We have been fighting this for a while now. It started with a Netgear router on both ends with a tunnel between them and remote users initiating a client based vpn to connect to the SBS 2003 R2 Premium box. It was a very unreliable connection method and proved unsatisfactory for our customer. We are now using RV042's at another location to connect remote clients into a stand alone ISA server without issue. However, we can not make the same type of connection work with the sbs. I have even went so far as to screen capture every ISA config setting and copy it on the sbs box with no luck. Here is our current state of affairs:
I have created the vpn on the rv042 and on the sbs with success. This was done by specifying the IP addresses on both ends (sbs external 126.96.36.199, sbs internal 192.168.1.10, rv042 external 188.8.131.52, and rv042 internal 192.168.7.1). It connects and I can see the connection on both ends with no problem. Great you say, but here is the catch: I can use the diagnostic utility on the rv042 to ping both the external and the internal IP of the sbs with no problem. When I try the same ping from a workstation connected directly to the rv042 the ping fails. Pinging from the sbs to either the external or the internal rv042 IP also fails. I have tried configuring the rv042 so that it uses subnets rather than specific IPs but it will not make the vpn connection configured like this. I have ensured that the sbs is configured with the remote network as 192.168.7.0 thru 192.168.7.255. The vpn connects and works, even allowing a ping to reach the internal interface of the sbs, so it has to be configured correctly (but what do I know, I can't make it work right???).
Can someone PLEASE help explain why I can ping from the router but not from the client??? I really need this to work so that I can join the remote workstation to the domain. I have the nagging feeling that I am missing a global setting on the sbs, but I don't know what it is.