1. Home
  2. Virtual Private Networks
  3. Routing issue and VPN issue

Routing issue and VPN issue

Hello. I have two issues that are somewhat related so am posting to both the SBS and the VPN groups. Thanks in advance for your time and help!!!

I have a client with a business at two locations. Location 1 is a Win2k3SBS Domain (192.168.1.x) and Location 2 is a Workgroup (192.168.2.x). There is a Linksys BEFSX41 router at each site connecting the sites via a VPN tunnel.

Now, for the two issues.

Issue 1 - Routing issue: I can reach the Domain from the Workgroup, but not the other way around. The router at the Workgroup location is the DHCP server, whereas the router at the Domain location only provides VPN and Firewall while the SBS machine is the DHCP server. In order for me to be able to access the Domain from the Workgroup, I had to edit the Workgroup workstation's Hosts file and add "192.168.1.5 SBS2003" (without the quotes and where 192.168.1.5 is the I.P. of the Domain Server and SBS2003 is the Computer Name of the Domain Server). In my troubleshooting steps to try to reach the Workgroup from the Domain, I tried something similar. I used the route command on the Domain Server thusly: route add -p 192.168.2.104 mask 255.255.255.255 192.168.1.254 (where 192.168.2.104 is the Workgroup workstation with shared resources that I want to access and 192.168.1.254 is the IP of the Linksys router on the Domain side of the VPN tunnel) I don't think I am completely barking up the wrong tree with this line of troubleshooting, but no matter what I try, I cannot get to the Workgroup from the Domain. I try something like Start, Run, \\\\192.168.2.104 and it takes a long time then comes back and says not found. Any ideas?

Issue 2 - VPN issue: For remote access to the Domain from home, I set up a second VPN tunnel on the Linksys router at the Domain location. No matter what I try, I cannot connect. On the router side, I have fairly basic settings, adding a Pre-shared Key for security. At the remote side (my home PC), I have tried about everything while creating my VPN Connection on a Windows XP Pro machine. Invariably, it tries to connect for a long time and then comes back with "Error 800: Unable to establish the VPN connection. The VPN server may be unreachable, or security paramaters may not be configured properly for this connection." One of my questions is, do I actually need a VPN Server setup on the SBS machine or can I simply use the VPN tunnel to access network shares? How do I use VPN to connect from home?

Thanks again for taking the time to read this and for your help!

-Brian

Reply to
Ebbhead
Loading thread data ...

Don't know the Linksys kit, though may be able to help.

If you aren't going to do much with AD in the workgroup site, then this will work. A more elligant solution may be to see if the router can add host records for you in its DNS resolver. If AD is important in the workgroup or you may be thinking of joining the workgroup clients to the domain, everything DNS related must go through the SBS DNS server, which means either altering the DNS values in the Linksys, or setting up static addresses in the 192.168.2.x subnet.

That was not needed, and was the wrong syntax forthe command anyway. As the default gateway on the 192.168.1.x subnet is the Linksys router (right?), any machine on that subnet wishing to speak to 192.168.2.x would push the packets through the default gateway where routing tables in the routers would push them through the VPN. The route command works on networks and routers, not specific machines.

Have you tried pinging the router at 192.168.2.x from the domain server? Could it be that the workgroup machine has some firewall on it (XP SP2), or is not accepting connections because it is in another theoretical workgroup? Is simple file sharing disabled on that machine?

I don't think it is a network issue, fwiw.

It is better to use the SBS VPN server, but this may not be an option if the Linksys is acting as VPN server, as the ports on your external IP address are going through straight through to the Linksys. I can't help with this issue, unfortunately.

Andrew.

Reply to
Andrew Hodgson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.