Site to Site VPN - Remote network XP machines can ping SBS Server at HQ but can't /connectcomputer

Hi all,

I have a site to site VPN setup between a remote office (3 XP Pro boxes) and HQ (SBS Server, 8 XP Pro).  I happen to be using Zywall 5's, but I believe this problem is unrelated to the VPN Hardware.

HQ's network is: 10.112.12.x  (SBS Server is 10.112.12.10)
Remote network is: 10.112.14.x

The Zywall is handing out DHCP on the remote network - and is handing out DNS of 10.112.12.10.  The remote boxes can surf the web using the SBS DNS, but can't connect to companyweb or do /connectcomputer.  

For the solution to this issue, I have seen references to adding an IP route on the SBS box, but after an hour of googling - I'm asking for help on how to do that.  

I don't want to have each remote user (on the remote LAN) have to use the software VPN connector - I want them to be using a site to site VPN, so that they're not "remote users" but that they feel like they're on the network.  Also - I'd like the computers on the remote network to be accessible via RWW - which also necessitates the site to site VPN.

Thanks much!

Aaron Booker
hardlinesAsked:
Who is Participating?
 
CetusMODConnect With a Mentor Commented:
PAQed with points refunded (500)

CetusMOD
Community Support Moderator
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
connectcomputer will not run over a VPN connection by design.  The reason for this is that part of connectcomputer's function is to upgrade a workstation to the latest service pack as well as installing software as assigned to workstations.  This could be a lengthy process if it was done remotely, so they've disabled it's funcitonality.

There is a workaround posted at www.smallbizserver.net:  http://www.smallbizserver.net/Default.aspx?tabid=266&ArticleType=ArticleView&ArticleID=83&PageID=89

However, you can also create a VPN Tunnel (Router to Router) which would allow it as well, because then it doesn't know it's on a VPN.

If you want the remote computers accessible via RWW, then you will need to add a second Windows Server 2003 (standard edition) to your network as a domain controller at the remote location.  You can then actually tunnel from that server to the SBS for your VPN.  You should NOT have the Zywall providing DHCP on the remote network... DHCP does much more than just an IP Addresses... they should be getting their networking info from the SBS.

See http://sbsurl.com/multiserver for various solutions to your situation.

Jeff
TechSoEasy
0
 
hardlinesAuthor Commented:
Jeff,

Problem is solved.  I added the subnet 10.112.14.0 to IIS for the default website.

(Thanks to Marina over on http://www.smallbizserver.net)
Properties of the Default Website, tab Directory Security, IP restrictions, add the remote subdomain.  

I recommend being careful not to restrict access to just the local and remote networks though - as then you'll lose access from home (like I did, by accident) when you implement the fix for the remote office! ;-)

I have a site to site VPN (Tunnel) in place between the two locations - but no companyweb and no /connectcomputer was driving me crazy, as the main office relies on Sharepoint.

Anyway, all solved.  Thanks for your response.

Aaron
0
All Courses

From novice to tech pro — start learning today.