[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 983
  • Last Modified:

SBS + RV042 + VPN = ???

We have been fighting this for a while now.  It started with a Netgear router on both ends with a tunnel between them and remote users initiating a client based vpn to connect to the SBS 2003 R2 Premium box.  It was a very unreliable connection method and proved unsatisfactory for our customer.  We are now using  RV042's at another location to connect remote clients into a stand alone ISA server without issue.  However, we can not make the same type of connection work with the sbs.  I have even went so far as to screen capture every ISA config setting and copy it on the sbs box with no luck.  Here is our current state of affairs:

I have created the vpn on the rv042 and on the sbs with success.  This was done by specifying the IP addresses on both ends (sbs external 44.44.22.22, sbs internal 192.168.1.10, rv042 external 66.66.15.15, and rv042 internal 192.168.7.1).  It connects and I can see the connection on both ends with no problem.  Great you say, but here is the catch:  I can use the diagnostic utility on the rv042 to ping both the external and the internal IP of the sbs with no problem.  When I try the same ping from a workstation connected directly to the rv042 the ping fails.  Pinging from the sbs to either the external or the internal rv042 IP also fails.  I have tried configuring the rv042 so that it uses subnets rather than specific IPs but it will not make the vpn connection configured like this.  I have ensured that the sbs is configured with the remote network as 192.168.7.0 thru 192.168.7.255.  The vpn connects and works, even allowing a ping to reach the internal interface of the sbs, so it has to be configured correctly (but what do I know, I can't make it work right???).

Can someone PLEASE help explain why I can ping from the router but not from the client???  I really need this to work so that I can join the remote workstation to the domain.   I have the nagging feeling that I am missing a global setting on the sbs, but I don't know what it is.
0
choprzrul
Asked:
choprzrul
  • 2
2 Solutions
 
Keith AlabasterCommented:
What version of ISA server are you running? 2000 or 2004?
Open the ISA gui, select monitoring - logging - click start query - try the ping on the remote end.
What do you see in the log?

What rule do you have in the ISA to allow connections from VPN to internal?
0
 
choprzrulAuthor Commented:
It is on a SBS R2 2003 Premium box, ISA 2004 version 4.0.2167.887

pinging from the sbs box yields isa logging denial of ping.  I suppose it is because it is trying to ping a private IP space address.  The command prompt ping failure shows "negotiating IP security" in 3/4 of the ping tries.  The first one timed out.

ISA rules:  
Rule 1:  Remote VPN Outbound, action: allow, Protocols: all outbound traffic, from: internal & local host, to: Remote VPN, condition:  all users.
Rule 2:  Remote VPN Inbound, action: allow, Protocols:  all outbound traffic, from:  Remote VPN, to:  internal & local host, Condition:  all users

I can ping the internal interface of the sbs box from the rv042 just fine.  When I try and ping from a Vista workstation directly attached to the rv042 the ping fails.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
I realize you're frustrated with trying so many things... but in the midst of your frustration, you forgot to clearly explain exactly what it is that you are trying to do.  Are you trying to make a VPN Connection FROM SBS to somewhere else?

Or are you trying to create a VPN Tunnel between two RV042's?

Please just provide the basic details of what the goal is.

Jeff
TechSoEasy

0
 
choprzrulAuthor Commented:
I finally figured out that it wanted the VPN configured such that the remote office subnet in its entirety needed to be specified and only the internal SBS address needed specified.  Now fixed and running
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now