We help IT Professionals succeed at work.

SBS + RV042 + VPN = ???

1,033 Views
Last Modified: 2008-11-17
We have been fighting this for a while now.  It started with a Netgear router on both ends with a tunnel between them and remote users initiating a client based vpn to connect to the SBS 2003 R2 Premium box.  It was a very unreliable connection method and proved unsatisfactory for our customer.  We are now using  RV042's at another location to connect remote clients into a stand alone ISA server without issue.  However, we can not make the same type of connection work with the sbs.  I have even went so far as to screen capture every ISA config setting and copy it on the sbs box with no luck.  Here is our current state of affairs:

I have created the vpn on the rv042 and on the sbs with success.  This was done by specifying the IP addresses on both ends (sbs external 44.44.22.22, sbs internal 192.168.1.10, rv042 external 66.66.15.15, and rv042 internal 192.168.7.1).  It connects and I can see the connection on both ends with no problem.  Great you say, but here is the catch:  I can use the diagnostic utility on the rv042 to ping both the external and the internal IP of the sbs with no problem.  When I try the same ping from a workstation connected directly to the rv042 the ping fails.  Pinging from the sbs to either the external or the internal rv042 IP also fails.  I have tried configuring the rv042 so that it uses subnets rather than specific IPs but it will not make the vpn connection configured like this.  I have ensured that the sbs is configured with the remote network as 192.168.7.0 thru 192.168.7.255.  The vpn connects and works, even allowing a ping to reach the internal interface of the sbs, so it has to be configured correctly (but what do I know, I can't make it work right???).

Can someone PLEASE help explain why I can ping from the router but not from the client???  I really need this to work so that I can join the remote workstation to the domain.   I have the nagging feeling that I am missing a global setting on the sbs, but I don't know what it is.
Comment
Watch Question

Enterprise Architect
CERTIFIED EXPERT
Top Expert 2008
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
It is on a SBS R2 2003 Premium box, ISA 2004 version 4.0.2167.887

pinging from the sbs box yields isa logging denial of ping.  I suppose it is because it is trying to ping a private IP space address.  The command prompt ping failure shows "negotiating IP security" in 3/4 of the ping tries.  The first one timed out.

ISA rules:  
Rule 1:  Remote VPN Outbound, action: allow, Protocols: all outbound traffic, from: internal & local host, to: Remote VPN, condition:  all users.
Rule 2:  Remote VPN Inbound, action: allow, Protocols:  all outbound traffic, from:  Remote VPN, to:  internal & local host, Condition:  all users

I can ping the internal interface of the sbs box from the rv042 just fine.  When I try and ping from a Vista workstation directly attached to the rv042 the ping fails.
Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
I finally figured out that it wanted the VPN configured such that the remote office subnet in its entirety needed to be specified and only the internal SBS address needed specified.  Now fixed and running
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.