directly from the ... (ie are the firewalls the endpoint of the VPN ... (ie the firewall in LAN 1), not the RRAS router. ...
    (microsoft.public.win2000.ras_routing)
  • Re: VPN & FTP Question
    ... that the remote client is XP Pro SP2. ... I'm guessing that it is somethint to do with retaining the "route add" ... > default gateway will be changed to the VPN connection once the VPN ... > simply turn off the Use default gateway on remote host in the TCP/IP ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN routing
    ... A remote site connected by a point-to-point T1. ... We can connect with a VPN directly to the firewall's external ... The main firewall does have a static route for 10.0.3.0/24 through ...
    (comp.dcom.vpn)
  • Re: Route an external IP address via site to site vpn
    ... setup the site-to-site VPN connection thru 2 ISA 2004 servers? ... but the remote ISP not. ... We only need to add a static IP route on local ISA server to let the ISA ... Router add ExternalIP RemoteISAInternalIP ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN Error 733, Event Log Error 20050 with SBS 2003 - revisited
    ... the VPN from within the LAN with anti-virus ... It seems that I need to look at repairing the whole of RRAS. ... disable or uninstall any antivirus software on the RRAS Server. ... check if there are some firewall between remote VPN client and RRAS server. ...
    (microsoft.public.windows.server.sbs)