?
Solved

VPN connection windows8 SBS2013

Posted on 2013-06-26
5
Medium Priority
?
821 Views
Last Modified: 2013-06-27
I am able to make a VPN connection from a windows8 client to SBS2013.
Once connected, I can access the shared volumes on the server but cannot access other devices on the LAN.  The VPN connection gets an IP address on a different subnet than the LAN. LAN I.P. is 192.222.33.X  the VPN client gets: 192.222.254.X

How can enable the client access to other devices i.e. 192.222.33.50

The firewall is a Checkpoint appliance authenticating via Radius.
0
Comment
Question by:ivolach
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39279833
Is it actually a "VPN connection from a windows8 client to SBS2013" or a VPN connection to the CheckPoint appliance?  i.e. is the Checkpoint unit the VPN server or the SBS?

Try on the connecting client, from a command prompt with elevated privileges, adding a route as a test:
route add  192.222.33.0  mask  255.255.255.0  192.222.254.xyz
assuming the SBS LAN is 192.168.33.0  and substitute the correct latst octet of the client's VPN IP for xyz.

To remove:
 route delete  192.222.33.0

You also need a return route but presumably the CheckPoint is the  default gateway for all machines on that LAN, which will take care of that.

This is not a good long term solution as the VPN client IP will change, but if successful we can go from there.

Software firewalls on all device may block abscess as well, as generally the firewall exceptions are for local LAN access only.  Ping is often allowed , use it as a test, or try disabling software firewalls on the devices to which you want to connect.

ps- SBS 2013?  A typo?  I assume 2003?
0
 

Author Comment

by:ivolach
ID: 39281591
1. It is SBS2010
2. The connection is going through the Checkpoint unit but I believe the VPN server is actually the SBS
3. I have tried the Route add but the problem still exists.
4. It looks like the problem occurs only when I try to connect a non-domain computer from within the LAN.  The client is connected inside the office through WIFI with on a separate sub-domain (for visitors).  When I make the VPN connection from outside the office everything seems to be working properly, with the VPN connection getting the right I.P. address.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39281652
>>"The client is connected inside the office through WIFI with on a separate sub-domain "
This sounds like a different network segment.  Many WiFi routers create a visitor network that is isolated an unreachable form the corporate LAN intentionally for security reasons.  If thisis the case they are not going to be accessible.

Are there devices on the wired SBS LAN to which you can connect?

Can you elaborate on the network configuration, as per the following questions?

 >>"I believe the VPN server is actually the SBS"
You need to confirm this as it makes a difference.

Does the SBS have 1 or 2 NIC's, and what are their IP's?

>>"The VPN connection gets an IP address on a different subnet than the LAN. "
Though this is quite acceptable it is not a default SBS configuration  (unless ISA, see below).  Did you create the VPN with the SBS wizard in the Server management console (as should be done) or within the RRAS console?

Is ISA installed on the SBS  (i.e. SBS premium with ISA)?

Can a WiFi client ping the SBS?
0
 

Author Comment

by:ivolach
ID: 39282465
I have found that when I set up the VPN to use certificate for L2TP connection, everything works as expected.  If I set the advanced to connect using a pre-shared key the connection get assigned the different I.P. subnet.
I think that with the pre-shared key, the checkpoint appliance acts as the VPN server and when the certificate is used the SBS acts as the VPN server
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 2000 total points
ID: 39282835
If you are going to use SBS as the VPN server I recommend using the SBS "Configure remote access" wizard and not RRAS to configure.  This will create a PPTP VPN.  You then run the SBS "Create remote access disk" wizard to create a deployable SBS "Connection Manager".

If you want better security, which is understandable, do not use RRAS, but rather use proper IPSec and the Checkpoint.

The Checkpoint IPSec VPN is far more secure, also more secure in that the initial connection is made to a perimeter device, and will perform slightly better with a dedicated device doing the encryption.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question