Guest Loopy via WinServerKB.com Posted September 2, 2008 Posted September 2, 2008 I'm trying to set up a site-2-site vpn. Two SBS-2003-SP2 servers. Each is a DC for its local LAN. Each has 2 NIC. One on the LAN and one on the WAN. Each server gets to the internet via a D-Link DFL-210 router/firewall. [LAN] -- [LAN NIC---SBS server---WAN NIC] -- [DFL-210] -- [internet] I can establish an IPSec tunnel between the routers and ping to the router [DFL-210] at each end, but can't ping the server's WAN NIC. VPN is checked in the "Configure Firewall" settings of the SBS-2003. If I disable the SBS-2003 internal firewall, then I can ping to the WAN NIC, but still can't ping through to the LAN NIC at each end? Thanks. Loopy -- Message posted via WinServerKB.com http://www.winserverkb.com/Uwe/Forums.aspx...curity/200809/1 Quote
Guest Anteaus Posted September 9, 2008 Posted September 9, 2008 From what I've read of its spec, the DFL-210 includes a VPN server rather than the VPN gateway typically found on budget routers. It sounds like you are trying to use it as a gateway. A gateway forwards requests to a VPN server on your LAN, but that is all, it has no 'intelligence' in itself. The VPN server OTOH should need no other support, if configured correctly it should link the two networks at Ethernet level without any intervention from the SBS server. It may be a requirement that the two networks use different IP ranges, this is often the case. Bear in mind I've not used this model, just judging from its spec, which indicates it to be a full VPN appliance rather than a gateway. "Loopy via WinServerKB.com" wrote: <span style="color:blue"> > I'm trying to set up a site-2-site vpn. Two SBS-2003-SP2 servers. Each is a > DC for its local LAN. Each has 2 NIC. One on the LAN and one on the WAN. > Each server gets to the internet via a D-Link DFL-210 router/firewall. > > [LAN] -- [LAN NIC---SBS server---WAN NIC] -- [DFL-210] -- [internet] > > I can establish an IPSec tunnel between the routers and ping to the router > [DFL-210] at each end, but can't ping the server's WAN NIC. VPN is checked > in the "Configure Firewall" settings of the SBS-2003. > > If I disable the SBS-2003 internal firewall, then I can ping to the WAN NIC, > but still can't ping through to the LAN NIC at each end? > > Thanks. > > Loopy > > -- > Message posted via WinServerKB.com > http://www.winserverkb.com/Uwe/Forums.aspx...curity/200809/1 > > </span> Quote
Guest Kerry Brown Posted September 9, 2008 Posted September 9, 2008 "Loopy via WinServerKB.com" <u22983@uwe> wrote in message news:89914810273b6@uwe...<span style="color:blue"> > I'm trying to set up a site-2-site vpn. Two SBS-2003-SP2 servers. Each is > a > DC for its local LAN. Each has 2 NIC. One on the LAN and one on the WAN. > Each server gets to the internet via a D-Link DFL-210 router/firewall. > > [LAN] -- [LAN NIC---SBS server---WAN NIC] -- [DFL-210] -- [internet] > > I can establish an IPSec tunnel between the routers and ping to the router > [DFL-210] at each end, but can't ping the server's WAN NIC. VPN is > checked > in the "Configure Firewall" settings of the SBS-2003. > > If I disable the SBS-2003 internal firewall, then I can ping to the WAN > NIC, > but still can't ping through to the LAN NIC at each end? ></span> I have a couple of locations that use these routers and site to site VPNs. The server needs to be configured with a single NIC for this to work. -- Kerry Brown MS-MVP - Windows Desktop Experience: Systems Administration http://www.vistahelp.ca/phpBB2/ http://vistahelpca.blogspot.com/ Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.