Hi all,
Previously posted [initially under VPN from Draytek Vigor 2900...] but
things have moved on a little since then. Current situation is this:
SBS2K - dual NIC set-up with ISA 'sitting in the middle' - 2nd NIC
connecting to Broadband [cable modem]
Remote office connecting via Draytek Vigor 2900Gi
For testing purposes, this is how we have things set-up currently:
LAN - 172.16.0.x
IP-enabled phone system - 172.16.0.50 [*not* a Windows-based system as many
are - Avaya IP Office]
SBS internal NIC - 172.16.0.1
ISA
SBS external NIC - 192.168.42.2 - acting as VPN Server [RRAS/ISA configured
and working]
Broadband Router - 192.168.42.10 - PPTP [1723] pass-through to 192.168.42.2
enabled and working
Vigor External Fixed IP - 192.168.42.50 - gateway of 192.168.42.10
Vigor Internal Fixed IP - 192.168.90.1 - acting as DHCP Server
Laptop - 192.168.90.2 - assigned by Vigor - gateway of 192.168.90.1
IP hardphone - 192.168.90.170 - fixed IP address - gateway of 192.168.90.1
Try as we could, we could *not* manage to initiate a stable VPN connection
from the Vigor to the SBS box - we kept coming up against 'could not
successfully negotiate any network protocols' in the Event Logs on the SBS
box. We were attempting to connect using PPTP and had configured the Server
to the lowest possible level [i.e. not requiring encryption etc and allowing
PAP, etc...]
Therefore, we changed tack a little and can bring up a stable VPN connection
from the SBS box to the Vigor, with the corresponding static routes
configured both ends. We can thereafter do the following:
From the SBS Server, ping anything on the 192.168.90.x range successfully
From the laptop at the Vigor end, ping anything on the 172.16.0.x range
successfully
At this stage we thought we had it cracked. However...
It appears that TFTP traffic [at least] is being blocked or otherhow
prevented from being fully 'transported' between the LANs. On running a
trace of the phone system engineering software, we can see that a request
from the laptop at the Vigor end is received by the system at 172.16.0.50
but that it cannot appear to transmit the requested data back to the
192.168.90.x side successfully, failing with an 'unreachable net' error.
Likewise, from any of the SBS LAN clients, we cannot ping anything on the
192.168.90.x range - in fact, although we can ping the likes of our ISP's
domain from any of the SBS LAN clients, we cannot ping anything on the
192.168.42.x side either.
Anyone got any ideas? I cannot help but think that we're now missing
something simple at the SBS side that is the root of this and that resolving
it cannot be far away. It is somewhat crucial that we get full connectivity
working as we're testing with this in-house set-up the potential for a
client to implement a remote IP phone in a similar set-up [if we can get
this working in our test-bed set-up above, we *should* be able to replicate
it across the Internet - in theory!]
Thanks in advance,
David