3rd party vpn client recommended for SBS2011

What model/make outer do you have? Do you have access to it? Check if it has VPN capabilities.  You could also check the dhcp scope settings on the router, create the same scope with settings on the server, if you use ip-helper on any of your switches and change the ip to your dhcp server.  Then disable dhcp on your router and activate scope on your server.

.

Adtran 1700, sorry busy weekend.

My bad, it's an Adtran NetVanta 7100

Your router is VPN capable, but if you want to set up dhcp on your server and have your VoIP phone work, check the link below.

https://adtransupport.jive-mobile.com/#jive-document?content=https%3A%2F%2Fadtransupport.jive-mobile.com%2Fapi%2Fcore%2Fv2%2Fdocuments%2F5494

Your router is VPN capable

If I were to configure the VPN on the router with the current configuration will the Adtran act as the VPN server? Connections fail saying there's not a vpn server available and I'm aware routing and remote access is disabled on the SBS2011. The rules from the Adtran for VPN point to the SBS server doesn't this mean this is where the VPN server (remote access server) should be running. I don't see how the Adtran is providing VPN? If I need to verify let me know.

lruiz52 thank you for the link I like the approach better configuring DHCP on the server. Question, do you see that the phones are on a different VLAN than the LAN being a problem?

Thanks

Hi RobWill this may be what's missing the RRAS on the router. I'm following the old rule configured on the router that was connected to the SBS2003 server thinking it would point forward to the RRAS on the SBS2011 however when I turn on RRAS on SBS2011 exchange drops out and internet. I turn off RRAS and it comes back. I'm not 100% sure how the old IT group configured the SBS2003 because it died and then allot of "work" was done and not sure if it followed standards we all follow or they were "just able to get it to work".

I turned off DHCP on the router and something strange going on with the SBS2011 DHCP, the entire scope of IP's fills up and says "BAD ADDRESS" and the Polycom phones report there's a duplicate address when there isn't. I expect this is because of the BAD ADDRESS though.

Couldn't get DHCP to connect the phones to the config file needed even after creating another scope and manually programming one phone. Even though DHCP wouldn't configure the phones I was able to start RRAS and it was stable, I then turned off DHCP on the server and configure the Adtran router for DHCP on VLAN1 and VLAN2 and RRAS didn't seem to mind now VPN access works.

Interesting.  BAD_ADDRESS usualy means that address is in use though it can be caused by an existing arp table, retained DHCP leases, a bridged connection on a PC or server, or other.

If using VLAN's could you use DHCP on the SBS VLAN for PC's/clients and DHCP on the router for the other VLAN and phones?

If moving DHCP top the server you may want toreview the followin.  It's an old article, but still applies.  See "Moving the DHCP Server Service to the Computer Running Windows Small Business Server 2003" near the bottom of the page.
http://technet.microsoft.com/en-us/library/cc747341.aspx

If using VLAN's could you use DHCP on the SBS VLAN for PC's/clients and DHCP on the router for the other VLAN and phones?

not sure I can pull this off, I tried to configure something like this and the SBS didn't like it. SBS didn't like any DHCP configured anywhere or it completely locked up, could be something I'm doing with the configuration too.

I've never had a server do the BAD ADDRESS then again I've not had a router that I didn't configure myself, there's too much phone configuration to completely wipe it clean and start from scratch.

SBS "should" only complain if the other DHCP server is on the same network segment.

Are your phones and PC's physically wired separately or are the PC's plugged into the network jacks on the phones?  The latter complicates maters a great deal.

SBS "should" only complain if the other DHCP server is on the same network segment.

agree but there's a switch in the phone that splits off the networks, or so the phone guy says. This config caused problems.

Are your phones and PC's physically wired separately or are the PC's plugged into the network jacks on the phones?  The latter complicates maters a great deal.

unfortunately they phones are connected to the switch and the computer's connected to the phones. Not my preference but I wasn't there during installation.

RobWill, good point. not to drag this question on and on but one bad thing is the server gets caught in a loop if it needs to be restarted, this makes a challenge when installing updates. I suspect it's DNS and the server trying to apply settings during boot looking for the domain. When I unplug the network cable it then moves past "applying network settings".

Work-around I have DRAC configured and can recycle the NIC...well I haven't tested yet but I'm confident this will work.

I'd rather not have to do this though.

Though SBS definitely prefers to be the DHCP server it should work with the router as the DHCP server if properly configured.

-Disable the DHCP service on the SBS
-Make sure the SBS has a static IP
-The server's NIC must point ONLY to its own IP for DNS.  Do not add an alternate, not the router or ISP.
-In the DNS forwarders add the ISP's DNS servers' IPs.
-On the router in the LAN DHCP configuration, configure DNS so that it points ONLY to the SBS server's IP, again do not add the router or ISP even as an alternate

If you need a hand with any of that let me know.
The one catch there is the phones will use the server for DNS, but there is no way around that in a Windows domain, unless you can configure 2 sets of scope options.

thank you, as always EE provides great knowledge and assistance - thank you