Site-to-Site VPN with Win2K

  • Thread starter Thread starter wicus001
  • Start date Start date
W

wicus001

Hi,

We have four branches connecting via ADSL VPN to the Head Office.

Each side has an NetGear DG834GT ADSL Router and Windows 2000 is
acting as the VPN server at each side.
From a VPN perspective all is working 100%.

Yet, as we do not have our own static ip's for mail hosting, the mail
server is situated on the Net at our ISP.

All four branches could VPN to Head Office and use their local ADSL
connection to retrieve e-mail from the ISP or browse the web.

Now for the second time, the one branch can VPN to Head Office, but
can't retrieve their e-mail via the ADSL...
From this "faulty" branch's VPN server, I can VPN to HO and connect to
the Net when directly on the server.

Yet any client machines behind the VPN server can not connect to the
internet. (In the past they could though). Any packets send to the Net
is simply terminated at the near side of the VPN server. Pinging the
far side of the VPN server allows for ICMP replies, yet NO packet GOES
NO FURTHER...

The "Enable IP Routing" is ticked within the "IP tab" under the
Routing and Remote Access Properties.

Even the "IPEnableRouter" is set to 1 within the Registry.

ISA server is NOT installed at any of the servers, with no funny
firewall....

I am aware that VPN dial-up clients is NOT allowed to do "split
tunneling". (Intranet and Internet at the same time)

But this is a site-to-site VPN setup, of which they could connect to
the Net via their ADSL connection and VPN to the HO in the past. Now I
can't fix it....

Any guys/gals with knowledge out there to help fix this?

Will be greatly appreciated.
 
Why not implement a mail server at HO to retrieve all maila nd then have
each site collect over the VPN?

You could use something like VPOP3 (www.vpop3.co.uk) to do this for very
little outlay.

This will save you any problems of trying to access VPN for some services
and INternet for mail.

Regards

Mick
 
Assuming routing is not issue here, you may want to check VPN outbound filtering.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Hi,

We have four branches connecting via ADSL VPN to the Head Office.

Each side has an NetGear DG834GT ADSL Router and Windows 2000 is
acting as the VPN server at each side.
From a VPN perspective all is working 100%.

Yet, as we do not have our own static ip's for mail hosting, the mail
server is situated on the Net at our ISP.

All four branches could VPN to Head Office and use their local ADSL
connection to retrieve e-mail from the ISP or browse the web.

Now for the second time, the one branch can VPN to Head Office, but
can't retrieve their e-mail via the ADSL...
From this "faulty" branch's VPN server, I can VPN to HO and connect to
the Net when directly on the server.

Yet any client machines behind the VPN server can not connect to the
internet. (In the past they could though). Any packets send to the Net
is simply terminated at the near side of the VPN server. Pinging the
far side of the VPN server allows for ICMP replies, yet NO packet GOES
NO FURTHER...

The "Enable IP Routing" is ticked within the "IP tab" under the
Routing and Remote Access Properties.

Even the "IPEnableRouter" is set to 1 within the Registry.

ISA server is NOT installed at any of the servers, with no funny
firewall....

I am aware that VPN dial-up clients is NOT allowed to do "split
tunneling". (Intranet and Internet at the same time)

But this is a site-to-site VPN setup, of which they could connect to
the Net via their ADSL connection and VPN to the HO in the past. Now I
can't fix it....

Any guys/gals with knowledge out there to help fix this?

Will be greatly appreciated.
 
Also, you may want to use rpc over http for accessing email.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Hi,

We have four branches connecting via ADSL VPN to the Head Office.

Each side has an NetGear DG834GT ADSL Router and Windows 2000 is
acting as the VPN server at each side.
From a VPN perspective all is working 100%.

Yet, as we do not have our own static ip's for mail hosting, the mail
server is situated on the Net at our ISP.

All four branches could VPN to Head Office and use their local ADSL
connection to retrieve e-mail from the ISP or browse the web.

Now for the second time, the one branch can VPN to Head Office, but
can't retrieve their e-mail via the ADSL...
From this "faulty" branch's VPN server, I can VPN to HO and connect to
the Net when directly on the server.

Yet any client machines behind the VPN server can not connect to the
internet. (In the past they could though). Any packets send to the Net
is simply terminated at the near side of the VPN server. Pinging the
far side of the VPN server allows for ICMP replies, yet NO packet GOES
NO FURTHER...

The "Enable IP Routing" is ticked within the "IP tab" under the
Routing and Remote Access Properties.

Even the "IPEnableRouter" is set to 1 within the Registry.

ISA server is NOT installed at any of the servers, with no funny
firewall....

I am aware that VPN dial-up clients is NOT allowed to do "split
tunneling". (Intranet and Internet at the same time)

But this is a site-to-site VPN setup, of which they could connect to
the Net via their ADSL connection and VPN to the HO in the past. Now I
can't fix it....

Any guys/gals with knowledge out there to help fix this?

Will be greatly appreciated.
 
Unfortunately, each branch WANTS internet access.

The previous mail server solutions would work, yet the problem would still
persist.

Peronally I wish to know what is causing this....

Running "netsh routing ip show filter" reflects no-outbound filters being
applied.

What to do .... ?
 
Back
Top