Question

Locked

SBS 2003 VPN not working

By Trkkr ·
I set up the SBS 2003 VPN using the wizard. I used our public IP since our domain name does not resolve to our server.

I forwarded the ports required on our router.

On my laptop, I setup the connection and ran it. It connects when I supply my domain credentials.

If I do an ipconfig both my wireless and VPN(PPP) connections show as connected. I have both a local network IP (on the wireless) and an IP supplied by our server (for the PPP connection). They are different subnets (x.x.0.x and x.x.1.x)

If I ping our server's internal IP I get responses back.

However, I cannot see the server or any shared directories, I can't add my computer to the domain and I cannot set up my Exchange email.

I'm not sure what I'm missing. I've heard that when the VPN is working correctly that you shouldn't be able to use the internet, but I am. I currently are 'connected' on my VPN connection at the same time I'm browsing the internet and asking this question.

This is giving me no end of frustration that I'm probably missing something simple.

If anyone can shed any further light on this situation I would be very grateful. I can provide further information if needed.

This conversation is currently closed to new comments.

20 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Have you tried.....

by traevis In reply to SBS 2003 VPN not working

Although it's not strictly an answer to how to see your server, I had the same problem and got round it by mapping a network drive to \\servername\directory

Although I still can't see the server in Network, I can access all the files that are on it.

I can use the internet just fine when I use my VPN - though it runs faster if I uncheck the option routing my connection through the gateway at work. Some offices don't let you do that though - I believe because it may pose a security risk.

Collapse -

need to see the domain

by Trkkr In reply to Have you tried.....

I'll have to try that and see if it works; however...

One of the biggest reasons for doing this is to get Exchange email working on the remote system. Since my system cannot see the domain the Exchange will not work.

The base issue seems to revolve around that. If I can get the remote system to see the domain than it stands to reason that everything else should fall into place.

As I mentioned before, I can ping the local IP of the server when I'm VPN'ed in. It seems like even though I'm connected to the office network, it's using my local wireless connection to handle everything. If that's the case, I need to figure out how to get it to only use the wireless as a means for the VPN and to have the VPN handle all other traffic.

Collapse -

Why do you need this for Exchange email?

by CG IT In reply to need to see the domain

SBS has OWA and RWW that users can use to get email.

So VPN is a lot of work for services that are already available to the user.

Collapse -

Need more than just Exchange email support

by Trkkr In reply to Why do you need this for ...

OWA is a royal pain in the rear being as it's run from your web browser. And you don't get all the functionality that I'm looking for.

The end result I'm looking for is to eventually set up one of our clients with this type of setup. They have many remote sites that they would like to have tied into their main office server. That way they all can use Exchange, calendar sharing, centralized file storage, sharing & backup, etc. The remote sites are very small (avg. 2 people per site) and setting up a hardware VPN connection to each site is a little overkill.

If SBS has a software VPN built into it, then getting it going should be a possible solution.

I hope this doesn't get taken the wrong way but I don't want different options, I want to get this one going. If it doesn't work, then it should have been provided in the first place.

Collapse -

The you have to use RRAS on the SBS box

by CG IT In reply to Need more than just Excha ...

and you set this up by running the VPN wizard in the Things to Do list which is in the left pane of the server management console.

Once you run the wizard, you'll have to forward the appropriate VPN ports from your perimeter firewall/ router to your SBS box. Then, you have to add those users who are to have VPN rights to the remote access security group.

Typically, the VPN wizard will create rules in RRAS allowing VPN users who authenticate, a connection. If not, you'll have to create your own rule in RRAS using the RRAS MMC in administrative tools.

Suggest you do some reading or pickup a copy of the Small Business Server administrators companion from Amazon.com.

note: VPN users who successfuly authenticate to the SBS network have a connection to the local network just as if they were workstations on the lan.

however, all the functionality you want is available to users via the Remote Web Workplace sharepoint site without having to allow remote users a connection to the lan thus access to the lan and all workstations on the lan including the SBS box.

Collapse -

User shows up in RRAS

by Trkkr In reply to The you have to use RRAS ...

I have the Admin Companion, and it is severely lacking when it comes to the details of getting this going. There's a lot of L2TP setup information but I'm trying to use PPTP.

So, I connected the remote system to the VPN connection I created and determined some other information:

- I see that the SM is 255.255.255.255 and the DG is the same as the IP address assigned.

- Looking on the server, under RRAS, it shows my user (domainname\user) connected under Remote Access Clients.

From what I've read and what I'm seeing, I am at a loss for where the issue is.

I've seen other people that have posted similar issues but there has never been a case that was resolved.

It is so frustrating; everything says it should be working but it's not!

Collapse -

Did you create an address pool?

by CG IT In reply to User shows up in RRAS

for remote access users?

VPN simply means creating a connection. After that, the remote user is connected to the network the same as a LAN user.

So to get the exchange, the email client has to be configured for Exchange. To access the sharepoint web site, the user uses the web browser and http://companyweb

shares or access the same way lan users access shares.

If your using Windows XP SP2 or later, L2TP does not work. Microsoft actually turned off the L2TP IPSec VPN for XP due to security issues. Don't confuse this with L2TP connection on a LAN. That still works. Only VPN connections.

so PPTP is about all there is for XP clients. You could use certificates for L2TP connections once on the LAN but L2TP VPN for XP.

Windows 7 L2TP has no problems.

If you ran the Wizard from the things to do list, during the setup process it will ask for an address range and subnet mask. you can either have DHCP create this or specify your own static poll. Either way, the number of WAN miniports in RRAS needs to be the same as the number of addresses in the pool.

Collapse -

Maximum Level Reached

by Trkkr In reply to User shows up in RRAS

"If you ran the Wizard from the things to do list, during the setup process it will ask for an address range and subnet mask. you can either have DHCP create this or specify your own static poll. Either way, the number of WAN miniports in RRAS needs to be the same as the number of addresses in the pool."

This never happened.

1. Clicked "Configure Remote Access"
2. Welcome screen (Clicked Next)
3. "Enable Remote Access" (Checked "VPN Access"), Next
4. Server Name. Our domain doesn't reside on our server so I put our Public IP in here.
5. "When you click Finish, the wizard will configure remote access as follws:...". Clicked Finish.
6. It does it's configuring thing, pops up asking to setup password security minimums, which I decline, and that's that.

I see in all the documentation that I read, that it's talking about the page where you set address ranges and subnets and all that, but I never have anything to that effect come up. Maybe that's where the issue is? Our server handles our DHCP requests so I figured it just set those settings up automatically.

Collapse -

humm interesting ..

by CG IT In reply to SBS 2003 VPN not working

from your post:

"If you ran the Wizard from the things to do list, during the setup process it will ask for an address range and subnet mask. you can either have DHCP create this or specify your own static poll. Either way, the number of WAN miniports in RRAS needs to be the same as the number of addresses in the pool."

This never happened.

1. Clicked "Configure Remote Access"
2. Welcome screen (Clicked Next)
3. "Enable Remote Access" (Checked "VPN Access"), Next
4. Server Name. Our domain doesn't reside on our server so I put our Public IP in here.
5. "When you click Finish, the wizard will configure remote access as follws:...". Clicked Finish.
6. It does it's configuring thing, pops up asking to setup password security minimums, which I decline, and that's that.

I see in all the documentation that I read, that it's talking about the page where you set address ranges and subnets and all that, but I never have anything to that effect come up. Maybe that's where the issue is? Our server handles our DHCP requests so I figured it just set those settings up automatically.

hum well then DHCP should have a pool of address and it then assigns them to the WAN miniports

so if you open up RRAS [ start / admin tolls/RRAS you'll see in the left pane ports

these are the WAN miniports RRAS uses. typically you'll have r ports. there will be addresses in DHCP for these ports. You'll also have 3 rules the first on of which is mobile users [sorry gave wrong security group]. Members of this group are allowed to connect.

After that, if you forward pptp 1723 to the SBS box, and enable PPTP passthrough on the perimeter router or make a rule allowing GRE 47 you should be good to go.

A connection made is simply a connection. What's available to users with the VPN connection is the same as LAN domain users.

Collapse -

Update

by Trkkr In reply to humm interesting ..

Got a little bit further.

When running an ipconfig /all, the WINS was coming up as some unused IP on the local network that the box is in. The subnet mask was showing as 255.255.255.255 when the server network subnet ends in .0.

On a manually created VPN connection on the external box I was able to force the WINS server to the IP of the server. That didn't help the wierd subnet issue though.

With that forced, I can setup mapped drives to shared directories. I can't get the computer to add to the domain. It says it can't find the DC.

It can ping the server by it's name and translate it to its IP address.

I will see if I can setup an exchange account in Outlook in the next little while. It should work if it can ping fs01.

Even if I can setup Exchange, the ultimate goal here would have the external box being able to get added to the domain.

Also, I can't say for sure, but it seems that when the VPN is connected that the local internet connection gets confused (some pages won't load, IE 'recovers' tabs constantly). That only started happening since the WINS was forced.

Back to Networks Forum
20 total posts (Page 1 of 2)   01 | 02   Next

Hardware Forums