Andy
Sun Aug 22 15:31:15 CDT 2004
Mal, a little more time please....
Still struggling, not helped by having 5 miles between ADSL endpoints !!!
Slight correction to my last post, I have minimal outgoing traffic showing
in the remote Draytek VPN status page. however zero coming back to it from
the server.
Anyway I think initially I need to get the SBS end confirmed as correct.
Given that I can establish an XP client VPN connection, what else to I need
to add / configure at the server.
My research suggests a static route is the only other item to be configured.
Correct?
If so two choices:-
1) Use "route add -p" in DOS prompt to create Persistant route.
2) Add a static route in the RRAS console.
Which?
Now what do I enter? Using the RRAS console method as this has more
variables !!!
Interface... Internal / Local / Wide ??
Destination .. The IP subnet of the client LAN at the remote site. Basically
the range that runs the PC's connected to the remote router. In my case
192.168.200.0
Net Mask... 255.255.255.0
Gateway.. Not really clear. Is it local (server) Router Fixed Internal IP
192.168.1.1 / Remote (distant) router Fixed IP 192.168.200.1 / Server WAN
NIC IP 192.168.1.2 / Server LAN IP 192.168.16.2 / RRAS subnet 192.168.100.1
???
A post from Jeff Middleton
http://groups.google.co.uk/groups?q=g:thl4231410739d&dq=&hl=en&lr=&ie=UTF-8&selm=e5anfD7TDHA.1912%40TK2MSFTNGP12.phx.gbl
suggests the fixed IP of the remote router, but the "route add" commend
bounces this !!!
Metric... 1
Anything else I need to configure on the server?
If I can ensure that the server is right, I can play with the remote router
settings with more confidence, and not have a 10m round trip when I crashed
the server (only a play one) whilst trying to change RRAS settings, yes you
guessed it, using
a VPN tunnel!!!
With VOIP issues begining to loom I realy must consider a second ADSL at
base.
Thanks and Rgds
Andy
"Andy" <andy.baguley@cwcom.net> wrote in message
news:uxvauephEHA.140@TK2MSFTNGP12.phx.gbl...
> Mal
>
> Thanks for your help and time. At least I know it can be done. I'm away
> on-site all today, but will try over the weekend, and report back Mon.
>
> A couple of things:
>
> I know the DNS is not presently correct, but if all is OK I should still
> be able to ping the server from the remote?
>
> I'll remove the Draytek advised policy from RRAS, as I presently have VPN
> clients working OK using an XP DUN direct connection.
>
> The router status page shows a connection, and minimal (between 2-10)
> traffic in both directions.
>
> I have no tick in the "default route box" so at least I know that is
> correct.
>
> I'm sure it is something to do with basic TCP/IP and static route config
> that is my error.
>
> Rgds again
> Andy
>
>
> <mal@nospam.com> wrote in message
> news:1adbi0919bpfsglrnfsm60lu0qudprqpct@4ax.com...
>>
>>
>> Oh
>> Just a quick thought change the 1st DNS entry for dhcp on the router
>> to the SBS box and the second to the isp (Plusnet isn't it? it's very
>> sad when you can recognise isp dns addresses:-))
>> also did you restart rras after changing the static route?
>> Check router vpn ststus page. does it show traffic in one or no
>> direction?
>>
>> Mal
>>
>> On Fri, 20 Aug 2004 08:12:22 +0100, "Andy" <andy.baguley@cwcom.net>
>> wrote:
>>
>>>Mal
>>>
>>>Thanks. I have followed this previously as you suggest, but failed. SBS
>>>as
>>>VPN server, Vigor as client.
>>>
>>>Have you it working using this procedure?
>>>
>>>In the advice it says nothing about static routes at the server, but it
>>>does
>>>suggest changing the RRAS policy. I have not done the latter for fear of
>>>killing existing VPN users. Are these in your config?
>>>
>>>Also on my router VPN profile page I have a check box at the bottom in
>>>the
>>>TCP/IP section marked "change default route to this VPN tunnel". Not sure
>>>what to put in there?
>>>
>>>Rgds
>>>Andy
>>>
>>>
>>><mal@nospam.com> wrote in message
>>>news:kvq8i0p8f5h6fvl6fs9vkfs6bmvkr645ap@4ax.com...
>>>>
>>>>
>>>> Hi
>>>> Sounds like a similar problem to one i had
>>>> Try this
>>>>
http://www.draytek.com.tw/english/support/support_note/router/application/vpn_solution/3/b_pptp.php
>>>>
>>>> This setup is slightly diferent to the setup in SBS
>>>> I found that the easiest way (well actually it was the only way i
>>>> could get it to work) was to have the SBS server as the vpn server and
>>>> the draytek as the client
>>>>
>>>>
>>>>
>>>> On Wed, 18 Aug 2004 16:26:17 +0100, "Andy" <andy.baguley@cwcom.net>
>>>> wrote:
>>>>
>>>>>I'm struggling to establish a remote office connection to an SBS2K box.
>>>>>
>>>>>Firstly "normal" VPN works OK. From the remote PC (XPpro) I can
>>>>>establish
>>>>>a
>>>>>VPN tunnel through Draytek Vigor 2600 routers to the SBS. Only down
>>>>>side
>>>>>the
>>>>>this is needing to "connect via dial up networking" as part of the
>>>>>remote
>>>>>log on.
>>>>>
>>>>>Accordingly 1723 at the server 2600 points to the WAN NIC on the
>>>>>server,
>>>>>and
>>>>>VPN services on both routers are disabled in this mode.
>>>>>
>>>>>What I am trying (and failing) to do is establish a working VPN
>>>>>connection
>>>>>from the remote 2600 router to the SBS box direct. My aim to enable the
>>>>>remote users to log on transparently and directly. Also remote PC's
>>>>>would
>>>>>always have a server connection available, so remote desktop working
>>>>>for
>>>>>maintenenace would be possible.
>>>>>
>>>>>My setup is as follows
>>>>>
>>>>>SBS server (WAN 192.168.1.2. LAN 192.168.16.2)
>>>>>|
>>>>>|
>>>>>RRAS using 192.168.100.1 to 192.168.100.10 as address range. Also
>>>>>entered
>>>>>in
>>>>>LAT.
>>>>>Additional RRAS static route set to Dest 192.168.200.0, GW 192.168.1.1,
>>>>>Interface set to local.
>>>>>|
>>>>>|
>>>>>Vigor Router 192.168.1.1 VPN pass-through with port 1723 mapped to WAN
>>>>>NIC
>>>>>|
>>>>>|
>>>>>Internet
>>>>>|
>>>>>|
>>>>>Remote Vigor Router IP 192.168.200.1
>>>>>VPN dial-out enabled to SBS WAN public IP. PPTP only
>>>>>User name and password are from an existing remote user.
>>>>>Remote Network IP set to 192.168.16.0
>>>>>My WAN IP and Remote Gateway IP both set to default 0.0.0.0
>>>>>DHCP enabled
>>>>>|
>>>>>|
>>>>>Remote client PC XP Pro
>>>>>Ethernet adapter Local Area Connection:
>>>>>
>>>>> Connection-specific DNS Suffix . :
>>>>> Description . . . . . . . . . . . : VIA Rhine II Fast Ethernet
>>>>>Adapter
>>>>> Physical Address. . . . . . . . . : 00-0A-E6-7B-4C-XX
>>>>> Dhcp Enabled. . . . . . . . . . . : Yes
>>>>> Autoconfiguration Enabled . . . . : Yes
>>>>> IP Address. . . . . . . . . . . . : 192.168.200.50
>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>>> Default Gateway . . . . . . . . . : 192.168.200.1
>>>>> DHCP Server . . . . . . . . . . . : 192.168.200.1
>>>>> DNS Servers . . . . . . . . . . . : 212.159.13.49
>>>>> 212.159.13.50
>>>>> Lease Obtained. . . . . . . . . . : 18 August 2004 14:56:28
>>>>> Lease Expires . . . . . . . . . . : 21 August 2004 14:56:28
>>>>>
>>>>>
>>>>>
>>>>>The remote router dials the server and the 2600 "VPN connection status
>>>>>page"
>>>>>shows a connection established. But I can't do anything with it, even
>>>>>ping
>>>>>the server 192.168.16.2. I know I may well need to alter DNS settings
>>>>>on
>>>>>the remote PC to get full functionality, but after scouring Google
>>>>>thread
>>>>>after thread, I'm now stuck.
>>>>>
>>>>>I sense I am not far away, and that it could be an issue with TCP/IP
>>>>>configuration, but a bit of help would be very much appreciated as I'm
>>>>>begining to sink a bit.
>>>>>
>>>>>TIA
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>
>