Solved

VPN to SBS using a Linksys RV082 router

Posted on 2006-11-15
14
1,052 Views
Last Modified: 2012-08-13
I'm trying to setup a connection between home and the office. By using the Linksys "quick VPN" software I can connect the home PC to the office router (RV082) and I can ping the server (192.168.1.11), but I can't logon to the server. If i go to network places and type 192.168.1.11 into the address, I get a HTTP error 403.6 - Forbidden: IP address of the client has been rejected (IIS). I've searched around for this error and discovered that I need to start the IIS manager and add the home router's IP address to the list of authorised IP addresses, however, I'm not too familiar with IIS. So really the question is how do I use IIS to add this IP address and secondly is this the right way to do it? This also assumes that I have a static IP at home, is there a better way I can do this?
0
Comment
Question by:smiffy13
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 3
  • +2
14 Comments
 
LVL 14

Author Comment

by:smiffy13
ID: 17954137
Update: I got into IIS manager and changed the security setting to "allow all", I also changed the router to forward port 80 (HTTP) to the server, now I get a default web page, however this isn't what I want. I want to be able to login to the server and work from home.

I've forwarded port 1723 to the server and I've started RRAS to allow VPN access, but I still can't get to the login page.

Anyone got any clues as to what I do next?
0
 
LVL 2

Expert Comment

by:networkfish
ID: 17954488
The default web page is a good sign, if you want e-mail go to 192.168.1.11/exchange
If you want to access shared folders type \\192.168.1.11 into the run box on the start menu

You can also map the folders by typing net use T: \\192.168.1.11\"name of shared folder" where T: is the drive letter you want

Hope this helps
0
 
LVL 21

Expert Comment

by:suppsaws
ID: 17955596
Hi smiffy13,

You shouldn't forward port 80, that is only if you have a webserver, which isn't secure to put on a DC.
these are the ports that should be open:

port 443 (https)
port 4125 (remote web workspace = https://fqdn/remote)
port 1723 (vpn)
port 3389 (terminal services).

You need to configure VPN access via the server management console > internet and email > configure remote access.

On the client, visit the RWW page, and download the connection manager tool.
With that tool you can easilly make a vpn to the sbs server

Cheers!
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 21

Expert Comment

by:suppsaws
ID: 17955628
smiffy13,

I wonder what you mean with I can't access the 'login page' ... .
There is no login page.
You have the remtoe web workspace, where you can connect to the clients, and the server, read company email, ... WITHOUT a vpn.
or you can make a vpn, then you will be able to access the network drives etc
0
 
LVL 2

Expert Comment

by:thelastoftheend
ID: 17961765
smiffy13,

Sounds like what you're wanting to do is log into the server via Remote Desktop (Terminal Services). First, enable Remote Desktop on the server: Right-click "My Computer", go the "Remote" tab and click the checkbox for "Enable Remote Desktop on this computer".

Now from a remote computer, whether in the office or at home connected to the Linksys VPN, you can connect with Remote Desktop and log into the server: on a Windows XP computer, go to Start->Programs->Accessories->Communications" and select "Remote Desktop Connection". In the "Computer" field, type the address of the server (192.168.1.11) and click "Connect". You should be presented with a logon screen whereby you can log on and access the server as if you were sitting at it in person.

Now, to clear up some apparent VPN/Firewall confusion. You have a Linksys VPN - you do not need to configure anything on the server regarding VPN. Once connected to the Linksys VPN, you are connected to your office network - end of story. Windows Server 2003 has its own software-based VPN solution, but since you're using Linksys VPN, this is not necessary.

Also, DO NOT FORWARD ANY PORTS on your router - this negates the purpose of the VPN by opening ports on the router to everyone on the Internet. The VPN exists so that you can securely connect to your network without opening any ports. Since you are connected to the VPN, you can access all network resources directly and are not affected by firewall rules. Only forward ports on the router if you have a need for everyone on the Internet to access resources on your network without the use of a VPN (which is highly ill-advised). Definitely remove and ports you have forwarded up to this point, unless you have a seperate need not related to the VPN.

Good luck!
0
 
LVL 14

Author Comment

by:smiffy13
ID: 17963129
Thanks for all your advice, you've certainly given me some things to try!!. I haven't been able to get into the office today and tomorrow's the weekend, so I'll report back next week on how I get on.

Just to update where I am now: I stopped the forwarding of port 80, but have left 1723 forwarded. Now when I start the VPN connection, goto Network places and type 192.168.1.11, I get a "welcome to SBS 2003" page with options for "My companies internal web site", "Join a client computer to the SBS network" or "Connect to the SBS network over the Internet". I think I'm almost there.

A couple of things you've said:
suppsaws: it's as the lastoftheend said - the Linksys router is doing the VPN connecting, which seems to work, the trouble is I can't seem to access any of the network resources. Before I made any changes, I could ping the router but I couldn't access it - I got the HTTP error 403.6.

lastoftheend: You're correct in the way I want to connect, but I don't need the VPN to connect using remote desktop, I can do that now with port 3389 forwarded. The trouble with remote desktop is I can't copy files down to my PC or print on my printer, I'm not sure I can do this if I get this VPN working either, but I know that remote desktop is too restrictive on what I can do.

I'll test these options out next week.

0
 
LVL 14

Author Comment

by:smiffy13
ID: 17963140
Oops - I just re-read what I said: "Before I made any changes, I could ping the router but I couldn't access it - I got the HTTP error 403.6." - I meant I could ping the SERVER, but when I enter the server IP address I get the 403.6 error.
0
 
LVL 21

Assisted Solution

by:suppsaws
suppsaws earned 100 total points
ID: 17963230
"with remote desktop is I can't copy files down to my PC or print on my printer"
yes you can, you have to enable that on the properties of the rdp connection. > local resources > disk drives.
But, you don't need to make a VPN to make an rdp to a client pc or a server. You can do that via the RWW page:
https://yourpublicip/remote
Or ... on the page you are at now with my internal website, network config wizard, remote web workspace.

with the vpn you should be able to access the mapped network drives.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17966777
smiffy13,

Don't use the Linksys' Quick VPN with an SBS.   Because this makes your router the VPN end-point which will be a problem in that your remote machine will get an IP address that's not on your LAN.

You should use your SBS's built-in VPN instead.  suppsaws has already told you this, but you didn't seem to follow his instructions.

However... VPN's should really only be used for Laptops which are domain members.  If you have a desktop workstation in the office, then you are better off using Remote Web Workplace (see http://sbsurl.com/rww for details).

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17966788
One other issue... if you ARE going to use a VPN connection, then you need to make sure that the remote location isn't using the same IP Subnet as your network (192.168.1.x).

Jeff
TechSoEasy
0
 
LVL 2

Accepted Solution

by:
thelastoftheend earned 200 total points
ID: 17966945
Using the router as the VPN endpoint even with SBS on the network is no problem - no need to use the SBS VPN, it's just a matter of preference.

Smiffy13, you already resolved your IIS 403.6 error correctly by changing the IP's that are allowed to access the IIS site. From what I've seen you haven't had any connectivity problems - the IIS deal was a seperate issue.

TechSoEasy did make a good point to be aware of - always make sure the remote subnet is different from your work subnet, or you will have connectivity issues (the remote computer wouldn't know to route traffic through the VPN since it thinks you're looking for an address on the remote subnet).

You haven't made it real clear yet as far as exactly what you want to do. What is it that you cannot access and what errors are you getting?

If you're wanting to access folders that are shared out on the server, there are several methods. I suggest starting with this: Go to Start-->Run and type "\\192.168.1.11" without the quotes. After hitting OK, you should be prompted for credentials to access the server. In the credentials box, put your domain username and password. The username should be in the format of domainname\username. This should provide you with a list of everything that is shared out on your server. You can double-click to connect to these shares, or put a shortcut on your desktop. Usually after connecting, these items will automatically appear in My Network Places if you're intent on using that.

0
 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 200 total points
ID: 17968607
"it's just a matter of preference"

I'd disagree with this... it's also a matter of ease of use, deployment and management.  If Windows Mobile 5 devices are deployed, they will automatically be configured for SBS's VPN as will Laptops if the options are selected when running the add-computer wizard in SBS's Server Management Console.

I failed to mention the issue about going into IIS and changing the IP restrictions... this also should not be done manually... these settings are managed by running the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > Internet and Email).

Failure to use SBS's wizards to configure the server will ultimately result in conflicts and errors that you'll spend hours and hours tracking down.  You should review http://sbsurl.com/itpro to see what I'm talking about.

Jeff
TechSoEasy
0
 
LVL 14

Author Comment

by:smiffy13
ID: 17969553
I'll present these options to the owner of the company next week. Based on what's said, I guess I'll need to try out the different options and see for myself what the benefits/ are. I caught the IP addressing issue early on, so there's no problem there, it's 192.168.1.xx in the office and 192.168.0.xx at home.
0
 
LVL 14

Author Comment

by:smiffy13
ID: 17977276
well - we seem to have got it all working. Thanks for your input. I'll use your comments to experiment further with the settings to ensure the best security solution while also providing the functionality we need.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question