Unable to ping sbs 2003 from vpn client - site-to-site vpn

Discussion in 'Windows Small Business Server' started by Madmxx, May 4, 2009.

  1. Madmxx

    Madmxx Guest

    have a site to site VPN with two sonicwalls they seem to work great. my main
    site A scheme is 192.168.1.0./24 with a sbs2003 that runs exchange and remote
    web desktop. site B is 192.168.2.0/24 it only has workstations no servers. My
    problem seems to be that the sbs 2003 server cannot ping the remote vpn
    clients and the remote clients cannot ping the sbs 2003 server. The
    workstations can communicate with each other from both sides and they are
    able to ping the remote routers. I need the remote workstations to reach the
    sbs 2003 server for the remote web desktop and outlook exchange to work for
    these remote workstations.
     
    Madmxx, May 4, 2009
    #1
    1. Advertisements

  2. assuming all else is OK I suggest trying packet fragmentation tests (related
    to MTU).

    ping sbs -l 1400 -f

    The number following the 'l' is the length of packet and the '-f' tells
    TCP/IP not to allow fragmentation of the packet. Slowly increase the length
    until the test fails, then compare to the MTU settings (1500 is default).
     
    SuperGumby [SBS MVP], May 4, 2009
    #2
    1. Advertisements

  3. OH, and I should wait for the coffee to kick in.

    In what way is ping failing? If pinging by name it may be failing to resolve
    the address, try ping by IP and see if it works.
     
    SuperGumby [SBS MVP], May 4, 2009
    #3
  4. 1300 is a decent 'ballpark' figure to use. It's best however to play a bit
    and see just what length packet you can send over the wire. It's about
    'efficiency', and the size of the packet in relation to the header.

    --
    SBS remote support services. (Fees apply)
    mickm at mickmalloy dot dyndns dot org
     
    SuperGumby [SBS MVP], May 4, 2009
    #4
  5. Also, consider that the SBS views the local subnet as 192.168.1.0./24, and
    may not be allowing much in the way of access from a subnet not viewed as
    local. There are a number of places the adjustment needs to be made, mostly
    in IIS, but if you use ISA it will need be configured accordingly as well.

    --
    -----------------------------------------------
    Les Connor [SBS MVP]

     
    Les Connor [SBS MVP], May 4, 2009
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.