rcunningham8820
Mon Nov 22 23:01:12 CST 2004
Ok, so I went the easy route. I setup the PC inside router A local
network to dialin to the SBS inside router B network. Easy. But I
was in a crunch. The boss wanted it done and that was my fastest way.
NOW, though he wants another office (with not just one but 5 pcs) to
do the same thing and I'm thinking I should do what you said and tie
router a to SBS.
Is there any drawbacks to how it is setup now where the pc dials on
demand to the server?
> You may be able to do this by routing and changes to ISA and whatever, but
> would you like to see if the easy way works first?
How would I find out how to do the routing. Even if I didn't use it
this way I realy think I could learn something if I could see an
example and set this up??
Thanks again!!!
"SuperGumby [SBS MVP]" <not@your.nellie> wrote in message news:<#jgQVkJyEHA.2212@TK2MSFTNGP15.phx.gbl>...
> "rcunningham8820" <rcunningham8820@yahoo.com> wrote in message
> news:2de05d67.0411112315.59f7ca51@posting.google.com...
> > I'm with you. I wanted to stay with the two nics also. I think I've
> > got most of it setup like you described but it still doesn't work. I
> > have a vpn network and I can see all ips except for the SBS domain and
> > internal nic ips.
>
> your setup is OK, having routers in front of the networks is a good idea.
>
> > When you said terminate the VPN at the server is that the same as the
> > VPN tunnel I have between the two routers or are you saying that I
> > should not use the routers to establish a VPN at all, instead us
> > static ips and so on... The Microsoft docs that Marina so kindly
> > referred to seems to favor a hardware VPN for an always on more than
> > one pc VPN.
>
> A vpn has two 'endpoints'. I get in trouble when discussing vpn's because I
> reckon a vpn client calls into a vpn server.
>
> If your endpoint is the router then vpn clients are still outside your
> network.
>
> Member PC (server, ws, no difference)
> |
> |
> router (A)
> |
> |
> Internet
> |
> |
> router (B)
> |
> |
> SBS, two NIC ISA
> |
> (C) SBSinternal subnet
> |
> SBS ws's
>
> if you tunnel between (A) and (B) you have to do all sorts of nasty things
> in ISA and maybe DNS and you could possibly do some funky routing things,
> and...
>
> If you ignore the vpn facility of (B) and use SBS as the endpoint you
> effectively join (A) to (C). The pisser is that some VPN capable routers,
> like (B), don't like to be ignored and may interfere with the tunnel.
>
> > How do I get my remote site to see the SBS server? I can't ping the
> > SBS internal nic only it's external nic. I'm thinking I cannot
> > connect to it because I've got something wrong in the routing and
> > remote access or something like that. Do you know of any docs I could
> > use that would serve as a test lab for the way I am setting this up?
>
> You may be able to do this by routing and changes to ISA and whatever, but
> would you like to see if the easy way works first?
>
> > Thanks!
> >
> >
> > "SuperGumby [SBS MVP]" <not@your.nellie> wrote in message
> news:<ey1acc7xEHA.1308@TK2MSFTNGP09.phx.gbl>...
> > > your tunnel is being terminated outside the SBS LAN.
> > >
> > > Two obvious scenarios present themselves.
> > > 1) Remove one NIC from the SBS and move the router at this end to the
> > > internal network. OR
> > > 2) Use PPTP passthrough and port forwarding on the SBS end router to
> allow
> > > termination of a PPTP VPN at the SBS's external NIC. As well as PPTP
> > > passthrough you need port 1723 forwarded to the external IP of SBS.
> > >
> > > I would prefer to keep the two NIC setup and terminate the VPN at the
> > > server, for SBS2000 or SBS2003 Premium (ie, any server running ISA).
> With
> > > SBS2003 Standard I wouldn't really care much
> > >
> > > "rcunningham8820" <rcunningham8820@yahoo.com> wrote in message
> > > news:2de05d67.0411102214.5070d9bf@posting.google.com...
> > > > Thank you Marina. The router does have PPTP pass through (also has
> > > > ipsec) enabled.
> > > >
> > > > I read the document you included for me (thank you) but it doesn't go
> > > > much into the dedicated router setup and I'm lost at several points.
> > > >
> > > > One difference w/this document and my setup is the routers require
> > > > each the main office and branch office to be seperate subnets. In my
> > > > case (main) 192.168.1.x (branch) 192.168.2.x
> > > >
> > > > The server external nic is 192.168.1.2 and internal nic is
> > > > 192.168.16.2 I'm guessing that I've some kind of routing problem and
> > > > I saw a few things mentioned in that document but I don't understand
> > > > them well enough to fix it. I can ping the server's wan ip
> > > > 192.168.1.2 from the remote site (PC IP is 192.168.2.100) so I'm
> > > > guesing that the server needs a static route from it's 192.168.1.2 to
> > > > the internal network 192.168.16.x How do I do this? Computers from
> > > > the 16.x network don't have to access the 2.100 pc so I guess I don't
> > > > need to "Make the Remote Network Available to Client Computers".
> > > >
> > > > I talks about having static Internet IPs and I don't have any. I'm
> > > > using dyndns.org. Can't I establish the VPN with the routers and use
> > > > the private subnet ips instead of public ones?
> > > >
> > > > Do I have to "create a two-way VPN connection" with SBS even though
> > > > there is a VPN with the routers?
> > > >
> > > > Thank you!
> > > > :O)
> > > >
> > > > "Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
> message news:<#LihTK3xEHA.2624@TK2MSFTNGP11.phx.gbl>...
> > > > > Hi,
> > > > >
> > > > > Are you following this document?
> > > > >
> > >
>
http://www.microsoft.com/technet/prodtechnol/sbs/2000/maintain/remotofc.mspx
> > > > >
> > > > > GRE protocol 47 is also known as PPTP pass through. Do you see that
> on
> the
> > > > > Linksys?
> > > > >
> > > > > --
> > > > > Regards,
> > > > >
> > > > > Marina
> > > > > Microsoft SBS-MVP
> > > > >
> > > > > "rcunningham8820" <rcunningham8820@yahoo.com> schreef in bericht
> > > > > news:2de05d67.0411101312.49d44120@posting.google.com...
> > > > > > I'm trying to setup a vpn between a main office and a branch
> office.
> > > > > > Both locations each have a LinkSys BEFVP41v2 and I've successfully
> > > > > > established a tunnel between them. The server has two nics and
> ISA. I
> > > > > > can ping the server's wan nic ip from the remote location and I
> can
> > > > > > ping the router's LAN ip and the LAN ip of the workstation at the
> > > > > > branch office. But I cannot join the domain at the main office.
> > > > > >
> > > > > > In the router at the main office, I've forwarded port 1723 to the
> wan
> > > > > > nic/ip of the Server (192.168.1.2), but I didn't know where to
> enable
> > > > > > protocol 47. I've run the wizard on the server to enable vpn so I
> > > > > > think I have that right. The subnet at the branch office is
> > > > > > 192.168.2.x
> > > > > >
> > > > > > I cannot ping the server's internal nic ip from the workstation
> (am I
> > > > > > suppose to be able to)?
> > > > > >
> > > > > > Thanks for your ideas. I'll gladly supply any more info, thanks.