Solved

VPN to SBS using a Linksys RV082 router

Posted on 2006-11-15
14
1,045 Views
Last Modified: 2012-08-13
I'm trying to setup a connection between home and the office. By using the Linksys "quick VPN" software I can connect the home PC to the office router (RV082) and I can ping the server (192.168.1.11), but I can't logon to the server. If i go to network places and type 192.168.1.11 into the address, I get a HTTP error 403.6 - Forbidden: IP address of the client has been rejected (IIS). I've searched around for this error and discovered that I need to start the IIS manager and add the home router's IP address to the list of authorised IP addresses, however, I'm not too familiar with IIS. So really the question is how do I use IIS to add this IP address and secondly is this the right way to do it? This also assumes that I have a static IP at home, is there a better way I can do this?
0
Comment
Question by:smiffy13
  • 5
  • 3
  • 3
  • +2
14 Comments
 
LVL 14

Author Comment

by:smiffy13
ID: 17954137
Update: I got into IIS manager and changed the security setting to "allow all", I also changed the router to forward port 80 (HTTP) to the server, now I get a default web page, however this isn't what I want. I want to be able to login to the server and work from home.

I've forwarded port 1723 to the server and I've started RRAS to allow VPN access, but I still can't get to the login page.

Anyone got any clues as to what I do next?
0
 
LVL 2

Expert Comment

by:networkfish
ID: 17954488
The default web page is a good sign, if you want e-mail go to 192.168.1.11/exchange
If you want to access shared folders type \\192.168.1.11 into the run box on the start menu

You can also map the folders by typing net use T: \\192.168.1.11\"name of shared folder" where T: is the drive letter you want

Hope this helps
0
 
LVL 21

Expert Comment

by:suppsaws
ID: 17955596
Hi smiffy13,

You shouldn't forward port 80, that is only if you have a webserver, which isn't secure to put on a DC.
these are the ports that should be open:

port 443 (https)
port 4125 (remote web workspace = https://fqdn/remote)
port 1723 (vpn)
port 3389 (terminal services).

You need to configure VPN access via the server management console > internet and email > configure remote access.

On the client, visit the RWW page, and download the connection manager tool.
With that tool you can easilly make a vpn to the sbs server

Cheers!
0
 
LVL 21

Expert Comment

by:suppsaws
ID: 17955628
smiffy13,

I wonder what you mean with I can't access the 'login page' ... .
There is no login page.
You have the remtoe web workspace, where you can connect to the clients, and the server, read company email, ... WITHOUT a vpn.
or you can make a vpn, then you will be able to access the network drives etc
0
 
LVL 2

Expert Comment

by:thelastoftheend
ID: 17961765
smiffy13,

Sounds like what you're wanting to do is log into the server via Remote Desktop (Terminal Services). First, enable Remote Desktop on the server: Right-click "My Computer", go the "Remote" tab and click the checkbox for "Enable Remote Desktop on this computer".

Now from a remote computer, whether in the office or at home connected to the Linksys VPN, you can connect with Remote Desktop and log into the server: on a Windows XP computer, go to Start->Programs->Accessories->Communications" and select "Remote Desktop Connection". In the "Computer" field, type the address of the server (192.168.1.11) and click "Connect". You should be presented with a logon screen whereby you can log on and access the server as if you were sitting at it in person.

Now, to clear up some apparent VPN/Firewall confusion. You have a Linksys VPN - you do not need to configure anything on the server regarding VPN. Once connected to the Linksys VPN, you are connected to your office network - end of story. Windows Server 2003 has its own software-based VPN solution, but since you're using Linksys VPN, this is not necessary.

Also, DO NOT FORWARD ANY PORTS on your router - this negates the purpose of the VPN by opening ports on the router to everyone on the Internet. The VPN exists so that you can securely connect to your network without opening any ports. Since you are connected to the VPN, you can access all network resources directly and are not affected by firewall rules. Only forward ports on the router if you have a need for everyone on the Internet to access resources on your network without the use of a VPN (which is highly ill-advised). Definitely remove and ports you have forwarded up to this point, unless you have a seperate need not related to the VPN.

Good luck!
0
 
LVL 14

Author Comment

by:smiffy13
ID: 17963129
Thanks for all your advice, you've certainly given me some things to try!!. I haven't been able to get into the office today and tomorrow's the weekend, so I'll report back next week on how I get on.

Just to update where I am now: I stopped the forwarding of port 80, but have left 1723 forwarded. Now when I start the VPN connection, goto Network places and type 192.168.1.11, I get a "welcome to SBS 2003" page with options for "My companies internal web site", "Join a client computer to the SBS network" or "Connect to the SBS network over the Internet". I think I'm almost there.

A couple of things you've said:
suppsaws: it's as the lastoftheend said - the Linksys router is doing the VPN connecting, which seems to work, the trouble is I can't seem to access any of the network resources. Before I made any changes, I could ping the router but I couldn't access it - I got the HTTP error 403.6.

lastoftheend: You're correct in the way I want to connect, but I don't need the VPN to connect using remote desktop, I can do that now with port 3389 forwarded. The trouble with remote desktop is I can't copy files down to my PC or print on my printer, I'm not sure I can do this if I get this VPN working either, but I know that remote desktop is too restrictive on what I can do.

I'll test these options out next week.

0
 
LVL 14

Author Comment

by:smiffy13
ID: 17963140
Oops - I just re-read what I said: "Before I made any changes, I could ping the router but I couldn't access it - I got the HTTP error 403.6." - I meant I could ping the SERVER, but when I enter the server IP address I get the 403.6 error.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 21

Assisted Solution

by:suppsaws
suppsaws earned 100 total points
ID: 17963230
"with remote desktop is I can't copy files down to my PC or print on my printer"
yes you can, you have to enable that on the properties of the rdp connection. > local resources > disk drives.
But, you don't need to make a VPN to make an rdp to a client pc or a server. You can do that via the RWW page:
https://yourpublicip/remote
Or ... on the page you are at now with my internal website, network config wizard, remote web workspace.

with the vpn you should be able to access the mapped network drives.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17966777
smiffy13,

Don't use the Linksys' Quick VPN with an SBS.   Because this makes your router the VPN end-point which will be a problem in that your remote machine will get an IP address that's not on your LAN.

You should use your SBS's built-in VPN instead.  suppsaws has already told you this, but you didn't seem to follow his instructions.

However... VPN's should really only be used for Laptops which are domain members.  If you have a desktop workstation in the office, then you are better off using Remote Web Workplace (see http://sbsurl.com/rww for details).

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17966788
One other issue... if you ARE going to use a VPN connection, then you need to make sure that the remote location isn't using the same IP Subnet as your network (192.168.1.x).

Jeff
TechSoEasy
0
 
LVL 2

Accepted Solution

by:
thelastoftheend earned 200 total points
ID: 17966945
Using the router as the VPN endpoint even with SBS on the network is no problem - no need to use the SBS VPN, it's just a matter of preference.

Smiffy13, you already resolved your IIS 403.6 error correctly by changing the IP's that are allowed to access the IIS site. From what I've seen you haven't had any connectivity problems - the IIS deal was a seperate issue.

TechSoEasy did make a good point to be aware of - always make sure the remote subnet is different from your work subnet, or you will have connectivity issues (the remote computer wouldn't know to route traffic through the VPN since it thinks you're looking for an address on the remote subnet).

You haven't made it real clear yet as far as exactly what you want to do. What is it that you cannot access and what errors are you getting?

If you're wanting to access folders that are shared out on the server, there are several methods. I suggest starting with this: Go to Start-->Run and type "\\192.168.1.11" without the quotes. After hitting OK, you should be prompted for credentials to access the server. In the credentials box, put your domain username and password. The username should be in the format of domainname\username. This should provide you with a list of everything that is shared out on your server. You can double-click to connect to these shares, or put a shortcut on your desktop. Usually after connecting, these items will automatically appear in My Network Places if you're intent on using that.

0
 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 200 total points
ID: 17968607
"it's just a matter of preference"

I'd disagree with this... it's also a matter of ease of use, deployment and management.  If Windows Mobile 5 devices are deployed, they will automatically be configured for SBS's VPN as will Laptops if the options are selected when running the add-computer wizard in SBS's Server Management Console.

I failed to mention the issue about going into IIS and changing the IP restrictions... this also should not be done manually... these settings are managed by running the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > Internet and Email).

Failure to use SBS's wizards to configure the server will ultimately result in conflicts and errors that you'll spend hours and hours tracking down.  You should review http://sbsurl.com/itpro to see what I'm talking about.

Jeff
TechSoEasy
0
 
LVL 14

Author Comment

by:smiffy13
ID: 17969553
I'll present these options to the owner of the company next week. Based on what's said, I guess I'll need to try out the different options and see for myself what the benefits/ are. I caught the IP addressing issue early on, so there's no problem there, it's 192.168.1.xx in the office and 192.168.0.xx at home.
0
 
LVL 14

Author Comment

by:smiffy13
ID: 17977276
well - we seem to have got it all working. Thanks for your input. I'll use your comments to experiment further with the settings to ensure the best security solution while also providing the functionality we need.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Small Business Server 2011. NOTE: This guide has been written using the preview version of SBS2011 therefore some of the screens may …
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now