Unable to ping sbs 2003 from vpn client - site-to-site vpn

have a site to site VPN with two sonicwalls they seem to work great. my main
site A scheme is 192.168.1.0./24 with a sbs2003 that runs exchange and remote
web desktop. site B is 192.168.2.0/24 it only has workstations no servers. My
problem seems to be that the sbs 2003 server cannot ping the remote vpn
clients and the remote clients cannot ping the sbs 2003 server. The
workstations can communicate with each other from both sides and they are
able to ping the remote routers. I need the remote workstations to reach the
sbs 2003 server for the remote web desktop and outlook exchange to work for
these remote workstations.

 

assuming all else is OK I suggest trying packet fragmentation tests (related
to MTU).

ping sbs -l 1400 -f

The number following the 'l' is the length of packet and the '-f' tells
TCP/IP not to allow fragmentation of the packet. Slowly increase the length
until the test fails, then compare to the MTU settings (1500 is default).

 

OH, and I should wait for the coffee to kick in.

In what way is ping failing? If pinging by name it may be failing to resolve
the address, try ping by IP and see if it works.

 

1300 is a decent 'ballpark' figure to use. It's best however to play a bit
and see just what length packet you can send over the wire. It's about
'efficiency', and the size of the packet in relation to the header.

--
SBS remote support services. (Fees apply)
mickm at mickmalloy dot dyndns dot org

 

Also, consider that the SBS views the local subnet as 192.168.1.0./24, and
may not be allowing much in the way of access from a subnet not viewed as
local. There are a number of places the adjustment needs to be made, mostly
in IIS, but if you use ISA it will need be configured accordingly as well.

--
-----------------------------------------------
Les Connor [SBS MVP]