SBS 2003 Connection Manager uses IP of NIC as gateway

I have acquired a client who has SBS 2003. On a remote office, they have two computers connecting remotely using the SBS 2003 Connection Manager and the ip of the PPP connector only shows the NIC IP and the subnet (this was setup by someone else). I setup a new computer and used the connection manager to create a connection to the server but I am always getting the gateway to be the NIC IP. Therefore, I can't even ping the server. Find enclosed a document with the IP's on the local computer. I have tried from other two remote computers (different location) and I also tried it using a different SBS 2003 server (different location). I get the same results. I really don't know what I am doing wrong.
rauladanAsked:
Who is Participating?
 
Rob WilliamsCommented:
Odd then that others can connect and you cannot.
Can you provide an  ipconfig /all from the other machines? That might be helpful.

>>"why my is my PPP gateway the same IP address of my NIC?"
The PPP/VPN client will be assigned 1 of three gateway addresses:
1) the same IP as the VPN adapter. This disables "split tunneling" and forces all traffic through the VPN adapter and thus to the SBS. The reason for this is security. It blocks local network access to Internet , printers and local file shares. I believe the connection manager defaults to this configuration as it is the most secure.
2) 0.0.0.0 which enables "split-tunneling" allowing local network access as well as VPN access. More flexible, but less secure as anyone on the client subnet could conceivably access the corporate network through the VPN user.
3) blank. Not sure why it is sometimes displayed in this way, but the result is the same as #2

Some other thoughts:
-all routers have a limit as to the number of simultaneous outgoing VPN connections you can make, when using a software VPN client. I have seen these range from 1 to 9. Are you trying to connect while other users are connected.
-some 3rd party software will block PPTP VPN connections. If this is the case when you try to connect you should get a failure notice and an error number such as 721, 691, 800, etc.  Do you get any such notification?
0
 
rauladanAuthor Commented:
Sorry, I forgot to include the IP information. Here it is.


Connection-specific DNS Suffix  . : hsd1.fl.comcast.net.
Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Netw
tion
Physical Address. . . . . . . . . : 00-19-D2-B0-1C-7F
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.103
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 68.87.74.166
                                    68.87.68.166
Lease Obtained. . . . . . . . . . : Thursday, March 25, 2010 7:57:55 A
Lease Expires . . . . . . . . . . : Friday, March 26, 2010 7:57:55 AM


PPP adapter Connect to Small Business Server:

        Connection-specific DNS Suffix  . : cpt.local
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : 00-53-45-00-00-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.1.106
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 192.168.1.106
        DNS Servers . . . . . . . . . . . : 192.168.1.3
        Primary WINS Server . . . . . . . : 192.168.1.3
0
 
Rob WilliamsCommented:
The PPP IP will always be the IP of the NIC or 0.0.0.0 depending how the "use default remote gateway" is set. This setting is not available with the connection manager.

Regardless the issue is likely the site from which you are connecting and the site to which you are connecting are both using 192.168.1.x as their local subnets. This will not work. All network segments between host and client must be different for routing to take place. This is why it is important to use less common subnets at the server site.

Your only option is to change the subnet used at the client or server site. If you want to change the server site please advise as this has to be done very carefully with SBS 2003
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Rob WilliamsCommented:
Sorry above "the issue is likely" should read "the issue is"

For example when you try to connect to 192.168.1.3 your local router says "that is my subnet" and therefore does not forward the packet.

0
 
rauladanAuthor Commented:
I wonder how the other two computers are working fine and they are also using the same connection manager. Again, I didn't set those up but they work fine and they don't show a gateway when I look at the ip configuration. My question is how were the other two computers configured that they don't show a gateway? If I could figure that out, I think that I will be OK.
0
 
rauladanAuthor Commented:
Of course I can use a VPN instead of SBS Connection Manager but from what I read, the sbs is much faster and you are able to browse folders.
0
 
Rob WilliamsCommented:
The other users probably have home networks that use a different subnet such as 192.168.2.x
This is a very common problem.  In order for a packet to be routed it must belong to a different subnet than your local subnet. Therefore the local and remote subnets have to be different, as does every subnet in-between, but the internet uses non private addressing so there are no conflicts. Private addresses are 192.168.x.x, 10.x.x.x, and 172.16-31.x.x

As a result any VPN server site on which you plan to set up a VPN should use a subnet that is not similar to all the home router defaults. Thus when setting up the server you should avoid:
192.168.0.x, 192.168.1.x, 192.168.2.x, 10.0.0.x, 10.10.10.x, 172.16.0.x
Choosing a server site subnet of 192.168.1.x means no one connecting from a site using the same subnet can connect. Many hotels, internet cafe's, and homes use the defaults.
A default install of SBS will use 192.168.16.0 for this reason. Somebody changed this when setting up your SBS and network to match the existing router, rather than changing the router.

In some cases you can actually connect to the server itself, but no other device. Sometimes if the "use default remote gateway" is enabled, which is by default with the connection manager, it forces all traffic to the SBS, but only if the server uses 1 NIC, and it does not always work.

>>"Of course I can use a VPN instead of SBS Connection Manager but from what I read, the sbs is much faster and you are able to browse folders"
Connecting to the same site? The different subnet rule applies to any VPN, or routing for that matter.
I doubt the connection manager is much faster, it does however have the built-in required information to allow the client to have proper name resolution. If that is an issue with your other client you can fix that by adding to the virtual/VPN adapter the SBS as the DNS server and adding the domain suffix to the advanced DNS properties of the client.
0
 
rauladanAuthor Commented:
Thank you for all of your effort and explanation. What I was referring to about the other two PC's was that in the same office where I am trying to setup this computer, we already have another two computers connecting to the server using the Sbs Connection Manager and it works perfectly fine. That is when I looked at those two PC's and I saw that they don't have a gateway or DNS (only an IP and subnet). How was that other individual able to accomplish this? Also, why my is my PPP gateway the same IP address of my NIC? I will go there today and change the subnet and get back to you. Thank you again. I appreciate it very much.
0
 
rauladanAuthor Commented:
I totally forgot that this question was still open. Your instructions were so clear. As soon as I changed the remote location subnet IP to a different number, everything worked perfectly. Again, thank you for your help. I would have not been able to get it done without your help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.