Hi all,

 

We have an Windows SBS 2003 R2 Premium server (with ISA 2004) and about 10 PC's in one LAN. The SBS 2003 Server has two NIC's (1 LAN 192.168.100.x and 1 WAN 192.168.200.x). The WAN NIC is connected to an router, which is connected to the internet.

 

The 10 clients need an VPN Connection to a main office to start an Citrix session. Before the SBS Server was installed, all clients started an seperate VPN Connection with the main office and then they started an Citrix session. Because of the fact that 10 VPN connections from one public IP gave a lot of problems, we want to make one VPN session by the SBS 2003 server. Then the clients can connect to Citrix without first setting up a VPN connection.

 

To test the situation, we've created an VPN Dial UP Adapter on de SBS 2003 Server. When we connect de VPN, all the 10 Clients can directly start the Citrix session. The problem is that after we restart the fileserver, we first have to log in and start the VPN Dialup., before the clients can start Citrix.

 

Is there a way to make the connection permanent and  redial after it's dropped (restart server, breakup VPN etc...)???

 

Thanks,

 

Robbert

You should be able to do that with ISA. Have a look here to get an idea how you do that:

 

How to add an additional Domain Controller from a remote office to the SBS domain - Part 3:
http://www.smallbizserver.net/Default.aspx?tabid=266&articleType=ArticleView&ArticleID=225&PageID=361

Mariette,

 

The article you gave me describes that the SBS Server is the main office??? I Need the other way... Our SBS Server needs to make a permanent VPN Connection to the Main Office. In fact i want to do ISA the job. In other words; Is it possible to let ISA monitor the VPN connection (dial up) and bring it up everytime it breaks up ???

 

Thanks,

 

Robbert

Hi Robbert,

 

You may want to read this:

 

Site-to-Site VPN in ISA Server 2004:
http://technet.microsoft.com/en-us/library/cc302474.aspx

Hello,

 

We have a very similar situation. We need to use a Remote access VPN connection to our parent company's network via the Cisco VPN client. I have opened the proper ports within ISA and our hardware firewall/router to allow for the traffic. I can make the connection and it stays active, however DNS is not resolving to the parent company's internal network. IPCONFIG /all shows the VPN connection and the proper dns server at the remote location, but it wont use the remote DNS server and falls back to the DNS address of my local SBS. When you try and browse a remote website on their internal network, ie. 'https://intranet," you get a proxy error from ISA.

  

Windows IP Configuration

        Host Name . . . . . . . . . . . . : sysadm1
        Primary Dns Suffix  . . . . . . . : credoinstitute.office
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : cpg.org
                                            credoinstitute.office

 

Ethernet adapter Local Area Connection 2:

        Connection-specific DNS Suffix  . : credoinstitute.office
        Description . . . . . . . . . . . : Realtek RTL8169/8110 Family GigabitEthernet NIC
        Physical Address. . . . . . . . . : 00-50-8D-B7-71-E4
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 10.10.1.20
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 10.10.1.1
        DHCP Server . . . . . . . . . . . : 10.10.1.1
        DNS Servers . . . . . . . . . . . : 10.10.1.1
        Primary WINS Server . . . . . . . : 10.10.1.1
        Lease Obtained. . . . . . . . . . : Monday, October 13, 2008 1:41:22 PM
        Lease Expires . . . . . . . . . . : Tuesday, October 21, 2008 1:41:22 PM

Ethernet adapter Local Area Connection 3:

        Connection-specific DNS Suffix  . : cpg.org
        Description . . . . . . . . . . . : Cisco Systems VPN Adapter
        Physical Address. . . . . . . . . : 00-05-9A-3C-78-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 10.0.17.61
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . : 10.0.11.56
        Primary WINS Server . . . . . . . : 10.0.11.17

 

C:\Documents and Settings\caustin>nslookup
DNS request timed out.
    timeout was 2 seconds.
*** Can't find server name for address 10.0.11.56: Timed out
Default Server:  sbssrv.credoinstitute.office
Address:  10.10.1.1

 

Any ideas on how to allow these VPN Connections to use a different DNS server?

 

Also, I was told that since our network is configured on one single internet addressable IP, that it would help to get a block of ips from our ISP to give to outbound VPN clients their own ips to connect to CPG. Is this easy to configure? If so, what's the first step after receiving the new block?

 

Thanks,

 

Chris

Chris,

 

When you use the Cisco VPN Client, is there also a way to tell the client that it must use the external network gateway ?

For example: When you use just the Microsoft Dialup VPN, you can setup the external gateway to be used as default. This is handled in the IP Properties at the Dialup VPN Connection.

The VPN Connection will then always use the external gateway to do the name resolving etc. You should be able to do a nslookup etc.

 

Greetz,

Robbert

Unfortunately, there isn't even a gateway listed under the VPN ipconfig section above. On the cisco client software I see no option to allow for external gateway. The only option available is allow local lan access and thats not the problem.

 

It strange that I can ping the remote dns server (10.0.11.56) fine while connected to the VPN but when I try to nslookup it always defaults back to my SBS. See nslookup above.

 

Any other ideas?

 

How about the IP Gobal Pool for VPN outbound traffic?

 

Thanks.

Hi Christopher,

 

Why do you need to use the Cisco VPN software?

Hi Christopher,

 

Without having the complete information like the ipconfig/all from the server, the details of the remote office and from where you are wanting to use that Cisco software, it is very difficult to give you any clues.

Please scroll up to see the ipconfig /all and nslookup.

 

I have no details on the network where I am trying to connect.

 

They simply give me an ip of their RADIUS server that I enter into the CISCO software.

 

It connects as the ipconfig /all shows but it can't resolve any URLs on their internal network because all lookup requests fall back to my SBS.

 

Do you know anything about IP Global pools for VPN traffic?

 

Thanks,

 

Chris not Christopher...

Hi Chris,

 

From what device is that ipconfig? From where are you running that Cisco software?

Hi Chris,

 

The foreign DNS on the server's external nic needs to be removed. You can also remove the WINS on that external nic. Rerun CEICW.

The client is showing a foreign DNS suffix entry, which is likely added by that Cisco software and causing the problems.

Hi Chris,

 

If I have time, I will respond. Sometimes I have other things to do.

DNS on the server nic(s) and clients should only point to the SBS internal IP. The foreign ISP DNS numbers are put in the Forwarders of the DNS server.

Hi Chris,

 

Look again at the server ipconfig. That foreign DNS does NOT come from the Cisco VPN adapter. Remove it please,.