SBS2003 VPN and IIS Connection Problem .. help

[JoshIE490]

I have SBS2003 Successfully running on a small network. The subnet of this network is 192.168.0.0/24 for now. My problem exists in remote offices connecting to this network. The second office 192.168.5.0/24 connects to a Symantec VPN router and the tunnel is functioning. I can remote desktop into clients and the server but can't join the domain or access the company intranet website.

IIS is telling me that my IP address on the 192.168.5.0/24 network is not allowed. How can I configure the network to trust and communicate the remote subnet 192.168.5.0/24? Is this a routing issue? Do I have to run Remote Services to authenticate users even though a tunnel is already established?

Any help would be extremely appreciated. Thanks
Josh

 

[markdmac]

In IIS right click the site and choose properties. Click the Directory Security Tab. The middle option (IP Address and Domain Name Restrictions) is where you can specify the subnets allowed to access your site.

Sounds like the problems with joining the domain are probably related to DNS.

I hope you find this post helpful.

Regards,

Mark

 

[JoshIE490]

Thanks for the response. I have tried that setting and I am still denied. I am sure that this is a DNS issue, I just don't know how to make it work.

Can anyone help?

thanks mark

Josh

 

[markdmac]

Do you have a server at both locations or just the main site? How are the clients at the remote site configured for DNS?

I hope you find this post helpful.

Regards,

Mark

 

[JoshIE490]

I have one server at the main site running Win 2003 SBS(IP 192.168.0.250). The remote offices login thru a vpn endpoint on a Symantec 360R router.
Local : 192.168.0.0/24 router= Symantec 360R
Remote1: 192.168.5.0/24 router= Linksys BEFSX41

These are not active yet:
Remote2: 192.168.10.0/24 router= Symantec 200R
Remote3: 192.168.20.0/24 router= Linksys WRV54G
Remote4: 192.168.30.0/24 router= Linksys BEFSX41
Remote5: 192.168.40.0/24 router= Linksys BEFSX41
I can ping and remote desktop from 192.168.0.x to 192.168.5.x so I know the tunnel and tcp/ip communication is working.

The clients remote site config for DNS is my quandrary. The vpn tunnel is not a global tunnel so the clients use the local ISP DNS to access the web. Do I need to specify DNS entries to talk to the Domain on 192.168.0.0/24 ?

Any Help will shorten my head scratching this upcoming looong weekend. Thanks
Josh.

 

[markdmac]

Yes, that is your problem. Your clients need to get their DNS from your domain and not the ISP. that is why you can't join the domain. When your client is trying to join the domain it is asking an Internet DNS server where to find the domain and it is replying "Whatchoo talkin bout Wilis?"

I hope you find this post helpful.

Regards,

Mark

 

[JoshIE490]

Thanks for your responses. I found a LAN / VPN DNS Server address setting in my symantec routers that forwards the DNS lookups thru the vpn tunnel to the 2003 SBS first before using the local dns addresses.

This worked perfectly. All I have to do is find out if the Linksys WRT54G and Linksys BEFSX41 have Local DNS abilities as well.

thanks

Josh