swcomputers07
asked on
Site-to-Site VPN Works using Netgear DG834 to SBS 2003 - Everything But File & Printer Sharing!
Hi Guys & Gals,
I have just been to see a client that has a SBS 2003 Standard Dell Server which is running fine. They have 5 users on one site all connected through a Netgear DG834G ADSL Router and another lone PC at a remote mangers premises connected to ADSL via the same router model. Previously they were using the Small Business Connection Manger to create a software VPN connection.
He found this very slow and kept forgetting to 'dialup' therefore they wanted to setup a hardware VPN tunnel. Now they didn't want to replace or purchase new hardware and as the Netgear DG834G router supports created an IPSec VPN tunnel router to router and as they are the same routers even has a wizard to do most of it for you - they opted to configure this. This went well and the tunnel as established.
SITE A HAS THE SBS SERVER
ROUTER IP - 192.168.2.1
SUBNET: 255.255.255.0
SERVER: - 192.168.2.99 (SBS 2003 SP1 – STANDARD)
ALL CLIENT PC’s IP’s DYNAMIC THROUGH SBS DHCP
SITE B (Remote OFFICE)
Router IP - 192.168.1.2
SUBNET: 255.255.255.0
HIS PC: 192.168.1.2 (Windows XP SP2)
I setup his network card with a static IP address and assigned the DNS servers manually (one I set as 192.168.1.99 (the server) and the other his router - I also enabled NETBios over TCP/IP and assigned a static WINS server pointing at the SBS server).
Doing this allow him seamlessly use the companyweb, Outlook 2003 connected to exchange and everything seemed fine.
You can ping the server name and it will resolve to the correct IP (meaning DNS must be ok), you can open the remote router configuration page from his network...everything seems to be connected correctly! From the SBS network you can ping his computer name and it will resolve to his IP you can even remote desktop back and forth without problem.
HOWEVER File and Print sharing will return a error of PATH NOT FOUND if you try and open a file \\servername and obviously he is always 'working offline' from the server and of course he can’t synchronise any file changes!
NOW FOR THE REALLLLLY WEIRD BIT
If I then connect to the server using the old software VPN client on his XP SP2 PC File and Print sharing works as it always did - however if I then disconnect the software connection...it still works over the router-to-router VPN connection and will continue to work until a router drops the VPN or his PC restarts.
I can't for the life of me think what could be causing it - there is no firewall client on the PC (except XP SP2 Firewall Client) or the server, the routers have a built in firewall - I have even enabled DMZ the routers to both his PC and the server at each end and it makes no difference. But it behaves like a firewall is blocking File & Print Sharing across the VPN or the server is blocking him for some reason (to get companyweb to work from his PC I had to add his IP range into the trusted IPS under security for the IIS Server).
Any insight appreciated as I haven't setup many router-to-router VPN connections in my time as a SBS guy!
My first thoughts were firewall or DNS on the server...but I have run into a brick wall. At the moment to share files they are emailing or posting on the companyweb!
ANY IDEAS?? WHY WOULD STARTING UP THE SOFTWARE VPN EVEN FOR 10 SECONDS ALLOW THE ROUTER-TO-ROUTER CONNECTION TO WORK FOR THE LONGEST AN ENTIRE WEEKEND!??
Regards
Steve
I have just been to see a client that has a SBS 2003 Standard Dell Server which is running fine. They have 5 users on one site all connected through a Netgear DG834G ADSL Router and another lone PC at a remote mangers premises connected to ADSL via the same router model. Previously they were using the Small Business Connection Manger to create a software VPN connection.
He found this very slow and kept forgetting to 'dialup' therefore they wanted to setup a hardware VPN tunnel. Now they didn't want to replace or purchase new hardware and as the Netgear DG834G router supports created an IPSec VPN tunnel router to router and as they are the same routers even has a wizard to do most of it for you - they opted to configure this. This went well and the tunnel as established.
SITE A HAS THE SBS SERVER
ROUTER IP - 192.168.2.1
SUBNET: 255.255.255.0
SERVER: - 192.168.2.99 (SBS 2003 SP1 – STANDARD)
ALL CLIENT PC’s IP’s DYNAMIC THROUGH SBS DHCP
SITE B (Remote OFFICE)
Router IP - 192.168.1.2
SUBNET: 255.255.255.0
HIS PC: 192.168.1.2 (Windows XP SP2)
I setup his network card with a static IP address and assigned the DNS servers manually (one I set as 192.168.1.99 (the server) and the other his router - I also enabled NETBios over TCP/IP and assigned a static WINS server pointing at the SBS server).
Doing this allow him seamlessly use the companyweb, Outlook 2003 connected to exchange and everything seemed fine.
You can ping the server name and it will resolve to the correct IP (meaning DNS must be ok), you can open the remote router configuration page from his network...everything seems to be connected correctly! From the SBS network you can ping his computer name and it will resolve to his IP you can even remote desktop back and forth without problem.
HOWEVER File and Print sharing will return a error of PATH NOT FOUND if you try and open a file \\servername and obviously he is always 'working offline' from the server and of course he can’t synchronise any file changes!
NOW FOR THE REALLLLLY WEIRD BIT
If I then connect to the server using the old software VPN client on his XP SP2 PC File and Print sharing works as it always did - however if I then disconnect the software connection...it still works over the router-to-router VPN connection and will continue to work until a router drops the VPN or his PC restarts.
I can't for the life of me think what could be causing it - there is no firewall client on the PC (except XP SP2 Firewall Client) or the server, the routers have a built in firewall - I have even enabled DMZ the routers to both his PC and the server at each end and it makes no difference. But it behaves like a firewall is blocking File & Print Sharing across the VPN or the server is blocking him for some reason (to get companyweb to work from his PC I had to add his IP range into the trusted IPS under security for the IIS Server).
Any insight appreciated as I haven't setup many router-to-router VPN connections in my time as a SBS guy!
My first thoughts were firewall or DNS on the server...but I have run into a brick wall. At the moment to share files they are emailing or posting on the companyweb!
ANY IDEAS?? WHY WOULD STARTING UP THE SOFTWARE VPN EVEN FOR 10 SECONDS ALLOW THE ROUTER-TO-ROUTER CONNECTION TO WORK FOR THE LONGEST AN ENTIRE WEEKEND!??
Regards
Steve
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I would try to use DNS for name resolution over the VPN, it is much more dependable. There is also an option on the VPN configuration of most of the Netgears to enable NetBIOS over the tunnel. This is usually disabled by default.
ASKER
Found out its a problem with the firmware on the Netgear DG834 which stops people opening links such as \\servername\share. Upgraded the firemware and this now works also solved a problem with the tunnel closing and not being able to reconnect.
Good to know.
Thanks swcomputers07,
Cheers !
--Rob
Thanks swcomputers07,
Cheers !
--Rob
swcomputers07,
can you kindly tell me which firmware version solve the problem (it looks like I'm in the same situation..)
Thanks!
can you kindly tell me which firmware version solve the problem (it looks like I'm in the same situation..)
Thanks!
ASKER
It was the latest version at the time of the post, can't remember off the top of my head, but VPN issues was listed in the fixes on the firmware information. hope that helps
ASKER