SBS + RV042 + VPN = ???

Posted on 2007-10-10
Last Modified: 2008-11-17
We have been fighting this for a while now.  It started with a Netgear router on both ends with a tunnel between them and remote users initiating a client based vpn to connect to the SBS 2003 R2 Premium box.  It was a very unreliable connection method and proved unsatisfactory for our customer.  We are now using  RV042's at another location to connect remote clients into a stand alone ISA server without issue.  However, we can not make the same type of connection work with the sbs.  I have even went so far as to screen capture every ISA config setting and copy it on the sbs box with no luck.  Here is our current state of affairs:

I have created the vpn on the rv042 and on the sbs with success.  This was done by specifying the IP addresses on both ends (sbs external, sbs internal, rv042 external, and rv042 internal  It connects and I can see the connection on both ends with no problem.  Great you say, but here is the catch:  I can use the diagnostic utility on the rv042 to ping both the external and the internal IP of the sbs with no problem.  When I try the same ping from a workstation connected directly to the rv042 the ping fails.  Pinging from the sbs to either the external or the internal rv042 IP also fails.  I have tried configuring the rv042 so that it uses subnets rather than specific IPs but it will not make the vpn connection configured like this.  I have ensured that the sbs is configured with the remote network as thru  The vpn connects and works, even allowing a ping to reach the internal interface of the sbs, so it has to be configured correctly (but what do I know, I can't make it work right???).

Can someone PLEASE help explain why I can ping from the router but not from the client???  I really need this to work so that I can join the remote workstation to the domain.   I have the nagging feeling that I am missing a global setting on the sbs, but I don't know what it is.
Question by:choprzrul
    LVL 51

    Accepted Solution

    What version of ISA server are you running? 2000 or 2004?
    Open the ISA gui, select monitoring - logging - click start query - try the ping on the remote end.
    What do you see in the log?

    What rule do you have in the ISA to allow connections from VPN to internal?

    Author Comment

    It is on a SBS R2 2003 Premium box, ISA 2004 version 4.0.2167.887

    pinging from the sbs box yields isa logging denial of ping.  I suppose it is because it is trying to ping a private IP space address.  The command prompt ping failure shows "negotiating IP security" in 3/4 of the ping tries.  The first one timed out.

    ISA rules:  
    Rule 1:  Remote VPN Outbound, action: allow, Protocols: all outbound traffic, from: internal & local host, to: Remote VPN, condition:  all users.
    Rule 2:  Remote VPN Inbound, action: allow, Protocols:  all outbound traffic, from:  Remote VPN, to:  internal & local host, Condition:  all users

    I can ping the internal interface of the sbs box from the rv042 just fine.  When I try and ping from a Vista workstation directly attached to the rv042 the ping fails.
    LVL 74

    Assisted Solution

    by:Jeffrey Kane - TechSoEasy
    I realize you're frustrated with trying so many things... but in the midst of your frustration, you forgot to clearly explain exactly what it is that you are trying to do.  Are you trying to make a VPN Connection FROM SBS to somewhere else?

    Or are you trying to create a VPN Tunnel between two RV042's?

    Please just provide the basic details of what the goal is.



    Author Comment

    I finally figured out that it wanted the VPN configured such that the remote office subnet in its entirety needed to be specified and only the internal SBS address needed specified.  Now fixed and running

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Suggested Solutions

    Title # Comments Views Activity
    My Company Web Migration? 8 45
    Sonicwall site to site VPN 10 62
    SBS2011 - CSR Certificate 4 42
    What is filling up the server HDD? 13 41
    Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
    I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now