Aljeebo
asked on
Having VPN problems, Linksys RV042, SBS2003 - Connects to router but no route to LAN
Hey everybody!
I wonder if you kind and talented people can help me!
My customer has:
SBS2003
5 XP Pro Clients
2 Mobile users
Server is Dell PowerEdge SC240 - Celeron!! (yuk)
D-Link DSL-300T Ethernet DSL modem
Linksys RV042 VPN Router
I'm having trouble accessing the domain with a VPN connection. RRAS is enabled and seems OK, on the Linksys I've configured a Client to Gateway VPN tunnel with their static IP address (Gateway), and I selected the remote client as having dynamic IP + domain name to authenticate. The local group IP range is 192.168.16.0 - 150 - which is the internal network (the server has 2 NICs, one for DSL 192.168.0.3 and the other internal 192.168.16.2 - are these ranges normal ie. no bridge/same subnet?).
I downloaded the Linksys QuickVPN client software, inputted a relevant username and password with the router's WAN IP in the server address to connect to. It connects but doesn't seem to route it to the LAN as I can only get remote management (to the router). I don't get assigned a 192.168.16.X IP - the dial-up 81.X.X.X remains. Maybe I should be using the XP VPN connection - but that doesn't work either - What am I doing wrong.
This description is probably missing bits you need to know so please tell me what you need.
Thanks in advance
Aljeebo
I wonder if you kind and talented people can help me!
My customer has:
SBS2003
5 XP Pro Clients
2 Mobile users
Server is Dell PowerEdge SC240 - Celeron!! (yuk)
D-Link DSL-300T Ethernet DSL modem
Linksys RV042 VPN Router
I'm having trouble accessing the domain with a VPN connection. RRAS is enabled and seems OK, on the Linksys I've configured a Client to Gateway VPN tunnel with their static IP address (Gateway), and I selected the remote client as having dynamic IP + domain name to authenticate. The local group IP range is 192.168.16.0 - 150 - which is the internal network (the server has 2 NICs, one for DSL 192.168.0.3 and the other internal 192.168.16.2 - are these ranges normal ie. no bridge/same subnet?).
I downloaded the Linksys QuickVPN client software, inputted a relevant username and password with the router's WAN IP in the server address to connect to. It connects but doesn't seem to route it to the LAN as I can only get remote management (to the router). I don't get assigned a 192.168.16.X IP - the dial-up 81.X.X.X remains. Maybe I should be using the XP VPN connection - but that doesn't work either - What am I doing wrong.
This description is probably missing bits you need to know so please tell me what you need.
Thanks in advance
Aljeebo
ASKER
Hi LucF
Thank you so much for responding and I apologize for not replying until now.
I thought that 192.168.16.x would be on the same subnet as 192.168.0.x, being 255.255.255.0? I'm going to the site today so I'll give it a try and let you know.
Many thanks
Aljeebo
Thank you so much for responding and I apologize for not replying until now.
I thought that 192.168.16.x would be on the same subnet as 192.168.0.x, being 255.255.255.0? I'm going to the site today so I'll give it a try and let you know.
Many thanks
Aljeebo
Hello Aljeebo,
Thanks for your reaction, I was affraid you abandoned the question.
Indeed 192.168.1.x and 192.168.16.x are not on the same subnet if the subnet mask is 255.255.255.0 (only the last number may change, not the 3rd)
Keeping everything in the same subnet will solve your problem, but keep the last part of my previous comment in mind, if neccesery you'll have to make sure internet connections can only happen through the server.
Let me know if you have any luck tomorrow with the setup.
Best regards,
Luc
Thanks for your reaction, I was affraid you abandoned the question.
Indeed 192.168.1.x and 192.168.16.x are not on the same subnet if the subnet mask is 255.255.255.0 (only the last number may change, not the 3rd)
Keeping everything in the same subnet will solve your problem, but keep the last part of my previous comment in mind, if neccesery you'll have to make sure internet connections can only happen through the server.
Let me know if you have any luck tomorrow with the setup.
Best regards,
Luc
ASKER
Hi
I didn't have any luck because the D-Link (don't link) ethernet modem failed, no LEDs, no nothing!
I'm confused: Indeed 192.168.1.x and 192.168.16.x are not on the same subnet if the subnet mask is 255.255.255.0 (only the last number may change, not the 3rd) - so they're not on the same subnet even if the subnet mask is the same?
What do you think to Hamachi? Don't get me wrong, I'm not giving up on this, just wondered what you thought. Security risk?
Kind regards
Al
I didn't have any luck because the D-Link (don't link) ethernet modem failed, no LEDs, no nothing!
I'm confused: Indeed 192.168.1.x and 192.168.16.x are not on the same subnet if the subnet mask is 255.255.255.0 (only the last number may change, not the 3rd) - so they're not on the same subnet even if the subnet mask is the same?
What do you think to Hamachi? Don't get me wrong, I'm not giving up on this, just wondered what you thought. Security risk?
Kind regards
Al
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
red,
On this one I have to disagree.
First of all, Jeff's comment came in more than a month after my last comment and about 1 1/2 month after the question was posted, so the question was already abandoned way before his comment.
Appart from that, Aljeebo is talking about QuickVPN which has to be handled by the RV042 as it can not connect to a SBS server.
No offence intended to Jeff, but I think this question should be "Accept: LucF {http:#17005483}"
Thanks,
LucF
On this one I have to disagree.
First of all, Jeff's comment came in more than a month after my last comment and about 1 1/2 month after the question was posted, so the question was already abandoned way before his comment.
Appart from that, Aljeebo is talking about QuickVPN which has to be handled by the RV042 as it can not connect to a SBS server.
No offence intended to Jeff, but I think this question should be "Accept: LucF {http:#17005483}"
Thanks,
LucF
Hi LucF,
I did notice the time lag, and recently asked the admins about it (not relating to this question though). My opinion was that comments after 21 days should be ignored by cleanup, unless they add *substantially* more information to the Q. The admins had the opinion that time was not a factor - it doesnt immediately discount the validity of the experts answer.
As for the validity of Jeff's post - he showed another way to configure a VPN. I realise the asker has downloaded the quickvpn client, but they also configured RRAS (so answers showing how to fix the linksys host OR configure and connect to RRAS are valid IMHO)
Anyway, the decision is not mine, the Mod will be here in 3 days now and will decide then. If you have more to add feel free, however if you have a lot more to add, then we should move to a CS question. Also, thanks for responding, while I am not terribly happy that you aren't satisfied by my recommendation, it is nice to see someone actually reads these things! :)
-red
I did notice the time lag, and recently asked the admins about it (not relating to this question though). My opinion was that comments after 21 days should be ignored by cleanup, unless they add *substantially* more information to the Q. The admins had the opinion that time was not a factor - it doesnt immediately discount the validity of the experts answer.
As for the validity of Jeff's post - he showed another way to configure a VPN. I realise the asker has downloaded the quickvpn client, but they also configured RRAS (so answers showing how to fix the linksys host OR configure and connect to RRAS are valid IMHO)
Anyway, the decision is not mine, the Mod will be here in 3 days now and will decide then. If you have more to add feel free, however if you have a lot more to add, then we should move to a CS question. Also, thanks for responding, while I am not terribly happy that you aren't satisfied by my recommendation, it is nice to see someone actually reads these things! :)
-red
I did realize that my comment was late... HOWEVER, that does not take away from the fact that the asker was headed down the wrong path with the QuickLink VPN client. The router is sitting on the External NIC of a dual-homed SBS. VPNing to the router will not get anyone into the LAN properly. This was his question... and you even confirmed that this was a problem in your answer LucF. However, you did not supply a workable solution.
Additionally, when Al asked if he was barking up the wrong tree, you did not advise him that 3rd party tools are not necessary for an SBS VPN solution.
I'm sorry, but even though it was late... I gave an appropriate answer. The fact that it's even split will not leave a proper record of the solution... but I don't mind sharing points anyhow.
Jeff
TechSoEasy
Additionally, when Al asked if he was barking up the wrong tree, you did not advise him that 3rd party tools are not necessary for an SBS VPN solution.
I'm sorry, but even though it was late... I gave an appropriate answer. The fact that it's even split will not leave a proper record of the solution... but I don't mind sharing points anyhow.
Jeff
TechSoEasy
red, Jeff,
This will be my last comment on this one, as I surely don't want to clutter up this conversation too much. No need to move to a CS question.
Last time I checked with AnnieMod she told me points are awarded for answers "in time".
Anyways, Jeff, you say "However, you did not supply a workable solution."; my workable solution is in the first comment I made, the RV042 has more than enough capabilities to handle it and it saves some load of the server anyways. It would require a small change in the network layout but that's it.
I'm a big fan of SBS solutions myself, but that doesn't mean that I think everything should be handled by the server when other hardware is available which can save some tasks of the server. I'd say both yours and mine are possible solutions, it's up to Aljeebo to choose which direction he wants to go.
I'll leave it to the Moderator following up to decide.
Thanks,
Luc
This will be my last comment on this one, as I surely don't want to clutter up this conversation too much. No need to move to a CS question.
Last time I checked with AnnieMod she told me points are awarded for answers "in time".
Anyways, Jeff, you say "However, you did not supply a workable solution."; my workable solution is in the first comment I made, the RV042 has more than enough capabilities to handle it and it saves some load of the server anyways. It would require a small change in the network layout but that's it.
I'm a big fan of SBS solutions myself, but that doesn't mean that I think everything should be handled by the server when other hardware is available which can save some tasks of the server. I'd say both yours and mine are possible solutions, it's up to Aljeebo to choose which direction he wants to go.
I'll leave it to the Moderator following up to decide.
Thanks,
Luc
It doesn't make any sense at all to award points for a wrong answer even if it was "in time". Your "workable" solution is this?
"a better solution might be to have the SBS server directly connected to the RV042 and also have the clients of that network. This will avoid double NAT-ting, but might cause a security problem as the clients on that side are directly connected to the internet through the RV042 then. If that concerns you you might want to force a proxy server on the SBS2003 server by group policy and deny any direct attempts on the RV042 by blocing all internet access except through the proxy server."
The SBS WAS directly connected to the router. It's a dual-homed configuration which, in many experts opinions, is a far better configuration because it keeps the LAN secure from the Internet. Double-NATting is no problem for SBS. But you didn't even provide HOW to do this... which would have required the uninstallation and removal of his second NIC and to connect all workstations directly to the router which may or may not have been capable of that. It then would have required changing either the LAN IP of the router or of the SBS.
The configuration that he already had was just fine. There was no reason at all to make all of those changes above (even if they had been outlined). The example I provided from http://sbsurl.com/twonics shows this to be true.
Honestly, I don't really care about the points... I have plenty. What I do care about is leaving a correct legacy answer, which is why I responded in the first place.
Jeff
TechSoEasy
"a better solution might be to have the SBS server directly connected to the RV042 and also have the clients of that network. This will avoid double NAT-ting, but might cause a security problem as the clients on that side are directly connected to the internet through the RV042 then. If that concerns you you might want to force a proxy server on the SBS2003 server by group policy and deny any direct attempts on the RV042 by blocing all internet access except through the proxy server."
The SBS WAS directly connected to the router. It's a dual-homed configuration which, in many experts opinions, is a far better configuration because it keeps the LAN secure from the Internet. Double-NATting is no problem for SBS. But you didn't even provide HOW to do this... which would have required the uninstallation and removal of his second NIC and to connect all workstations directly to the router which may or may not have been capable of that. It then would have required changing either the LAN IP of the router or of the SBS.
The configuration that he already had was just fine. There was no reason at all to make all of those changes above (even if they had been outlined). The example I provided from http://sbsurl.com/twonics shows this to be true.
Honestly, I don't really care about the points... I have plenty. What I do care about is leaving a correct legacy answer, which is why I responded in the first place.
Jeff
TechSoEasy
I'm interested in your question, but the whole setup isn't really clear to me.
If you've setup the RV042 on the same location as the SBS2003 server which will do additional routing, the VPN software might be confused as it, of course, doesn't realize there's also a 192.168.16.x subnet on the other side of the VPN tunnel, a better solution might be to have the SBS server directly connected to the RV042 and also have the clients of that network. This will avoid double NAT-ting, but might cause a security problem as the clients on that side are directly connected to the internet through the RV042 then. If that concerns you you might want to force a proxy server on the SBS2003 server by group policy and deny any direct attempts on the RV042 by blocing all internet access except through the proxy server.
Greetings,
LucF