Gateway to Gateway VPN and SBS Server 2003

Discussion in 'Windows Small Business Server' started by Diviesh, Nov 7, 2006.

  1. Diviesh

    Diviesh Guest

    I have set-up a Gateway to Gateway VPN(both Netgear FVS318v3) which appears
    to connect fine, i am able to ping from one end for the VPN(remote site) to
    the Wan nic on the server(main site) and from the server(main site) to the
    any machine on the remote site.

    However i am unable to comunicate from the Remote site to the Lan NIC on the
    server at the main site, this is required for drive mapping, exchange server,
    Remote mgmt, and remote assistants and any other domain functions.

    Is their anyway to enable communication betwen the Wan and Lan card so that
    the remote sites have full access to the domain.

    Main Site

    I have a Windows Small Business Server 2003 with 2 Network Cards - one for
    Wan and one for Lan

    Lan NIC IP is and Wan

    Remote Site

    VPN Router(also used as DHCP) and a Test machine

    VPN Router address Test Machine
    Diviesh, Nov 7, 2006
    1. Advertisements

  2. Diviesh

    Joe Guest

    It may not be IP routing within the SBS, although if I remember
    correctly, that may not be enabled by default. Can you ping a
    LAN machine from the SBS-end router diagnostic page? I assume
    it will have a ping test available. If not, hang a machine in
    the SBS WAN network temporarily to try this. If that works..

    Does your remote router know where the network is?
    Presumably the VPN setup tells it that is reached
    through the VPN rather than across the Internet, but the VPN
    configuration should also have some kind of option to tell
    the remote router what other networks can also be reached
    through the VPN. I've never used that model, so I can't help,
    but there may be a page or a tab marked 'static routes' or
    Joe, Nov 7, 2006
    1. Advertisements

  3. Diviesh

    Diviesh Guest

    Hi Joe, thanks for your response

    The set-up that works and communicates perfectly is as follows:

    Main site's Wan Nic<->Main site VPN router<->Rmt Site VPN router<->Rmt site
    mach <-> <->

    Their is full comms through the above and ping works through each IP address

    Their is a static route on the RMT VPN Router to through
    gateway, i also have a static route from the main site vpn to, also through gateway

    The problem i am experiencing is that once the comms hits the servers WAN it
    cannot get through to the servers LAN ( even though they are
    the same machine.

    Communication works perfectly one way from the Servers Lan to any part WAN
    and VPN, even through a machine thats sits on the LAN.

    I have tried disabling the firewall, i have also removed any filters that
    are in the Remote Access and Routing, that could prevent any communications,
    with no joy is their anything else you can advise.
    Diviesh, Nov 8, 2006
  4. Diviesh

    Diviesh Guest

    Hi Bob,

    Thank you for your reply.

    I have inherirted this network so i'm just using what was originally set-up.

    My VPN knowledge is far from perfect and i am trying to learn as much as i
    can, i have no IDEA how to set-up the vpn to accept connections from a router
    to the Server, also NAT is enabled on the router and in the NICs
    Diviesh, Nov 8, 2006
  5. Diviesh

    Joe Guest

    OK, but you still don't know for sure whether it's IP forwarding or
    routing. Can you try what I suggested, and see if you can ping LAN
    machines from the network, either from the main site
    router or another computer temporarily connected in that network?
    From what you say, routing should be correct in both directions from
    there, and a failure will indicate IP forwarding isn't working.

    As far as I know, that should be enabled by the CEIC Wizard, so if
    it isn't working, try re-running that.

    You might also look at the registry key for IP forwarding:
    Joe, Nov 8, 2006
  6. Diviesh

    Diviesh Guest

    I have tried ping from the router to the
    lan card) this does not work.

    but i am able to ping from to and any tunnels off
    that i.e

    communications work one way but not the other they get to the servers wan
    but not through the servers wan to the servers lan(even though they are the
    same machine)

    also what is the CEIC Wizard and how can i run it
    Diviesh, Nov 8, 2006
  7. Diviesh

    Diviesh Guest

    also i have used configure email and internet wizard a number of times and
    ensured that the firewall has been disabled and confguration seems ok
    Diviesh, Nov 8, 2006
  8. Diviesh

    Joe Guest

    Joe, Nov 9, 2006
  9. Diviesh

    Joe Guest

    No, you're not actually pinging from, the ping is sent
    according to the SBS routing table, from the WAN NIC in this case.
    And for any ping to work, routing in both directions must be right,
    for both the ping and the reply.
    I see from your other post you know, the Email and Connect to Internet

    Re-reading everything:

    A LAN workstation can ping the local router, and presumably also use
    the Internet, or you'd have mentioned that.

    In that case, routing is working both ways between LAN and router,
    and also IP forwarding.

    If you are able to ping the router from a LAN machine, but not a
    LAN machine from the router, then there is a firewall/packet filter
    issue somewhere. If you can't even reach the SBS LAN NIC from the
    router, it would appear to be the SBS itself. You say you have
    removed filtering from the SBS, but I think you must have missed
    something. There are quite a few places in SBS where packet
    filtering can be applied, and I'm afraid I don't recall all of
    them. Since it replies to pings on the WAN NIC, it doesn't have
    pings disabled. But if web pages can get back to LAN workstations
    through the SBS, then it can't be stopping all communication
    that way.

    Sorry, I can't go any further, possibly someone else can help.
    Joe, Nov 9, 2006
  10. Diviesh

    StickShift Guest

    I have always been lead to believe 192.168 addresses cannot be routed.
    Routers and routing software specifically check for and will not pass these
    addresses. Try switching the network to use 10.nnn.nnn.nnn addresses. This
    range is still private but can be routed.
    StickShift, Jan 8, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.