[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

SBS 2003 R2 - pptp to SBS but can't ping to LAN clients

Posted on 2007-08-11
9
Medium Priority
?
975 Views
Last Modified: 2013-11-05
HI All,
Ive done this thirty times if Ive done it once, but I cant figure it out.  Im sure you guys know&

New SBS 2003 R2 (standard).  No ISA.  Single nic install. Sonicwall TZ180 passing PPTP to the SBS.  SBS is the DNS for the site.  There is no other routers involved.  All CEICW wizards have been run.  Its setup absolutely like I would expect it to be.

From the outside, I can create a PPTP tunnel to the sbs and ping/vnc/do whatever to it as though I were local.  
I cant ping/vnc/do anything to any other IP on the SBS LAN.  
Windows firewall on the clients are controlled by GPO and allow ICMP and VNC (standard build for my SBS  boxes&setup just like other sites where this issue doesnt exist).
Trend 3.6 is the AV.
Attempting to ping does resolve the IP of the inside machines on the SBS lan, but I cant get a response from them.  
On the SonicWall, other than my WAN>LAN rules for the basics (smtp, pptp, ssl, rww), the default LAN>WAN rules are present. (thinking outbound routing from the SBS LAN might be the culprit, but&)

Any ideas?  What could keep me from VNC/ping to the LAN clients?   Trend
0
Comment
Question by:colepc
  • 5
  • 4
9 Comments
 
LVL 78

Accepted Solution

by:
Rob Williams earned 1500 total points
ID: 19676247
Sounds like a routing issue between the RRAS Static Address Pool and the LAN. Did you manually create the VPN using RRAS, or use the SBS wizard? The wizard should set up DHCP, firewall, and routing for the VPN clients automatically. If you are not familiar with the wizard method, have a look at:
http://www.lan-2-wan.com/SBS-VPN-instr.htm

Not a problem but curious as to the need for VNC in a SBS environment with RWW??
0
 

Author Comment

by:colepc
ID: 19676266
VPN was setup using the wizards.  

VNC is a standard piece of my installs for ease of admin on the client machines.  It's not exposed from the outside.  Managing alot of networks, I've found this to be extremely efficient in rendering assistance.  PPTP to the LAN as a whole and VNC to any/all of the client machines I want to poke at.  VNC is on the server, but is only used when I'm onsite at a client pc and need to a quick look back at the server.  Also helps with troubleshooting when RWW, RDP, or other nice built in stuff just doesn't work right.
0
 

Author Comment

by:colepc
ID: 19676284
I just observed this when looking at the IPCONFIG of my local box ("parispn" is the other end):
PPP adapter ParisPN:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 169.254.241.196
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 169.254.241.196

In RRAS at the SBS, PNSERVER1 (local) > IP Routing > General, there are three interfaces shown:
Server Local Area Connection, dedicated, 192.168.27.2, up, operational
Loopback, Loopback, 127.0.0.1, up, operational
Internal, Internal, 169.254.69.180, up, connected

Note the 169.254?  
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 78

Expert Comment

by:Rob Williams
ID: 19676310
Re VNC, sounds good.
Any chance the LAN at the client site uses the same local subnet as the SBS? This will defiantly cause the problem you are experiencing. i.e if both were to use something like 192.168.1.x

Trend Micro can definitely interfere with the VPN, but in this case I wouldn't suspect it as you can access the server without a problem. Usually it plays havoc with GRE if it is going to be a problem.
If you start a RDP/VNC session on the server, can you then ping the workstations from there? If so I would look at the Windows firewall on one of the problematic machines. The firewall by default, when an exception is create, allows LAN access but not from remote subnets. Check the exceptions for ICMP and VNC to see what their scope options are, as per (applies to RDP, but similar concept):
http://www.lan-2-wan.com/RD-FW.htm

Also, does the VPN client get assigned an IP in the same subnet as the SBS LAN? It's not necessary, but if so it's not likely a routing issue. If it is different you could try adding a route to the client machine as a test.
0
 

Author Comment

by:colepc
ID: 19676326
Crisis is over.  RobWill, you're observation let me to it.  I restarted RRAS and the Internal pulled an IP in the right range. I think I know how this occurred...

I configured the server at my office and delivered onsite yesterday.  I powered on with no network cable attached to the server (didn't want to cause a DHCP issue with the existing-and temporary- setup).  I believe RRAS pulled an automatic ip due to DHCP being shut down when booted with media disconnected.

I would have assumed that re-running the VPN wizard i n Server Management would have restarted the RRAS.  If it did, it didn't 'refresh' the internal interface in RRAS.

Thanks for your help. Points to you for the assist.
0
 

Author Comment

by:colepc
ID: 19676334
Here's my local box's IPCONFIG after restarting RRAS and reconnecting my box to the SBS via PPTP:

PPP adapter ParisPN:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 192.168.27.64
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 192.168.27.64
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 19676335
169.168.x.x (APIPA address) works fine with the VPN, if routing is configured, but I do not believe that is the norm with SBS. Seems to me SBS uses it's own customized DHCP relay agent, and your normal DHCP scope.
I would re-run the SBS "Create remote access" wizard as a first step.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 19676342
I have to start typing faster to keep up <G>
>>"believe RRAS pulled an automatic ip due to DHCP being shut down "
Yes it would. I agree surprised wizard didn't restart the service.
Glad to hear resolved.
Cheers !
--Rob
0
 

Author Comment

by:colepc
ID: 19676344
That's the "VPN wizard" I was referring to.  I re-ran it twice, but the 169.254 address persisted on the RRAS internal interface.  Manually restarting the RRAS service forced it to pull a new IP in the range of the SBS DHCP.

Thanks again for your help!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question