Site-Site Router-Router VPN

[Loopy via WinServerKB.com]

I'm trying to set up a site-2-site vpn. Two SBS-2003-SP2 servers. Each is a
DC for its local LAN. Each has 2 NIC. One on the LAN and one on the WAN.
Each server gets to the internet via a D-Link DFL-210 router/firewall.

[LAN] -- [LAN NIC---SBS server---WAN NIC] -- [DFL-210] -- [Internet]

I can establish an IPSec tunnel between the routers and ping to the router
[DFL-210] at each end, but can't ping the server's WAN NIC. VPN *is* checked
in the "Configure Firewall" settings of the SBS-2003.

If I disable the SBS-2003 internal firewall, then I *can* ping to the WAN NIC,
but still can't ping through to the LAN NIC at each end?

Thanks.

Loopy

--
Message posted via WinServerKB.com
http://www.winserverkb.com/Uwe/Forums.aspx/windows-security/200809/1

 

[Anteaus]

From what I've read of its spec, the DFL-210 includes a VPN server rather
than the VPN gateway typically found on budget routers. It sounds like you
are trying to use it as a gateway. A gateway forwards requests to a VPN
server on your LAN, but that is all, it has no 'intelligence' in itself. The
VPN server OTOH should need no other support, if configured correctly it
should link the two networks at Ethernet level without any intervention from
the SBS server. It may be a requirement that the two networks use different
IP ranges, this is often the case.

Bear in mind I've not used this model, just judging from its spec, which
indicates it to be a full VPN appliance rather than a gateway.

"Loopy via WinServerKB.com" wrote:

> I'm trying to set up a site-2-site vpn. Two SBS-2003-SP2 servers. Each is a
> DC for its local LAN. Each has 2 NIC. One on the LAN and one on the WAN.
> Each server gets to the internet via a D-Link DFL-210 router/firewall.
>
> [LAN] -- [LAN NIC---SBS server---WAN NIC] -- [DFL-210] -- [Internet]
>
> I can establish an IPSec tunnel between the routers and ping to the router
> [DFL-210] at each end, but can't ping the server's WAN NIC. VPN *is* checked
> in the "Configure Firewall" settings of the SBS-2003.
>
> If I disable the SBS-2003 internal firewall, then I *can* ping to the WAN NIC,
> but still can't ping through to the LAN NIC at each end?
>
> Thanks.
>
> Loopy
>
> --
> Message posted via WinServerKB.com
> http://www.winserverkb.com/Uwe/Forums.aspx/windows-security/200809/1
>
>

 

[Kerry Brown]

"Loopy via WinServerKB.com" <u22983@uwe> wrote in message
news:89914810273b6@uwe...
> I'm trying to set up a site-2-site vpn. Two SBS-2003-SP2 servers. Each is
> a
> DC for its local LAN. Each has 2 NIC. One on the LAN and one on the WAN.
> Each server gets to the internet via a D-Link DFL-210 router/firewall.
>
> [LAN] -- [LAN NIC---SBS server---WAN NIC] -- [DFL-210] -- [Internet]
>
> I can establish an IPSec tunnel between the routers and ping to the router
> [DFL-210] at each end, but can't ping the server's WAN NIC. VPN *is*
> checked
> in the "Configure Firewall" settings of the SBS-2003.
>
> If I disable the SBS-2003 internal firewall, then I *can* ping to the WAN
> NIC,
> but still can't ping through to the LAN NIC at each end?
>


I have a couple of locations that use these routers and site to site VPNs.
The server needs to be configured with a single NIC for this to work.

--
Kerry Brown
MS-MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/
http://vistahelpca.blogspot.com/