XPost: microsoft.public.windows.server.sbs   
   From: me3@privacy.net   
      
   On 23 Jan 2006 09:00:08 -0800, "Ebbhead"  wrote:   
      
   >Hello.  I have two issues that are somewhat related so am posting to   
   >both the SBS and the VPN groups.  Thanks in advance for your time and   
   >help!!!   
      
   Don't know the Linksys kit, though may be able to help.   
   >   
   >I have a client with a business at two locations.  Location 1 is a   
   >Win2k3SBS Domain (192.168.1.x) and Location 2 is a Workgroup   
   >(192.168.2.x).  There is a Linksys BEFSX41 router at each site   
   >connecting the sites via a VPN tunnel.   
   >   
   >Now, for the two issues.   
   >   
   >Issue 1 - Routing issue:   
   >I can reach the Domain from the Workgroup, but not the other way   
   >around.  The router at the Workgroup location is the DHCP server,   
   >whereas the router at the Domain location only provides VPN and   
   >Firewall while the SBS machine is the DHCP server.   
   >In order for me to be able to access the Domain from the Workgroup, I   
   >had to edit the Workgroup workstation's Hosts file and add "192.168.1.5   
   >    SBS2003" (without the quotes and where 192.168.1.5 is the I.P. of   
   >the Domain Server and SBS2003 is the Computer Name of the Domain   
   >Server).   
      
   If you aren't going to do much with AD in the workgroup site, then   
   this will work.  A more elligant solution may be to see if the router   
   can add host records for you in its DNS resolver.  If AD is important   
   in the workgroup or you may be thinking of joining the workgroup   
   clients to the domain, everything DNS related must go through the SBS   
   DNS server, which means either altering the DNS values in the Linksys,   
   or setting up static addresses in the 192.168.2.x subnet.   
      
   >In my troubleshooting steps to try to reach the Workgroup from the   
   >Domain, I tried something similar. I used the route command on the   
   >Domain Server thusly:   
   >route add -p 192.168.2.104 mask 255.255.255.255 192.168.1.254   
   >(where 192.168.2.104 is the Workgroup workstation with shared resources   
   >that I want to access and 192.168.1.254 is the IP of the Linksys router   
   >on the Domain side of the VPN tunnel)   
      
   That was not needed, and was the wrong syntax forthe command anyway.   
   As the default gateway on the 192.168.1.x subnet is the Linksys router   
   (right?), any machine on that subnet wishing to speak to 192.168.2.x   
   would push the packets through the default gateway where routing   
   tables in the routers would push them through the VPN.  The route   
   command works on networks and routers, not specific machines.   
      
   Have you tried pinging the router at 192.168.2.x from the domain   
   server?  Could it be that the workgroup machine has some firewall on   
   it (XP SP2), or is not accepting connections because it is in another   
   theoretical workgroup?  Is simple file sharing disabled on that   
   machine?   
      
   >I don't think I am completely barking up the wrong tree with this line   
   >of troubleshooting, but no matter what I try, I cannot get to the   
   >Workgroup from the Domain.  I try something like Start, Run,   
   >\\192.168.2.104 and it takes a long time then comes back and says not   
   >found.   
      
   I don't think it is a network issue, fwiw.   
   >Any ideas?   
   >   
   >Issue 2 - VPN issue:   
   >For remote access to the Domain from home, I set up a second VPN tunnel   
   >on the Linksys router at the Domain location.  No matter what I try, I   
   >cannot connect.  On the router side, I have fairly basic settings,   
   >adding a Pre-shared Key for security.  At the remote side (my home PC),   
   >I have tried about everything while creating my VPN Connection on a   
   >Windows XP Pro machine.  Invariably, it tries to connect for a long   
   >time and then comes back with "Error 800: Unable to establish the VPN   
   >connection. The VPN server may be unreachable, or security paramaters   
   >may not be configured properly for this connection."   
   >One of my questions is, do I actually need a VPN Server setup on the   
   >SBS machine or can I simply use the VPN tunnel to access network   
   >shares?   
      
   It is better to use the SBS VPN server, but this may not be an option   
   if the Linksys is acting as VPN server, as the ports on your external   
   IP address are going through straight through to the Linksys.  I can't   
   help with this issue, unfortunately.   
      
   Andrew.   
   --   
    Andrew Hodgson in Bromyard, Herefordshire, UK.   
   My Email: use .   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)