Eric Pearia 
United States
Member since
10/26/2006
Registered Users
Posts: 223
 |
| 2/04/2008 09:00 PM |
|
I have a shared folder on my sbs2003 server, that I share over my internal network. I have a user that works at a different office and is able to establish a vpn connection to my firewall, and get a internal ipaddress, but can't see any of the shared resources on my sbs2003 server. He is a member of a domain at his office, would this cause a problem? or is my VPN not set up correctly.
I'm using pptp
Thanks,
Eric
|
|
|
|
|
|
Kevin Da Silva
Mississauga, Canada
Member since
1/12/2008
Registered Users
Posts: 579
|
| 2/04/2008 10:18 PM |
|
Have you run the remote access wizard? By the sounds of the user being connected seems as thou you have.
Can the user ping the SBS Server? Does he get prompted for credentials? If not then you have have to take a look at your rules in ISA to ensure communication is not being stopped there.
Install SP3 for ISA and then start the logging and it should tell you whats going on. |
|
MCSE:Messaging, MCTIP, SBS Specialist |
|
|
|
Ben Fisher
Australia
Member since
12/8/2005
Registered Users
Posts: 193
|
| 2/04/2008 11:22 PM |
|
Posted By Eric Pearia on 2/04/2008 09:00 PM
I have a shared folder on my sbs2003 server, that I share over my internal network. I have a user that works at a different office and is able to establish a vpn connection to my firewall, and get a internal ipaddress, but can't see any of the shared resources on my sbs2003 server. He is a member of a domain at his office, would this cause a problem? or is my VPN not set up correctly.
I'm using pptp
Thanks,
Eric
Just to clear this up.
The User is a member of a domainA - but is VPN'ing to your domainB - is this correct?
Does the user have any group policies enforced on their machine?
How are they trying to access the folder?
|
|
|
|
|
|
Eric Pearia
United States
Member since
10/26/2006
Registered Users
Posts: 223
|
| 2/04/2008 11:34 PM |
|
The User is a member of DomainA, he is creating a VPN connection to my Firewall, which puts him on the same LAN as DomainB.
He gets assigned the correct IP address range. When he tries to navigate to my SBS server using "//(Servername)/Share" he gets nothing. When he tries to navigate to the share using //192.168.1.xx/ he gets nothing.
I couldn't ping him from my desktop PC to his IP address the VPN assigned him... should I be able to? I didn't have him ping me.
I am going to test the VPN from home, it's just that this is my first time creating a VPN, so i'm a little lost and trying to stumble my way through it.
I created a PPTP VPN connection to my firewall. The user has a username and password that i set in my firewall, then it assigns them an IP address in the range I specify on the lan i specify. Which I told it to use the Lan that my SBS2003 server is on in an unused IP range. It connects to the VPN fine... that's as far as I got. |
|
|
|
|
|
Ben Fisher
Australia
Member since
12/8/2005
Registered Users
Posts: 193
|
| 2/05/2008 12:03 AM |
|
It doesn't sound like the VPN connection is your problem.
You can test this by looking in Routing & Remote Access console, see if the client appears.
The fact that you can't ping the VPN client could be related to a number of issues.
ISA blocks ICMP for starters. If you're not using ICMP, the client could have a firewall preventing ICMP response.
The client could have a firewall preventing SMB access.
Or... if you're trying to access the share folder using //(Servername)/Share, you need to switch those slashes in favour of backslashes - i.e. \\(Servername)\Share
Regards,
Ben
|
|
|
|
|
|
Eric Pearia
United States
Member since
10/26/2006
Registered Users
Posts: 223
|
| 2/05/2008 12:05 AM |
|
I'm not using ISA on my sbs2003 server...
I'll test it from home, there were a lot of "Ifs" i couldn't test because I wasn't the one sitting behind the helm of the remote computer.
I'll try it from my laptop, and desktop at home tonight and see what I get.
Thanks for the replies. It also sounded to me like the VPN was working like it should have. |
|
|
|
|
|
Eric Pearia
United States
Member since
10/26/2006
Registered Users
Posts: 223
|
| 2/05/2008 01:38 AM |
|
I'm getting the same results at home. It's connecting to the firewall fine, but I can't see any shared resources, or access anything on the network, so something must be wrong.
Hummmmm. |
|
|
|
|
|
Ben Fisher
Australia
Member since
12/8/2005
Registered Users
Posts: 193
|
| 2/05/2008 03:04 AM |
|
What is the result of trying to access the share?
Do you get a prompt for the user name & password?
Do you get an error?
|
|
|
|
|
|
Eric Pearia
United States
Member since
10/26/2006
Registered Users
Posts: 223
|
| 2/05/2008 03:21 AM |
|
I get an error saying it can't be found.
I connect to the VPN flawlessly... there are no errors, it gives me an ip address, under the vpn settings in my firewall its showing that it's terminated to LAN1 which is teh same lan that my network is on... Under the session logs in the firewall, it's showing that I connected to the pptp vpn connection...
but that's it.
I can't access any resource in my internal network.
I can typa \\servername\share get nothing, click on mapped network drives, and get nothing, try to ping computers and get nothing...
it's almost like no traffic is being permitted. I checked the setup guide to my firewall and all the rules I need are in place in the firewall rules.. it's allowing VPN protocalls to "this device" which is the firewall.
Any suggestions? I even disabled windows firewall on my client computer and it made no difference. I wonder if I need some kind of firewall rule in my firewall that i'm over looking. |
|
|
|
|
|
Kevin Da Silva
Mississauga, Canada
Member since
1/12/2008
Registered Users
Posts: 579
|
| 2/05/2008 03:25 AM |
|
Could name resolution be the issue? Do you have a DNS Server listed?
ALthough it does look like its an issue with the actually connection. Customer of mine is having the same issue with a Cisco PIX 501e.
|
|
MCSE:Messaging, MCTIP, SBS Specialist |
|
|
|
Eric Pearia
United States
Member since
10/26/2006
Registered Users
Posts: 223
|
| 2/05/2008 04:02 AM |
|
I wouldn't think that name resolution is the problem considering I can't ping anything internally using the ip addresses. I can't ping my server, or any machine in the office.
I do have a DNS server listed... two actually. I listed my sbs2003 server first, then the DNS of my ISP for the second, I even switched them around, no luck. |
|
|
|
|
|
Ben Fisher
Australia
Member since
12/8/2005
Registered Users
Posts: 193
|
| 2/05/2008 05:44 AM |
|
ISP DNS??
Maybe it's time for the infamous posting of the IPconfig /all
If you perform an nslookup - does it even resolve the server name?
|
|
|
|
|
|
Eric Pearia
United States
Member since
10/26/2006
Registered Users
Posts: 223
|
| 2/05/2008 03:14 PM |
|
|
|
|
|
|
|
Kevin Da Silva
Mississauga, Canada
Member since
1/12/2008
Registered Users
Posts: 579
|
| 2/05/2008 03:20 PM |
|
| Looks like your remote site and your SBS domain are using the same IP address Scheme, I would definately change one or the other as this confusing routing on your system. |
|
MCSE:Messaging, MCTIP, SBS Specialist |
|
|
|
Eric Pearia
United States
Member since
10/26/2006
Registered Users
Posts: 223
|
| 2/05/2008 04:38 PM |
|
So if I changed my home network to a 10.0.0.x network it would work?
I don't want to have to change my work network to a 10 base... that would mess so many things up. I'd have to change so many virtual servers, printers, phone systems, ... it's too late in the game to go that method. |
|
|
|
|
|
Kevin Da Silva
Mississauga, Canada
Member since
1/12/2008
Registered Users
Posts: 579
|
| 2/05/2008 05:18 PM |
|
| That definately looks like its causing an issue. do you have another location that you could try from to see if that works (with a different IP subnet). |
|
MCSE:Messaging, MCTIP, SBS Specialist |
|
|
|
Eric Pearia
United States
Member since
10/26/2006
Registered Users
Posts: 223
|
| 2/05/2008 07:32 PM |
|
When I go home tonight I'll change my IP range at home to 10.0.0.x And see what happens...
There has to be a way to make it work with the same subnet tho... |
|
|
|
|
|
Ben Fisher
Australia
Member since
12/8/2005
Registered Users
Posts: 193
|
| 2/05/2008 10:40 PM |
|
Nope, there isn't.
|
|
|
|
|
|
Ben Fisher
Australia
Member since
12/8/2005
Registered Users
Posts: 193
|
| 2/05/2008 10:42 PM |
|
Also, don't forget that changing IP addresses on Domain Controllers (i.e. SBS) is a nasty process and is highly discouraged.
Yes it can be done, but can cause you more problems than is worth.
|
|
|
|
|
|
Ben Fisher
Australia
Member since
12/8/2005
Registered Users
Posts: 193
|
| 2/05/2008 10:43 PM |
|
You could just change your home subnet to something like 192.168.2.x
|
|
|
|
|
|