Solved

vpn ip range on sbs2011

Posted on 2012-03-17
5
1,076 Views
Last Modified: 2012-03-17
When I connect to our VPN server managed by our SBS2011 server, the IP address I get is in the range of 169.254.128.x. Our lan IP range is 192.168.0.x. Shouldn't the VPN ip address I get be in the same range as the local lan ? Access to to shares on the server itself from the vpn pc works fine, but I cannot ping any device on our local lan ip (192.168.0.x). Should the VPN wizard on the server reconfigure the proper ip settings, or use different method ?

This started happening after a major problem caused by Eset's uninstaller utility on the server. The normal uninstall did not work, so had to use their utility to cleanup the remainings of Eset. But after running it and rebooting the server, The uninstaller had reset all network cards, set to dhcp, etc etc. So AD was not working anymore, nwk cards were disabled, could not connect to the server anymore, quite a nightmare. Long story short, after putting back the ip address and network settings on the card, the server was finally functionnal and pc's could access it normally, with Exchange services, RWA, etc. The VPN seems to be the last item to fix back.

Thanks.
0
Comment
Question by:ndidomenico
  • 3
  • 2
5 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 37732777
I would run the fix my network wizard located in the SBS management console under network | connectivity, then re-run the VPN wizard which will recreate the VPN using the SBS's own DHCP server for handing out IP's to VPN clients.

Though the above method is the correct method for SBS, if you are unsuccessful you can set a DHCP range, a static address pool, for VPN clients by opening the RRAS console, right click on the server name and choose properties, and select static address pool under the IPv4 tab.

For the record 168.254.x.x  will work, but it will only allow you to connect to the SBS itself unless you maually add static routes to VPN client machines and the machines to which they are connecting.
0
 

Author Comment

by:ndidomenico
ID: 37732878
Thanks Robwill. Ran the fix my network, which found 3 problems that it was able to fix successfully (1:no static ip for ipv6, 2:dns server not listening to ip address of primary nwk card, 3: time service is not enabled). Then ran the vpn wizard. Now can connect vpn and I get a proper ip address in the same range as the local lan. Can ping devices on the network, can browse shares on the server. Great !

The only problem that remains is that name resolution does not work , except for the server name itself (which I am able to browse shared folders on it using its name and not having to use it's ip address). IE: I can vnc to a pc using the ip address but ping or vnc using the pc name will not work. Note: I did not enter anything in the vpn properties for DNS and Wins IP addresses.
Any idea ?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 37732894
With SBS 2003 the VPN wizard created a deploayble package that contained the DNS IP and DNS suffix to allow for name resolution.  Unfortunately SBS 2008/2011 does not have this. However it is easy to manaulay add. See the following link (my Blog):
http://blog.lan-tech.ca/2011/05/14/vpn-client-name-resolution-2/

If you have multiple clients and you want to create an deplyable client that is preconfigured for your network, has the neccessary name resolution changes, and is slightly more secure, see:
http://blog.lan-tech.ca/2012/01/30/windows-vpn-client-deployment/
0
 

Author Comment

by:ndidomenico
ID: 37732930
Thank you so much Robwill. The DNS setting with the suffix worked perfectly ! I think everything is back to normal, thanks to your help !
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 37733064
Very welcome. Glad to hear you were able to resolve.
Cheers!
--Rob
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now