    I have 2 ofc, main and remote...I want the computers to think that all
    computers are in 1 network...Im able to do a router to router vpn but when i
    try to access the local netwok or the server it stops there

    here: router)>>> router) and 1
    good ping)>>>(Wont reach this server & nic 2)

    is there setting i need or what do i do?

    my point here is that i want all remote pc's to logon to the domain without
    using any SBSvpn icon....

    mike, Apr 10, 2005
  2. mike

    Tony Su Guest

    Hello Mike,

    Based only on what you posted, I don't see that you've configured any static
    Whenever you aren't going through a default gateway and want to connect to a
    subnet at least once removed (at least one network with a different Network
    ID between), your local router won't have any idea what is beyond a network
    that it touches directly.

    NetworkA <> NetworkB <> NetworkC

    In the above diagram, if the routers between each network are <not> the
    default gateway for any network, the router between NetworkA and NetworkB
    will know how to route between those two networks, but won't have any idea
    that NetworkC exists. Same thing for the router between NetworkB and
    NetworkC, it won't know about NetworkA.

    This is where a Static Route is needed. If you add a static route to the
    router between NetworkA and NetworkB saying that something on NetworkB knows
    how to get to NetworkC, all machines in NetworkA now know to send any packets
    destined for NetworkC to the router between NetworkA and NetworkB.

    Once you have your routing issue addressed, you can then consider whether
    you're properly advertising your DC in the remote network.

    Tony Su
    Tony Su, Apr 10, 2005
  3. mike

    Joe Guest

    Nobody is going to answer this, because nobody here can. This isn't an SBS
    issue. Your VPN is created entirely by your routers, and it is the routers which
    determine what can see what. Presumably the remote router is the default gateway
    for machines at the remote office. It needs to know which traffic to route onto
    the Internet unchanged and which to route via its VPN software. Similarly, the
    other router needs to know the same things.

    It looks as if your SBS has two NICs and is acting as a bridge to your LAN. The
    two NICs are on separate subnets, as they must be. You say a machine on the
    remote network can ping the SBS external NIC. This suggests that both routers
    are aware of each others' LANs, and are routing traffic for them correctly. What
    the remote router cannot possibly be aware of is the existence of the additional network on the other SBS NIC. Therefore it is treating traffic for
    that network as 'any other IP address' and is routing it out onto the Internet,
    where of course it cannot go.

    Somehow the remote router must be told that its gateway to the
    subnet is the SBS external NIC, which should in turn tell it that traffic for
    that subnet should go down the VPN. How you tell it that is specific to the
    router in question, hence the SBS people cannot help you. A poor alternative
    would be to tell all machines on the remote network that their gateway to is the SBS. This would have to be done on any other machine you
    might acquire for that network, and really it's the job of the router.

    There is a further issue. Once you've solved the first one and have remote
    machines pinging the SBS internal NIC, you will find they still can't reach
    aything else on the internal LAN. This is a default security feature and *is* an
    SBS issue. Perhaps someone else can help on this as, although I have enabled
    full LAN access, it was months ago and I can't remember the details.
    Joe, Apr 10, 2005
  4. mike

    mike Guest


    Hi If am going to make a static route where am i going to do this? but the
    question is will i be able to log on to the domain without using the sbs vpv

    mike, Apr 11, 2005
