Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

VPN issues

0 views

Skip to first unread message

Sriram

unread,

Aug 22, 2005, 6:29:24 PM8/22/05

Friends,
My second problem for today is getting my VPN setup on my SBS 2003
machine working. I ran the "configure remote access" wizard from the
server management console, and when I try to connect (from my laptop at
my house running XP Pro to the SBS 2003 machine in my office), it does
authenticate, and I do get an IP address for the connection. The output
from the ipconfig on my laptop after the connection's made is listed at
the end of this message. After connecting, I cannot browse to any
machines via IP address or NETBIOS name, but I can ping the SBS machine
itself (192.168.0.101), only by IP address. Trying to ping by name will
not resolve. I was thinking maybe because my router at home and the
network at my office coincidentally share the same subnet. I guess I'll
try changing the subnet at home and see if it works out; if any of you
have any other advice, do let me know. Thank you in advance.
Sriram

Windows IP Configuration

Host Name . . . . . . . . . . . . : sriram-laptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . :
ChicagoEstimatingCorporation.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 570x Gigabit
Integrated Con
troller
Physical Address. . . . . . . . . : 00-11-43-46-C1-49
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.103
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
Lease Obtained. . . . . . . . . . : Monday, August 22, 2005
11:27:36 AM
Lease Expires . . . . . . . . . . : Monday, August 29, 2005
11:27:36 AM

PPP adapter Connect to Small Business Server:

Connection-specific DNS Suffix . :
ChicagoEstimatingCorporation.local
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.18
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 192.168.0.18
DNS Servers . . . . . . . . . . . : 192.168.0.101
Primary WINS Server . . . . . . . : 192.168.0.101

Edward Tian

unread,

Aug 22, 2005, 10:00:32 PM8/22/05

Dear Sriram:
Thank you for posting here!

From your description, I notice that both your remote VPN client and your
SBS server are using a same subnet network (192.168.0.0/255.255.255.0). You
are right! That is the root cause of your issue.

Technically speaking, the system uses route table to route IP traffics. By
default, the local subnet does not need route. The system will use
broadcast to find local clients or send traffic directly to the local
address. In your case, the remote client has the IP address which is in the
range of your local subnet. Once the VPN client tries to access the
resource in the destination network (where the VPN server resides), it will
not find the way out since its route table treat the request as a local
network request. That's why there is no response from the server.

1. To resolve this issue, we need to use different subnet addressing in the
VPN client and VPN server sites. For example, assign 192.168.1.x to the VPN
client side and 192.168.0.x to the SBS Server side. That is the recommended
configuration to establish a VPN connection. In this way, the traffic will
be sent to the right destination.

2. I would also like to provide a workaround to you if it seems difficult
to change the subnet addressing.
To work around this problem, you can try the following method:

In your client, add a static routing after the VPN connection is
established.
- Click Start, Run, type CMD
- Type "route add <remote end IP> MASK 255.255.255.255 <IP address of your
VPN PPP adapter>"
- Type "route print". You will see a routing entry is added. The
destination IP is the route end client's IP. Subnet MASK is
255.255.255.255. The Gateway is your VPN gateway's IP.
In this way, we need to add multiple <remote end IP> if we want to access
the shares on several internal clients. Obviously it costs time to do these
repetitious configurations. So it is just a workaround for your reference.

I hope the above information helps. Please feel free to let me know if
anything is unclear.

Have a nice day! :-)

Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

0 new messages