Solved

VPN access to SBS2003 via Zyxel router

Posted on 2009-05-19
10
439 Views
Last Modified: 2013-11-21
Trying to set up a VPN to my SBS2003 LAN. I can go through the VPN setup wizard on an external PC, connect to my router IP and have NAT and firewall configured so it passes through to the SBS2003 server. The connection is made successfully and i'm connected. Great.

But i cant map drives to the shares on the SBS server. Cant ping the SBS server. Cant do an nslookup and get the SBS servers name/IP while connected via the VPN. Although the VPN is up and connected, its useless as i cant connect to or ping anything on the LAN

Have used the wizard in SBS to set everything up and cant understand why its not working

I also have a web cam device on the LAN that uses port 37777 and that has stopped working too over the VPN (all of the above works fine internally)

I need 2 things to work. The camera system on port 37777 and file sharing so i can map a drive to \\servernme\sharename

I can use RWW as this works OK but viewing the cameras and working with files is a bit clunky and slow over RDP
0
Comment
Question by:Izattafact
  • 5
  • 5
10 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 24427083
Is there any chance the SBS and the connecting client use the same local subnet at their respective sites, such as both sites using 192.168.1.x? They must be different or you will experience inability to access resources, even though you can connect to the server with the VPN.

You may also want to review the SBS VPN set up procedure:
http://www.lan-2-wan.com/SBS-VPN-instr.htm
0
 

Author Comment

by:Izattafact
ID: 24436111
yes the remote site is 192.168.1.x and the SBS lan is all 192.168.1.x - will this cause a problem you think? It was working before and i dont know what changed to make it stop working. In fact my own LAN is 192.168.1.x too and i get the same issue....hmmm i'll try and change my lan to 192.168.2.x to see if it makes a difference
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24437458
A basic rule of routing is no two network segments in the path from client to host can have the same subnet. Packets are routed based on the subnet to which they belong. If a local and remote location have the subnet, where should the packets be forwarded?
You will need to change one site or the other. It is generally best to change the server site as no one will be able to connect from a site that uses a default router subnet of 192.168.1.x such as a hotel. However, changing the server site, especially an SBS, can be a big job. If you decide to do so plan carefully and if changing the SBS LAN IP you *MUST* use the change server IP wizard in the server management console under Internet and e-mail. Failing to do so will break most SBS services. After completion you also need to re-run the CEICW.
0
 

Author Comment

by:Izattafact
ID: 24441863
i thought NAT should handle all this but i see your point. If my subnet at home and another subnet at another home both use 192.168.1.x with 192.168.1.254 as theiur default gateway, the it stands to reason that the default gateway will try to find any other 192.168.1.x addresses so will never route outside of the local lan. Strange though, that when the PPP connection is made, it gets an IP and gets the DHCP and DNS server information from the DHCP server. So what happens whn you connect a PC normally using a VPN? Does it use the default gateway on the VPN connection or on the LAN side - need to do a route print to find this one out. Will try tonight and let you know (though still puzzled why it worked before...)
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24442291
Correct all packets for that subnet are kept local, by the local router.
The one exception to this and why it can sometimes work is the VPN/PPP adapter is assigned an IP in the remote subnet, which may be the same as the local subnet. It also gets a static route added to the local routing table for that one IP, with its own default gateway (which is the same as the assigned IP). Traffic is then routed to the VPN server for that one IP which also corresponds to the DNS and WINS IP's. However, for this to work the "use remote default gateway" option must be checked/enabled in the VPN/virtual adapter. Even though this can allow access to the remote VPN server, if that server has a single NIC and uses the same subnet for its LAN, you will not be able to connect to any other IP at that site with the same subnet, again due to the same routing issue.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:Izattafact
ID: 24532249
Spot on RobWill. Worked a treat. Thanks
0
 

Author Closing Comment

by:Izattafact
ID: 31582909
Thanks mate saved my ass there!!
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24532274
Glad to hear. Thanks Izattafact.
Cheers!
--Rob
0
 

Author Comment

by:Izattafact
ID: 24532307
did you get your points?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24532598
:-)  yes thank you very much.
--Rob
0

Featured Post

Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

Join & Write a Comment

Suggested Solutions

Case Summary: In this Article we introduce the new method to configure the default user profile using Automated profile copy with sysprep rather than the old ways such as the manual copy of a configured profile to default user profile Old meth…
The environment that this is running in is SCCM 2007 R2 running on a Windows 2008 R2 server. The PXE Distribution point is running on its own Windows 2008 R2 box. This is what Event viewer showed after trying to start the WDS service:  An erro…
This video discusses moving either the default database or any database to a new volume.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now