Help With VPN and 2 Routers on SBS 2003

Ok, so I know some networking stuff but, for the most part I don't know a lot about networking. So, I found this site and thought I give it a shot. So, here's the deal. I currently have a VPN set up at work for our laptops but, was wondering can a VPN work for desktops as well? Or is it just for laptops? I've tried connecting before and was able to get the network drives just nothing else. The laptops that have the VPN set up on is nice because it is like they're sitting at their desktop when at home having everything accessible. Was wondering if the same is possible for desktops. And then my last question is we currently have two ISP but, everyone on one ISP just seems to eat away at the bandwidth so things tend to go slow at times. I was able to set up both routers with the correct ISP setting but, if someone is on the one not connected to the server they don't get email just internet. Is there a way to make this work?? I hope someone out there can help me out. Sorry for the long post, just wanted to be descriptive. :confused

 

Yes VPN works on desktops. I not sure I understand about why you have 2 seperate ISP's though

 

If you could help me out with how to set up vpn on desktops I would greatly appreciate it. The two ISP thing is kind of a long story. To keep things short we had thought we canceled one and stuck with our new one but, that was a whole different story so for now we have two ISPs so I'm trying to put them both to work if possible. For the vpn I can get everything to work on laptops but, for desktops the most I can is network drives. What am I doing wrong? When I try opening up outlook it tells me that exchange unavailable and then when I click that it tells me my ost is not an offline folder or file. Please help with what you can. Any tips are greatly appreciated.

 

"VPN" has become somewhat of a broad term. What type of VPN are you talking about? There are SSL VPNs and IPSec VPNs. Some SSL VPNs will just act as kind of a proxy for internal web based applications, some will do predefined port redirection, and some will act as a client/server VPN--adding the client computer to the internal network of the organization being accessed. Some client/server setups split tunnel and others don't. Then there's the IPSec flavor, which can also do client/server configurations but, in LAN-to-LAN configurations, can require a VPN concentrator on both ends to act as a peer. With the latter type scenario you have to worry about the potential for private IP range conflicts between the networks, etc, etc, -- Not to mention being absolutely certain that everything is configured exactly the same on both VPN peers.

VPNs can be complex. Do you have a technical contact you can speak with at the organization you want to connect to? That person (probably a network administrator) would most likely be the greatest source of help to you. At this point, I'm assuming that you are most likely referring to a client/server setup. The network administrator will most likely need to provide you with client software and/or explain to you how to obtain and install it. The network administrator could potentially inform you that it's against their policy to add foreign equipment (in this case, your desktop) to their network due to associated risks like malware. In that case you'll be out of luck.

Unfortunately, there are a lot of variables.

 

WOW! I had no idea there was so many variables to a VPN. Well, to make things a bit more interesting I am the company's IT person (do just about everything IT related and a bit more) that is trying to do all this. The only thing is I don't have anyone above me to go to for advice or help. The way I had the VPN set up on the laptops was by running "Set up new connection" in "network connections" and typed in the information needed and it work great. As for any software I am using any or know if I need to. What I am trying to do is have my home desktop connect to work desktop. So far all the information I have is the IP address and domain information and for the laptops thats work fine but, not for desktops. I hope this helps explain with what I am trying to do. Unfortunately, I am the only point of contact and any other support I can get a hold of by phone or web.

 

It sounds like you're most likely using the Windows native VPN "Network Connection" to establish either a PPTP or an L2TP/IPSec connection to a hosting server. Unfortunately, this isn't something I've played with much. Have you compared the properties of the connection on the laptop with the properties of the connection on the desktop to make sure they are identical? I'd go through every tab and every "settings" button and compare them side-by-side.

 

I will give it a shot. The only thing that is different that I dont know if it matters or not. But, the laptops that have a vpn on it are taken home by the users so they have everything right there. They just needed to be added to a vpn to continue to be connected to the domain rather than remote web. When you say compare settings are you just talking about the connection part when setting up the vpn? Because there are only 2 things I can input there, the ip address and the domain other than log in information its the same on both laptops and desktops.

 

I'm guessing the laptops are joined to a Domain? When you try logging in with your desktop is the domain asking you for login credentials? If it is, try inputing your username as follows: domainname\username & then your password. The \ between the domain & username is very important in this scenario

All the VPN's I've used required a "client" as well as a "certificate" that had to be imported to the client. I've always set it up the exact same way wheather it be a desktop or laptop

 

Both the laptops and desktops are part of the domain. Its just the home desktops that are not a part of the domain. Which I wonder is part of the problem. Logging into the vpn asks both laptop and desktop for their login credentials I will give the "\" a try but, didnt need it for the laptops to work. When someone wants to log in through the vpn from their laptop they just type: name@domain and then their password and it works. If it helps its a PPTP VPN.

 

That's my point, the laptops are in the domain, the desktops are not which is why I suggest this approach. lets say domain name is "abc" & the user is "joe", the login would be: abc\joe

 

Serious Sam - You may have struck on it. The domain logon is probably the issue. The "home" machine is not on a domain. Therefore when jguy6 connects the only access he has are to the resources that do not require domain authentication. The laptops when used in work are connected to a domain AND when taken home they still logon to a "domain" using the stored credentials. When they establish the VPN connection and try to access a domain resource the DC is passed the stored credentials which are valid and access is granted. Therefore, perhaps if jguy6 uses the domain logon that you suggest and matching the one he uses at work....all will be good.

 

Thanks Serious Sam. Sorry, I didn't quite understand you correctly. I will give it a shot when I get home and see how things go. Thanks for the help everyone. Hopefully this works. Will reply after I give this a try.

 

I failed to ask....what kind of VPN device are you using? Is it simply a server set up for RAS and VPN? Or is it a router that has VPN capability? If a router, how is the user authentication handled? Is it RADIUS?

 

well I gave the vpn a shot last night with adding the "\" and still no luck. I'm starting to wonder if I have the vpn configured correctly. jconstan to answer your question I believe it is a RAS with vpn because all I did was run through the set up on small business server 03 and after that just inputted the ip address and domain information on the laptops and everything was good. as for desktops that is a different story. So, far all Ive been able to get are network drives. When ever I try opening outlook (from home computer) it says exchange is unavailable. did anyone know if the two ISP thing is possible? Just wondering if I can have two ISP on sbs 03 to help ease up bandwidth. long story short thought we canceled one but, found it wasn't so I'm trying to put them both to work if possible.

 

I was talking about your home machine coming in via VPN...is that what you are referring to as a desktop system...OR is it something else? If we are in fact talking about your home desktop system that is not working...perhaps we should go through the login process and then join the domain and see if that gets you going.

 

Oh, sorry all I do for home computer is open up network connections and then choose setup new connection and then select connect to a workplace. After that I just input the ip address and then the domain name and I am able to connect. But, can only get network drives. Sound right?

 

OK.....when you bring up the VPN connect screen.....there is a properties button. If you select it, a screen comes up that includes an option tab. click on the options tab a check the windows domain logon box. See if that helps you out.

 

Lets talk about the two ISP thing for a moment. The short answer is maybe, but it depends on several things. I should think using them both for output would not be a problem, but if you need Internet users to have access to machines in your domain by domain name (like email, web services) then things get more complicated. I would have to know much more about what your setup is and what you want to do before I could provide a definitive answer.

 

For the two ISP thing what I would like to do if possible. Is run email off of one ISP and internet off the other. Right now we have a T1 1.5 mbps about 15 users and it just doesnt seem to be enough bandwidth for what we do. My boss complains constantly that its too slow. The other ISP is DSL up to 15 mpbs but, for the most part generally idles around 5 mbps. So the T1 is in question if its really worth the money than just using the DSL. Right now my current setup is our T1 line going through our wireless router and then the server connected through the router and the rest of the clients connected through a 24 switch. please keep in mind I dont know a lot about networking but understand the basics. tried the domain thing with the vpn as well still no go. Should both computer be connected to the vpn to work. (home and work) tried both ways both ways one with both connected and one with only one still no go. Thanks for all the help.

 

ISP - This is general and not verbatim. You would need a router with two WAN ports. You didn't tell me which interface the email server is on so I'll assume the DSL. You then need to port forward the DSL link to the email server. You then need to change the MX record in the DNS to point to the public IP address of the DSL line. Configure that DSL line to only allow port 25 and port 110 traffic, unless its your web server to, in which case you'll need to change some more DNS records and do a little more port forwarding. Now all the other traffic should go over the T1 link.

I have no more ideas concerning your VPN problem.

 

:cryI would Like to know were should I look for help to set up TpLink router pluss my sound device is also not working and I dont know how to go about it please help did ask for help before but got no reply so were would I find the answer also and I thank you to anyone that is willing to help

 

Well the VPN would be nice but if the two ISP thing could work that would really great. Sorry I didn't mention about the email, email is actually on the T1 and the DSL is yet to be used since I haven't been able to use both at the same time yet. Can I do this with two wireless router linked together (two linksys) or would I need something like this?
http://www.newegg.com/Product/Product.aspx?Item=N82E16833124160
I haven't heard of an MX record before I did sometime change the A-Record when switching between the two ISPs. is the MX record on the server or through our dns provider? would i have to change anything with how ip addresses are assigned by dhcp since dhcp is handled by the server. really appreciate the help. it this could work this would be very helpful.

 

I can give a shot at helping you out or you may want to check out the "hardware support forum" what exactly are you trying to do?

 

Looks like that router will load balance.....probably even better in your case. I'm not an expert here but it appears you may not have to adjust any of the DNS records. This router wants to balance the load over two WAN's. If one is busy, it sends it across the other one. Download the user manual and read before you buy!