Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

VPN access to SBS2003 via Zyxel router

Posted on 2009-05-19
10
Medium Priority
?
455 Views
Last Modified: 2013-11-21
Trying to set up a VPN to my SBS2003 LAN. I can go through the VPN setup wizard on an external PC, connect to my router IP and have NAT and firewall configured so it passes through to the SBS2003 server. The connection is made successfully and i'm connected. Great.

But i cant map drives to the shares on the SBS server. Cant ping the SBS server. Cant do an nslookup and get the SBS servers name/IP while connected via the VPN. Although the VPN is up and connected, its useless as i cant connect to or ping anything on the LAN

Have used the wizard in SBS to set everything up and cant understand why its not working

I also have a web cam device on the LAN that uses port 37777 and that has stopped working too over the VPN (all of the above works fine internally)

I need 2 things to work. The camera system on port 37777 and file sharing so i can map a drive to \\servernme\sharename

I can use RWW as this works OK but viewing the cameras and working with files is a bit clunky and slow over RDP
0
Comment
Question by:Izattafact
  • 5
  • 5
10 Comments
 
LVL 78

Accepted Solution

by:
Rob Williams earned 2000 total points
ID: 24427083
Is there any chance the SBS and the connecting client use the same local subnet at their respective sites, such as both sites using 192.168.1.x? They must be different or you will experience inability to access resources, even though you can connect to the server with the VPN.

You may also want to review the SBS VPN set up procedure:
http://www.lan-2-wan.com/SBS-VPN-instr.htm
0
 

Author Comment

by:Izattafact
ID: 24436111
yes the remote site is 192.168.1.x and the SBS lan is all 192.168.1.x - will this cause a problem you think? It was working before and i dont know what changed to make it stop working. In fact my own LAN is 192.168.1.x too and i get the same issue....hmmm i'll try and change my lan to 192.168.2.x to see if it makes a difference
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 24437458
A basic rule of routing is no two network segments in the path from client to host can have the same subnet. Packets are routed based on the subnet to which they belong. If a local and remote location have the subnet, where should the packets be forwarded?
You will need to change one site or the other. It is generally best to change the server site as no one will be able to connect from a site that uses a default router subnet of 192.168.1.x such as a hotel. However, changing the server site, especially an SBS, can be a big job. If you decide to do so plan carefully and if changing the SBS LAN IP you *MUST* use the change server IP wizard in the server management console under Internet and e-mail. Failing to do so will break most SBS services. After completion you also need to re-run the CEICW.
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 

Author Comment

by:Izattafact
ID: 24441863
i thought NAT should handle all this but i see your point. If my subnet at home and another subnet at another home both use 192.168.1.x with 192.168.1.254 as theiur default gateway, the it stands to reason that the default gateway will try to find any other 192.168.1.x addresses so will never route outside of the local lan. Strange though, that when the PPP connection is made, it gets an IP and gets the DHCP and DNS server information from the DHCP server. So what happens whn you connect a PC normally using a VPN? Does it use the default gateway on the VPN connection or on the LAN side - need to do a route print to find this one out. Will try tonight and let you know (though still puzzled why it worked before...)
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 24442291
Correct all packets for that subnet are kept local, by the local router.
The one exception to this and why it can sometimes work is the VPN/PPP adapter is assigned an IP in the remote subnet, which may be the same as the local subnet. It also gets a static route added to the local routing table for that one IP, with its own default gateway (which is the same as the assigned IP). Traffic is then routed to the VPN server for that one IP which also corresponds to the DNS and WINS IP's. However, for this to work the "use remote default gateway" option must be checked/enabled in the VPN/virtual adapter. Even though this can allow access to the remote VPN server, if that server has a single NIC and uses the same subnet for its LAN, you will not be able to connect to any other IP at that site with the same subnet, again due to the same routing issue.
0
 

Author Comment

by:Izattafact
ID: 24532249
Spot on RobWill. Worked a treat. Thanks
0
 

Author Closing Comment

by:Izattafact
ID: 31582909
Thanks mate saved my ass there!!
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 24532274
Glad to hear. Thanks Izattafact.
Cheers!
--Rob
0
 

Author Comment

by:Izattafact
ID: 24532307
did you get your points?
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 24532598
:-)  yes thank you very much.
--Rob
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

1. Boot PC and press F10, select storage options and change the compatibility from “AHCI” to “IDE”, save and exit 2. Boot PC and press F12 3. Upon PXE display of searching for DHCP server, press Pause break to obtain MAC address 3. Open Configu…
The question has been asked on multiple occasions as to how best to do printing in a remote desktop or terminal services environment.   It seems that this particular question has plagued several people and most especially as Terminal Services, as…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question