VPN issue accessing internal LAN with SBS 2003 with 2 NIC and PIX 501.
Hi,
I have a SBS 2003 server with 2 NIC's.
Nic 1 - Internal Lan
IP 192.168.200.2
Nic 2 - External Lan
IP 192.168.100.2
The PIX is connected to the external LAN.
The PIX has been configured for VPN access using the Cisco VPN client. I can connect to the PIX ok and i can access the server using the external IP but i can not see anything on the internal lan.
My question is can i access the internal LAN from the PIX and if so how. From the PIX i can not ping anything on the internal LAN which maybe a routing issuing, i know the PIX can't route so do i need a router somewhere.
Thanks in advance for any help and suggestions.
I have a SBS 2003 server with 2 NIC's.
Nic 1 - Internal Lan
IP 192.168.200.2
Nic 2 - External Lan
IP 192.168.100.2
The PIX is connected to the external LAN.
The PIX has been configured for VPN access using the Cisco VPN client. I can connect to the PIX ok and i can access the server using the external IP but i can not see anything on the internal lan.
My question is can i access the internal LAN from the PIX and if so how. From the PIX i can not ping anything on the internal LAN which maybe a routing issuing, i know the PIX can't route so do i need a router somewhere.
Thanks in advance for any help and suggestions.
Can you post your config?
harbor235
harbor235
Did you disable the firewall on the SBS? Ensure that Routing and Remote access is configured as well on the SBS to act as a router.
You will also need to add routes on the PIX to get to the Internal network behind the SBS.
You will also need to add routes on the PIX to get to the Internal network behind the SBS.
ASKER
Thanks for everyone's input. I will be back on site tomorrow so i will try nodisco and pazmanpro suggestion of adding a route, although i believe i did try that already, something like
route 192.168.200.0 255.255.255.0 192.168.100.201.
The PIX internal ip is 192.168.100.201.
I will also try the routing and remote access recomendation aswell.
Will hopefully post back tomorrow.
route 192.168.200.0 255.255.255.0 192.168.100.201.
The PIX internal ip is 192.168.100.201.
I will also try the routing and remote access recomendation aswell.
Will hopefully post back tomorrow.
pskemp
the route should read:
route 192.168.200.0 255.255.255.0 192.168.100.2
You are routing to the internal LAN via the external cards ip address
good luck
the route should read:
route 192.168.200.0 255.255.255.0 192.168.100.2
You are routing to the internal LAN via the external cards ip address
good luck
Just to avoid confusion - the route above should be added to the PIX - what is the default gateway of the internal card?
ASKER
Ok,
Tried adding the route still no joy.
As it stands i can ping from a client on 192.168.200 network to the pix, but the pix can not ping anything on the 192.168.200 network.
The default GW on the NIC labelled external is the PIX. The NIC labelled internal has no GW.
The route on the PIX is as follows:-
outside 0.0.0.0 0.0.0.0 <public IP> 1 DHCP static
inside 192.168.100.0 255.255.255.0 192.168.100.201 1 CONNECT static
inside 192.168.200.0 255.255.255.0 192.168.100.201 1 OTHER static
outside <public IP> 255.255.255.255 <public IP> 1 CONNECT static
The SBS has routing and remote access configured as a router and RAS server. I have turned off the firewall on the server.
The routing table on the server is
IPv4 Route Table
==========================
Interface List
0x1 ..........................
0x2 ...00 0d 56 d2 af e4 ...... Intel(R) PRO/1000 MT Network Connection - Packet Scheduler Miniport
0x3 ...00 04 23 9a fe bf ...... Intel(R) PRO/1000 MT Server Adapter - Packet Scheduler Miniport
==========================
==========================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.100.201 192.168.100.2 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.100.0 255.255.255.0 192.168.100.2 192.168.100.2 20
192.168.100.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.100.255 255.255.255.255 192.168.100.2 192.168.100.2 20
192.168.200.0 255.255.255.0 192.168.200.2 192.168.200.2 20
192.168.200.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.200.255 255.255.255.255 192.168.200.2 192.168.200.2 20
224.0.0.0 240.0.0.0 192.168.100.2 192.168.100.2 20
224.0.0.0 240.0.0.0 192.168.200.2 192.168.200.2 20
255.255.255.255 255.255.255.255 192.168.100.2 192.168.100.2 1
255.255.255.255 255.255.255.255 192.168.200.2 192.168.200.2 1
Default Gateway: 192.168.100.201
==========================
Persistent Routes:
None
Any idea's appreciated.
Paul.
Tried adding the route still no joy.
As it stands i can ping from a client on 192.168.200 network to the pix, but the pix can not ping anything on the 192.168.200 network.
The default GW on the NIC labelled external is the PIX. The NIC labelled internal has no GW.
The route on the PIX is as follows:-
outside 0.0.0.0 0.0.0.0 <public IP> 1 DHCP static
inside 192.168.100.0 255.255.255.0 192.168.100.201 1 CONNECT static
inside 192.168.200.0 255.255.255.0 192.168.100.201 1 OTHER static
outside <public IP> 255.255.255.255 <public IP> 1 CONNECT static
The SBS has routing and remote access configured as a router and RAS server. I have turned off the firewall on the server.
The routing table on the server is
IPv4 Route Table
==========================
Interface List
0x1 ..........................
0x2 ...00 0d 56 d2 af e4 ...... Intel(R) PRO/1000 MT Network Connection - Packet Scheduler Miniport
0x3 ...00 04 23 9a fe bf ...... Intel(R) PRO/1000 MT Server Adapter - Packet Scheduler Miniport
==========================
==========================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.100.201 192.168.100.2 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.100.0 255.255.255.0 192.168.100.2 192.168.100.2 20
192.168.100.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.100.255 255.255.255.255 192.168.100.2 192.168.100.2 20
192.168.200.0 255.255.255.0 192.168.200.2 192.168.200.2 20
192.168.200.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.200.255 255.255.255.255 192.168.200.2 192.168.200.2 20
224.0.0.0 240.0.0.0 192.168.100.2 192.168.100.2 20
224.0.0.0 240.0.0.0 192.168.200.2 192.168.200.2 20
255.255.255.255 255.255.255.255 192.168.100.2 192.168.100.2 1
255.255.255.255 255.255.255.255 192.168.200.2 192.168.200.2 1
Default Gateway: 192.168.100.201
==========================
Persistent Routes:
None
Any idea's appreciated.
Paul.
Hmmm, it still seems like a firewall problem to me, where pings can go out through the SBS but not in. Double check the firewall settings in the SBS manager. Also check your nat settings on the SBS.
ASKER
Thanks all for the advance. Sorry it's been a long time coming back.
We have been moving offices. I will hopefully get back on to this, this week and will come back with finding...
Cheers Paul.
We have been moving offices. I will hopefully get back on to this, this week and will come back with finding...
Cheers Paul.
ASKER
Ok back on to this again.
I added the route again using the correct gateway, gateway should have been 192.168.100.1 and i can now ping the 192.168.200.1 interface from the PIX.
But i still can't connect using OWA or OMA.
If anyone has any idea's then they would be greatly appreciated.
I would say if i take it back to one NIC on the server it all works fine using the 192.168.100.0 network.
Cheers Paul.
I added the route again using the correct gateway, gateway should have been 192.168.100.1 and i can now ping the 192.168.200.1 interface from the PIX.
But i still can't connect using OWA or OMA.
If anyone has any idea's then they would be greatly appreciated.
I would say if i take it back to one NIC on the server it all works fine using the 192.168.100.0 network.
Cheers Paul.
ASKER
I've just run a web based port scanner and it says that all my ports are closed including 443, used
http://netsecurity.about.com/gi/dynamic/offsite.htm?zi=1/XJ&sdn=netsecurity&zu=http%3A%2F%2Fwww.firewalls.com%2Ffreescan.asp
Is this my problem or am i barking up the wrong tree.
Cheers Paul.
http://netsecurity.about.com/gi/dynamic/offsite.htm?zi=1/XJ&sdn=netsecurity&zu=http%3A%2F%2Fwww.firewalls.com%2Ffreescan.asp
Is this my problem or am i barking up the wrong tree.
Cheers Paul.
ASKER
How do i close this call, i defaulted the PIX and re-install ISA 2004 and all started working, so solved it myself in the end.
pskemp
Open a thread in https://www.experts-exchange.com/Community_Support/
requesting to close this one. Make sure to copy the hyperlink of this thread into the close request so they know which one you wish to close.
Glad you got working
Open a thread in https://www.experts-exchange.com/Community_Support/
requesting to close this one. Make sure to copy the hyperlink of this thread into the close request so they know which one you wish to close.
Glad you got working
ASKER
No that's fine, sorry meant to close this.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you add a route management statement in your pix from global config mode using the external lan ip address as the gateway for same - you should be able to access the internal lan from the pix.
Have a look at this link for a simple view of same:
http://www.netcraftsmen.net/welcher/papers/pix01.html