Solved

VPN access to SBS2003 via Zyxel router

Posted on 2009-05-19
10
440 Views
Last Modified: 2013-11-21
Trying to set up a VPN to my SBS2003 LAN. I can go through the VPN setup wizard on an external PC, connect to my router IP and have NAT and firewall configured so it passes through to the SBS2003 server. The connection is made successfully and i'm connected. Great.

But i cant map drives to the shares on the SBS server. Cant ping the SBS server. Cant do an nslookup and get the SBS servers name/IP while connected via the VPN. Although the VPN is up and connected, its useless as i cant connect to or ping anything on the LAN

Have used the wizard in SBS to set everything up and cant understand why its not working

I also have a web cam device on the LAN that uses port 37777 and that has stopped working too over the VPN (all of the above works fine internally)

I need 2 things to work. The camera system on port 37777 and file sharing so i can map a drive to \\servernme\sharename

I can use RWW as this works OK but viewing the cameras and working with files is a bit clunky and slow over RDP
0
Comment
Question by:Izattafact
  • 5
  • 5
10 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 24427083
Is there any chance the SBS and the connecting client use the same local subnet at their respective sites, such as both sites using 192.168.1.x? They must be different or you will experience inability to access resources, even though you can connect to the server with the VPN.

You may also want to review the SBS VPN set up procedure:
http://www.lan-2-wan.com/SBS-VPN-instr.htm
0
 

Author Comment

by:Izattafact
ID: 24436111
yes the remote site is 192.168.1.x and the SBS lan is all 192.168.1.x - will this cause a problem you think? It was working before and i dont know what changed to make it stop working. In fact my own LAN is 192.168.1.x too and i get the same issue....hmmm i'll try and change my lan to 192.168.2.x to see if it makes a difference
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24437458
A basic rule of routing is no two network segments in the path from client to host can have the same subnet. Packets are routed based on the subnet to which they belong. If a local and remote location have the subnet, where should the packets be forwarded?
You will need to change one site or the other. It is generally best to change the server site as no one will be able to connect from a site that uses a default router subnet of 192.168.1.x such as a hotel. However, changing the server site, especially an SBS, can be a big job. If you decide to do so plan carefully and if changing the SBS LAN IP you *MUST* use the change server IP wizard in the server management console under Internet and e-mail. Failing to do so will break most SBS services. After completion you also need to re-run the CEICW.
0
 

Author Comment

by:Izattafact
ID: 24441863
i thought NAT should handle all this but i see your point. If my subnet at home and another subnet at another home both use 192.168.1.x with 192.168.1.254 as theiur default gateway, the it stands to reason that the default gateway will try to find any other 192.168.1.x addresses so will never route outside of the local lan. Strange though, that when the PPP connection is made, it gets an IP and gets the DHCP and DNS server information from the DHCP server. So what happens whn you connect a PC normally using a VPN? Does it use the default gateway on the VPN connection or on the LAN side - need to do a route print to find this one out. Will try tonight and let you know (though still puzzled why it worked before...)
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24442291
Correct all packets for that subnet are kept local, by the local router.
The one exception to this and why it can sometimes work is the VPN/PPP adapter is assigned an IP in the remote subnet, which may be the same as the local subnet. It also gets a static route added to the local routing table for that one IP, with its own default gateway (which is the same as the assigned IP). Traffic is then routed to the VPN server for that one IP which also corresponds to the DNS and WINS IP's. However, for this to work the "use remote default gateway" option must be checked/enabled in the VPN/virtual adapter. Even though this can allow access to the remote VPN server, if that server has a single NIC and uses the same subnet for its LAN, you will not be able to connect to any other IP at that site with the same subnet, again due to the same routing issue.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:Izattafact
ID: 24532249
Spot on RobWill. Worked a treat. Thanks
0
 

Author Closing Comment

by:Izattafact
ID: 31582909
Thanks mate saved my ass there!!
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24532274
Glad to hear. Thanks Izattafact.
Cheers!
--Rob
0
 

Author Comment

by:Izattafact
ID: 24532307
did you get your points?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24532598
:-)  yes thank you very much.
--Rob
0

Featured Post

[Webinar] Disaster Recovery and Cloud Management

Learn from Unigma and CloudBerry industry veterans which providers are best for certain use cases and how to lower cloud costs, how to grow your Managed Services practice in IaaS clouds, and how to utilize public cloud for Disaster Recovery

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

My previous article  (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_4466-A-beginners-guide-to-installing-SCCM2007-on-Windows-2008-R2-Server.html)detailed one possible method to get SCCM 2007 installed an…
Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now