| Author |
Message |
olt
Guest
|
 Posted:
Wed Nov 09, 2005 1:50 pm Post subject:
VPN between 2 SBS networks |
|
|
Hi,
I have 2 SBS 2003 (Standard - no ISA) servers and would like to create
a VPN between the two networks (between the 2 public interfaces) to
allow access to shared printers or folders from one network to the
other. I would prefer to achieve this with IPSec rather than PPTP but
at the moment I can't get either of them to work consistently. I have
followed the various KB articles about site-to-site VPNs but still no
luck.
Does anyone have any suggestions about how best to approach this and
are there any particular tricks with SBS2003 - for example: is there
any port filtering in the Windows firewall which might be blocking the
IPSec connections?
Thanks in advance.
Edmund |
|
| Back to top |
|
 |
Nick
Guest
|
| Posted:
Wed Nov 09, 2005 1:50 pm Post subject:
Re: VPN between 2 SBS networks |
|
|
Edmund,
Yes there is an SBS firewall, it is hidden in:
Server managment..Advanced management..Computer management..Routing and
remote access..IP routing..NAT/basic firewall..<NIC card>..properties
As far as I know you will need to turn this firewall off, I could not find
any way to simply allow a range of ports through this for the VPN. You will
of course then require a hardware firewall instead.
NickC
"olt" <edmund.davis@gmail.com> wrote in message
news:1131535652.534485.233370@f14g2000cwb.googlegroups.com...
| Quote: | Hi,
I have 2 SBS 2003 (Standard - no ISA) servers and would like to create
a VPN between the two networks (between the 2 public interfaces) to
allow access to shared printers or folders from one network to the
other. I would prefer to achieve this with IPSec rather than PPTP but
at the moment I can't get either of them to work consistently. I have
followed the various KB articles about site-to-site VPNs but still no
luck.
Does anyone have any suggestions about how best to approach this and
are there any particular tricks with SBS2003 - for example: is there
any port filtering in the Windows firewall which might be blocking the
IPSec connections?
Thanks in advance.
Edmund
|
|
|
| Back to top |
|
|
Javier Gomez [SBS MVP]
Guest
|
| Posted:
Wed Nov 09, 2005 5:50 pm Post subject:
Re: VPN between 2 SBS networks |
|
|
For site-to-site VPN... I would strongly recommend using 2 hardware VPN
routers.
--
Javier [SBS MVP]
www.msmvps.com/javier
<< SBS ROCKS!!! >>
"olt" <edmund.davis@gmail.com> wrote in message
news:1131535652.534485.233370@f14g2000cwb.googlegroups.com...
| Quote: | Hi,
I have 2 SBS 2003 (Standard - no ISA) servers and would like to create
a VPN between the two networks (between the 2 public interfaces) to
allow access to shared printers or folders from one network to the
other. I would prefer to achieve this with IPSec rather than PPTP but
at the moment I can't get either of them to work consistently. I have
followed the various KB articles about site-to-site VPNs but still no
luck.
Does anyone have any suggestions about how best to approach this and
are there any particular tricks with SBS2003 - for example: is there
any port filtering in the Windows firewall which might be blocking the
IPSec connections?
Thanks in advance.
Edmund
|
|
|
| Back to top |
|
|
TimeTraveller
Guest
|
| Posted:
Wed Nov 09, 2005 9:50 pm Post subject:
Re: VPN between 2 SBS networks |
|
|
Agree, Hardware VPN with a couple of Netgear DG834 Routers works a treat and
is extensible as well.
Software VPN has always been "Flaky" at the best of times.
TT.
"Javier Gomez [SBS MVP]" <javier_gomez@REMOVE.THIS.engineer.com> wrote in
message news:%23EzOkWT5FHA.2560@TK2MSFTNGP12.phx.gbl...
| Quote: | For site-to-site VPN... I would strongly recommend using 2 hardware VPN
routers.
--
Javier [SBS MVP]
www.msmvps.com/javier
SBS ROCKS!!!
"olt" <edmund.davis@gmail.com> wrote in message
news:1131535652.534485.233370@f14g2000cwb.googlegroups.com...
Hi,
I have 2 SBS 2003 (Standard - no ISA) servers and would like to create
a VPN between the two networks (between the 2 public interfaces) to
allow access to shared printers or folders from one network to the
other. I would prefer to achieve this with IPSec rather than PPTP but
at the moment I can't get either of them to work consistently. I have
followed the various KB articles about site-to-site VPNs but still no
luck.
Does anyone have any suggestions about how best to approach this and
are there any particular tricks with SBS2003 - for example: is there
any port filtering in the Windows firewall which might be blocking the
IPSec connections?
Thanks in advance.
Edmund
|
|
|
| Back to top |
|
|
win2003 R2
Guest
|
| Posted:
Thu Nov 10, 2005 9:50 am Post subject:
Re: VPN between 2 SBS networks |
|
|
Hi there,
I am just wondering even if you have the vpn setup between two sbs 2003,
how can you share folders between two different ad domains that are not
trusted?
I would appreciate to know how to do that.
"olt" <edmund.davis@gmail.com> wrote in message
news:1131535652.534485.233370@f14g2000cwb.googlegroups.com...
| Quote: | Hi,
I have 2 SBS 2003 (Standard - no ISA) servers and would like to create
a VPN between the two networks (between the 2 public interfaces) to
allow access to shared printers or folders from one network to the
other. I would prefer to achieve this with IPSec rather than PPTP but
at the moment I can't get either of them to work consistently. I have
followed the various KB articles about site-to-site VPNs but still no
luck.
Does anyone have any suggestions about how best to approach this and
are there any particular tricks with SBS2003 - for example: is there
any port filtering in the Windows firewall which might be blocking the
IPSec connections?
Thanks in advance.
Edmund
|
|
|
| Back to top |
|
|
Leythos
Guest
|
| Posted:
Thu Nov 10, 2005 1:50 pm Post subject:
Re: VPN between 2 SBS networks |
|
|
In article <eicohya5FHA.3384@TK2MSFTNGP11.phx.gbl>, tian.lu@itl-
limited.com says...
| Quote: | Hi there,
I am just wondering even if you have the vpn setup between two sbs 2003,
how can you share folders between two different ad domains that are not
trusted?
I would appreciate to know how to do that.
|
By having the same user account and password on both sides. If you have
the same user name/password between them it will let you connect without
a trust.
--
--
spamfree999@rrohio.com
(Remove 999 to reply to me) |
|
| Back to top |
|
|
olt
Guest
|
| Posted:
Thu Nov 10, 2005 1:50 pm Post subject:
Re: VPN between 2 SBS networks |
|
|
Thanks for all your ideas - in fact these 2 SBS servers are in the same
building and share the same external connection so the WAN connection
which links them is actually very local. The link between the two
networks isn't "critical" but I would like to get it working.
The 2 networks have different network addresses so I could simply put a
router between them with a persistent route but I would prefer to get
the VPN working. Any ideas what is needed in terms of the SBS to make
it work? Just "disabling" the RRAS firewall isn't really an option!
Thanks, Edmund |
|
| Back to top |
|
|
Rick S.
Guest
|
| Posted:
Fri Nov 11, 2005 1:50 am Post subject:
Re: VPN between 2 SBS networks |
|
|
Wouldn't this be a serious violation of the EULA for SBS, though?
Would you have to buy a second SBS CAL for each user that wants to access a
second server?
I understand that the per user/device licensing for SBS doesn't work quite
the same as it does for non SBS server products (one CAL is required to
access any number of servers).
Does anyone have the official answer on this?
Thanks,
Rick
"Leythos" wrote:
| Quote: | In article <eicohya5FHA.3384@TK2MSFTNGP11.phx.gbl>, tian.lu@itl-
limited.com says...
Hi there,
I am just wondering even if you have the vpn setup between two sbs 2003,
how can you share folders between two different ad domains that are not
trusted?
I would appreciate to know how to do that.
By having the same user account and password on both sides. If you have
the same user name/password between them it will let you connect without
a trust.
--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
|
|
|
| Back to top |
|
|
Javier Gomez [SBS MVP]
Guest
|
| Posted:
Fri Nov 11, 2005 5:50 pm Post subject:
Re: VPN between 2 SBS networks |
|
|
| Quote: | Wouldn't this be a serious violation of the EULA for SBS, though?
|
Not if you have enough CALs.
| Quote: | Would you have to buy a second SBS CAL for each user that wants to access
a
second server?
|
Correct... two different networks, two different sets of users, two sets of
CALs.
| Quote: | I understand that the per user/device licensing for SBS doesn't work quite
the same as it does for non SBS server products (one CAL is required to
access any number of servers).
|
Actually, its basically the same as with any other Server product is
licensed (except we don't get Per Server mode). If you had 10 Win2k3 servers
as long as you have 1 Device or User CAL you are licensed to access all of
them (SBS CAL or Win2k3 CALs). However, all the servers must be on the same
domain... so this doesn't apply to this case.
Of course, the other difference between SBS vs. plain-vanilla Windows Server
is that they don't enforce licensing compliance the way we do.
| Quote: | Does anyone have the official answer on this?
|
He he he... there are no "official" answers when licensing is involved.
Believe me! :-)
--
Javier [SBS MVP]
www.msmvps.com/javier
<< SBS ROCKS!!! >> |
|
| Back to top |
|
|
Rick S.
Guest
|
| Posted:
Sat Nov 12, 2005 1:50 am Post subject:
Re: VPN between 2 SBS networks |
|
|
Thanks for your reply.
I was not aware that the single device/user CAL was restricted to servers on
the same domain. I don't recall ever seeing this in the EULA.
I think SBS is a great fit for some small businesses, but for one of my
clients, it's come around and bit them in the backside. The client wants to
connect two offices via a VPN to enable users at each office to access files
on the server at the other office. Office 1 has a Windows 2000 Standard
server configured as a DC and Office 2 has a Windows SBS 2003 server. Were it
not for SBS limitations, this would easily be accomplished with a trust
relationship between the two domains. As far as I can tell, the only way to
properly fix this is to either purchase the Transition Pack (Ughh!) or
install Windows 2003 Standard (from scratch?). There are only 5 users
configured on the SBS server so migrating the users to the new install is not
too much trouble and, fortunately, they're not using Exchange, fax sharing,
remote workplace and Sharepoint Services. If we purchase and install Win2003
in place of SBS, can the SBS CALs legitimately be used for Server 2003? Can
we keep our desktop licenses for Outlook 2003? If we forfeit the licenses and
purchase new ones, can the client sell/transfer SBS to another party? Of
course, at Office 1, we will need to "upgrade" the user CALs to Server 2003
CALs.
ATTENTION MICROSOFT: Why not offer a license that would allow a single trust
to be created between two servers specifically, or perhaps even exclusively,
for file sharing.
Rick
"Javier Gomez [SBS MVP]" wrote:
| Quote: | Wouldn't this be a serious violation of the EULA for SBS, though?
Not if you have enough CALs.
Would you have to buy a second SBS CAL for each user that wants to access
a
second server?
Correct... two different networks, two different sets of users, two sets of
CALs.
I understand that the per user/device licensing for SBS doesn't work quite
the same as it does for non SBS server products (one CAL is required to
access any number of servers).
Actually, its basically the same as with any other Server product is
licensed (except we don't get Per Server mode). If you had 10 Win2k3 servers
as long as you have 1 Device or User CAL you are licensed to access all of
them (SBS CAL or Win2k3 CALs). However, all the servers must be on the same
domain... so this doesn't apply to this case.
Of course, the other difference between SBS vs. plain-vanilla Windows Server
is that they don't enforce licensing compliance the way we do.
Does anyone have the official answer on this?
He he he... there are no "official" answers when licensing is involved.
Believe me! :-)
--
Javier [SBS MVP]
www.msmvps.com/javier
SBS ROCKS!!!
|
|
|
| Back to top |
|
|
TimeTraveller
Guest
|
| Posted:
Sat Nov 12, 2005 1:50 am Post subject:
Re: VPN between 2 SBS networks |
|
|
You can easily demote the 2000 server with DCPROMO and join it over the VPN
to the SBS server, this would be fine,
User accounts would be common on both servers with a shared single AD
domain.
Files can be stored locally on each server for each sites own users as well
as users being able to access the remote servers files as well,
This was all permissions etc. would be common
Would mean all clients at the 2000 server end would need to be rejoined to
the domain afterwards.
They could also then use the SBS exchange server via the VPN for everyone's
email
In this scenario the 2000 Svr would take one CAL from the SBS 2003 server.
TT.
"Rick S." <RickS@discussions.microsoft.com> wrote in message
news:90534455-CD1C-4C12-A405-BFE5E0654DE2@microsoft.com...
| Quote: | Thanks for your reply.
I was not aware that the single device/user CAL was restricted to servers
on
the same domain. I don't recall ever seeing this in the EULA.
I think SBS is a great fit for some small businesses, but for one of my
clients, it's come around and bit them in the backside. The client wants
to
connect two offices via a VPN to enable users at each office to access
files
on the server at the other office. Office 1 has a Windows 2000 Standard
server configured as a DC and Office 2 has a Windows SBS 2003 server. Were
it
not for SBS limitations, this would easily be accomplished with a trust
relationship between the two domains. As far as I can tell, the only way
to
properly fix this is to either purchase the Transition Pack (Ughh!) or
install Windows 2003 Standard (from scratch?). There are only 5 users
configured on the SBS server so migrating the users to the new install is
not
too much trouble and, fortunately, they're not using Exchange, fax
sharing,
remote workplace and Sharepoint Services. If we purchase and install
Win2003
in place of SBS, can the SBS CALs legitimately be used for Server 2003?
Can
we keep our desktop licenses for Outlook 2003? If we forfeit the licenses
and
purchase new ones, can the client sell/transfer SBS to another party? Of
course, at Office 1, we will need to "upgrade" the user CALs to Server
2003
CALs.
ATTENTION MICROSOFT: Why not offer a license that would allow a single
trust
to be created between two servers specifically, or perhaps even
exclusively,
for file sharing.
Rick
"Javier Gomez [SBS MVP]" wrote:
Wouldn't this be a serious violation of the EULA for SBS, though?
Not if you have enough CALs.
Would you have to buy a second SBS CAL for each user that wants to
access
a
second server?
Correct... two different networks, two different sets of users, two sets
of
CALs.
I understand that the per user/device licensing for SBS doesn't work
quite
the same as it does for non SBS server products (one CAL is required to
access any number of servers).
Actually, its basically the same as with any other Server product is
licensed (except we don't get Per Server mode). If you had 10 Win2k3
servers
as long as you have 1 Device or User CAL you are licensed to access all
of
them (SBS CAL or Win2k3 CALs). However, all the servers must be on the
same
domain... so this doesn't apply to this case.
Of course, the other difference between SBS vs. plain-vanilla Windows
Server
is that they don't enforce licensing compliance the way we do.
Does anyone have the official answer on this?
He he he... there are no "official" answers when licensing is involved.
Believe me! :-)
--
Javier [SBS MVP]
www.msmvps.com/javier
SBS ROCKS!!!
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in