Cisco VPN and SBS 2000

TheMSsForum.com: The Microsoft Software Forum

I hope I can find an answer for this. I am trying to get a connection
to a SBS 2000 server over a VPN.

I have a Small Business Server 2000 network at the office. The
Internal IP range is 10.0.0.x. The server is 10.0.0.1 and the clients
are assigned similar IP addresses.

The other network card is plugged into the Cisco router. The IP
addresses are 192.168.1.1 for the router, and 192.168.1.2 for the
internal NIC.

The other end of the Cisco router VPN is at a home office. The router
there is 192.168.2.1 and the computer it is connected to is
192.168.2.2.

The ISP that manages the routers assure me that the VPN is working
fine. I can PING both ends of the VPN, but I cannot browse.

If I type \\192.168.1.2\share, I get an error message saying that it
cannot find it. I know this share exists though.

Does anyone have any ideas what could be wrong?
Top

Re: Cisco VPN and SBS 2000 by Chad

Chad
Mon Sep 29 10:51:16 CDT 2003

Hi Phil -

Are you running ISA on this SBS? If so, your VPN isn't doing anything since
it is being terminated outside ISA. There is no way for ISA to discern
between regular internet traffic and VPN traffic. You'll either need to
configure ISA to act as your VPN server (instead of the Cisco), or move the
Cisco to your internal network space.

--
Chad A Gross - SBS Rocks!

Lerman's Law of Technology: Any technical problem can be overcome
given enough time and money. Corollary: You are never given enough
time or money.



Phil Matish, MCSE wrote:
> I hope I can find an answer for this. I am trying to get a connection
> to a SBS 2000 server over a VPN.
>
> I have a Small Business Server 2000 network at the office. The
> Internal IP range is 10.0.0.x. The server is 10.0.0.1 and the clients
> are assigned similar IP addresses.
>
> The other network card is plugged into the Cisco router. The IP
> addresses are 192.168.1.1 for the router, and 192.168.1.2 for the
> internal NIC.
>
> The other end of the Cisco router VPN is at a home office. The router
> there is 192.168.2.1 and the computer it is connected to is
> 192.168.2.2.
>
> The ISP that manages the routers assure me that the VPN is working
> fine. I can PING both ends of the VPN, but I cannot browse.
>
> If I type \\192.168.1.2\share, I get an error message saying that it
> cannot find it. I know this share exists though.
>
> Does anyone have any ideas what could be wrong?


Top

Re: Cisco VPN and SBS 2000 by anonymous

anonymous
Mon Sep 29 11:46:03 CDT 2003

Is there any way I can move the Cisco to the Internal network space and still use SBS ISA to handle everyone's Internet connections?
Top

Re: Cisco VPN and SBS 2000 by Chad

Chad
Mon Sep 29 12:58:32 CDT 2003

Yes - but you're going to need another router. ISA needs 2 network
interfaces to act as a firewall. In order to have a VPN router in the
internal network space and still use ISA, you'll need a setup something like
this:

Internet
|
------- Router -------
| |
| SBS
| |
VPN Router ---------- Switch
|
LAN clients

You then have the external router forward all VPN traffic to the VPN router.
LAN client still point to your SBS for proxy / DHCP / DNS / Gateway, etc.

--
Chad A Gross - SBS Rocks!

Lerman's Law of Technology: Any technical problem can be overcome
given enough time and money.
Corollary: You are never given enough time or money.



Phil wrote:
> Is there any way I can move the Cisco to the Internal network space
> and still use SBS ISA to handle everyone's Internet connections?


Top

Re: Cisco VPN and SBS 2000 by Julian

Julian
Mon Sep 29 16:45:43 CDT 2003

I'm still trying to do a similar thing with draytek routers. I have been
told from microsoft.public.isa.vpn group that the correct way of doing this
is to establish a VPN between the routers to create the tunnel and then
create a second tunnel from the remote router to ISA.

I have not had time to play since but its well worth a look at this group
and Tom Schinder's site at www.isaserver.org/shinder

He also has a pack that can be downloaded full of usefull info.

I only wish smallbizserver.net had a walk through with screen shots!

Julian



Chad A Gross wrote:
> Yes - but you're going to need another router. ISA needs 2 network
> interfaces to act as a firewall. In order to have a VPN router in the
> internal network space and still use ISA, you'll need a setup
> something like this:
>
> Internet
> |
> ------- Router -------
> | |
> | SBS
> | |
> VPN Router ---------- Switch
> |
> LAN clients
>
> You then have the external router forward all VPN traffic to the VPN
> router. LAN client still point to your SBS for proxy / DHCP / DNS /
> Gateway, etc.
>
>
> Phil wrote:
>> Is there any way I can move the Cisco to the Internal network space
>> and still use SBS ISA to handle everyone's Internet connections?


Top