Trying to access network shares with Cisco EasyVPN through SBS2003 Prem box
Posted on 2007-07-28
We've got a very simple network layout:
Cisco VPN Client (192.168.3.1 - 192.168.3.10) -> Cisco 857 ADSL Router (inside: 192.168.2.1) --> MS SBS 2003 Prem (ext: 192.168.2.11, int: 192.168.1.11) -> LAN (192.168.1.x)
I've configured EasyVPN Server and it works great. I RDP to the SBS external interface IP, with ISA publishing RDP for the Server to the External network (plus ISA publishes different ports for internal machines I need RDP access to as well). Not the most efficient I know, but the point is, the VPN connectivity works.
The issue as it stands is, I'd like to now access Windows network shares directly from my VPN Client, but can't resolve / ping the internal server or the domain from my VPN client, nor access it's shares via IP address. I'm guessing that ISA is blocking that traffic and I need to configure it in some way to allow DNS and other services through to the external network?
I can ping the router's internal interface (192.168.2.1) fine, but not the Server's external NIC (again, I can RDP to that external NIC though).
I'm not exactly sure how to set up DNS for the VPN tunnel (not sure if that's part of the issue) either. Which IP should be specified as the DNS server for the router (ip name-server) and for the VPN group? I'm assuming 192.168.2.11 for the latter, and once I deal to the ISA rules, that'll work fine?
Eventually I want to use IAS for authentication instead of the router users. I'd love to get that up and running now, but in the short term, simply accessing the network shares is the priority.
As an aside, a client's network is set up quite similarly - except they have SBS Standard (no ISA), so I'm guessing that will be straightforward in terms of accessing network shares once the VPN tunnel is established?
I'm far from an ISA or Cisco IOS expert - have "dabbling" experience in them both so would really appreciate any guidance anyone could give! I haven't played with the SBS2003 / ISA VPN, not sure if that's actually the best solution. I keep getting that nagging "but Cisco VPN will give you more security than ISA" feeling - not that I've based that on research or fact.
Thanks in advance!