Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 591
  • Last Modified:

Branches on SBS network

Hi all,

Client of mine installed SBS 2003 onto their network. The lan range is 172.26.92.x. We installed a broadband solution for them going out on a second network card.

They then got a company to install a VOIP solution in for all their branches as well as routers. They VOIP is not working - apparently the ISA server or this sbs box is preventing traffic between the branches. The branches have been setup on ip ranges 172.26.93.x, 172.26.94.x and so for. There are routers between the branches on 10.1.3.70 and 10.1.3.65 and so forth.

What do i need to do to the SBS server to ensure that these ranges can all "see" each other?

Thanks
Sean
0
SeanNij
Asked:
SeanNij
  • 13
  • 9
1 Solution
 
Dave_ANDCommented:
it will be the ISA preventing traffic, you need to open your ISA up to all the VoIP ports the compnay gives you. Also make sure you are using a 255.255.255.0 subnet if your are not already, Personally i would remove ISA server if you want to implement a wide area VPN between sites, as ISA is very tricky to get working like this.
0
 
SeanNijAuthor Commented:
Diabled firewall in the ICW - still happening - does this mean isa still "running"?
Need i add anything to routing or remote access or anything?
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Please see this blog post for how to create VPN Tunnels between SBS and branch locations with ISA Server in the mix:  http://sbsurl.com/vpntunnel

You'll note that the tunnel connections bypass ISA as they should, since it's inter-site encrypted traffic.

Jeff
TechSoEasy
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
SeanNijAuthor Commented:
Uninstalled ISA completely now.
Do i need to do anything to the server to include those ip's branches as "internal" so as too stop it going via the gateway to the internet?
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
If you uninstalled ISA, you should make sure that the Proxy Clients are uninstalled from your workstations... just FYI.

Then, how do you have the branch offices connecting?  Do you have router-to-router VPN tunnels?  Or do you have additional domain controllers in the branches?

Jeff
TechSoEasy
0
 
SeanNijAuthor Commented:
yup thanks...did muck that one up....

router to router vpn tunnels, and its just pcs at each branch

if i tracert say to 172.26.95.1, i can see it going out the default gateway as opposed to staying on the "internal" network?
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
That's because it's outside of your IP Subnet.  You will have to create persistent routes in order to get them to communicate  to eachother.  There is an example of how to do this in the article I linked above.

Jeff
TechSoEasy
0
 
SeanNijAuthor Commented:
Jeff, okay I think i understand (well here is hoping anyway)

The VPN router on "Main Office" has ip address 10.1.3.70 (our public ip is 172.26.92.x)
The VPN router on "Remote Office" has ip address 10.1.3.65 (there public ip is 172.26.95.x)

In essence is a muck up - cause the Main Office Router should be on 172.26.92.y) ?

Or can i still add routes?
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
172.26.x.x is not a PUBLIC routable IP Subnet.  You wouldn't necessarily need to have 172.26.92.y (so to speak) because you can certainly create a persistent route between the two IP Subnets... but actually if the Subnet Mask is 255.255.0.0, then they are actually on the same subnet anyhow.

It would be very helpful if you provided a COMPLETE ipconfig /all from the SBS.  And one from a PC in a remote office.  Also, what is the make/model of these routers?

Essentially the 172.26.x.x configuration should be transparent to the computers as that's the whole point of a Router-to-Router VPN.

Jeff
TechSoEasy
0
 
SeanNijAuthor Commented:
Ipconfig for the server. Everyone in branches gone home for weekend - so i will get that info only on Monday.

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : bohlerjhb01
   Primary Dns Suffix  . . . . . . . : BOHLER.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : BOHLER.local

Ethernet adapter Server Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HP NC7761 Gigabit Server Adapter
   Physical Address. . . . . . . . . : 00-15-60-0B-1B-53
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 172.26.92.3
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 172.26.92.3
   Primary WINS Server . . . . . . . : 172.26.92.3

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet
NIC
   Physical Address. . . . . . . . . : 00-11-95-5C-49-F7
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 196.37.1.58
   Subnet Mask . . . . . . . . . . . : 255.255.255.248
   Default Gateway . . . . . . . . . : 196.37.1.57
   DNS Servers . . . . . . . . . . . : 172.26.92.3
   NetBIOS over Tcpip. . . . . . . . : Disabled
0
 
SeanNijAuthor Commented:
Bohler_pinetown#trace

Protocol [ip]:
Target IP address: 172.26.92.3
Source address: 172.26.96.1
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:

Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 172.26.92.3
  1 10.1.1.45 40 msec 24 msec 24 msec
  2 10.1.3.69 48 msec 48 msec 48 msec
  3 10.1.3.70 48 msec 48 msec 52 msec
  4  *  *  *
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
I don't understand why you posted that... are you going to post the IPCONFIG /ALL as requested?

Jeff
TechSoEasy
0
 
SeanNijAuthor Commented:
Jeff, sorry, that was the info that the VPN guys were complaining about.
Yes, I've asked the inhouse it person to get me an ipconfig /all on the branches
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
"that was the info that the VPN guys were complaining about. "

What VPN guys?  What complaints?

I can't read your mind here... if you want to share the information about what the specific complaints were and who was having the problems, that would certainly help.

Jeff
TechSoEasy
0
 
SeanNijAuthor Commented:
Windows IP Configuration

Host Name           : Shawn
Primary Dns Suffix:
Node Type            : Unknown
IP Routing Enabled  : No
Wins Proxy Enabled: No

Ethernet Adapter Local Area Connection 2:
Connection- Specific DNS Suffix : bohlerjhb01.local
Description           : Broaddcom NetXtreme Gigabit Ethernet
Physical Address  : 00-0F-FE-41-6A-94
Dhcp Enabled       : No
IP Address           : 172.26.92.83
Subnet Mask        :255.255.255.240
Default Gateway    :172.26.92.94
DNS Servers         : 172.26.92.3

0
 
SeanNijAuthor Commented:
The guys who setup the VOIP sorry are the ones who complaining thats it the VPN thats not configured properly and thats why the branches can use VOIP?

Above is the ip config from one of the pc's at one of the branches.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
So, the PC "Shawn" is not a member of the domain?  How come?

Also, how did the "Connection-Specific DNS Suffix" get set to: "bohlerjhb01.local"?

Your Domain is BOHLER.local, not bohlerjhb01.local.

Jeff
TechSoEasy
0
 
SeanNijAuthor Commented:
The IT person never set it up a member. I think she set the bohlerjhb01.local manually. Let me start by fixing those.

0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Well, if "Shawn" is in a remote location, then you need to follow this workaround for joining it to the SBS domain properly (because you can't use http://<servername>/connectcomputer over a VPN connection usually).

http://www.smallbizserver.net/tabid/266/ArticleType/ArticleView/ArticleID/83/Default.aspx

But I'm still a bit confused about how these branch offices are connected.  Is there a router in each location maintaining a VPN Tunnel?  If so, what make/model?

Jeff
TechSoEasy
0
 
SeanNijAuthor Commented:
Head office is a Cisco 3620.  Other sites have Cisco 1720
Bohler_HO#sh ver
Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3620-I-M), Version 12.2(23), RELEASE SOFTWARE (fc2)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Wed 28-Jan-04 16:20 by kellmill
Image text-base: 0x60008930, data-base: 0x60A3C000

ROM: System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Bohler_HO uptime is 8 weeks, 2 days, 23 hours, 19 minutes

System returned to ROM by power-on
System image file is "flash:c3620-i-mz.122-23.bin"

cisco 3620 (R4700) processor (revision 0x81) with 27648K/5120K bytes of memory.
Processor board ID 17149835
R4700 CPU at 80Mhz, Implementation 33, Rev 1.0
Bridging software.
X.25 software, Version 3.0.0.
2 FastEthernet/IEEE 802.3 interface(s)
1 Serial network interface(s)
DRAM configuration is 32 bits wide with parity disabled.
29K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
A little too much information... :-)

Just make/model is all I was looking for.

I'm not going to be able to provide you with a complete VPN configuration solution.  Your question is far to vague at this point.  Please enlist the assistance of a qualified consultant to help you sort this out.  If you have a specific question that you need assistance with, please feel free to ask, but so far, I haven't seen anything but info dumping on your part.  

Jeff
TechSoEasy
0
 
SeanNijAuthor Commented:
thanks. yes, bit of a sidetrack here.

I just want to know if i need to do anything to the sbs server to open it too those ranges for the VOIP too work or is the network a stuff up to begin with?
0
 
SeanNijAuthor Commented:
We added persistent routes and that seemned to work . Thanks for all the advice.
Sean
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 13
  • 9
Tackle projects and never again get stuck behind a technical roadblock.
Join Now