Hello,

We have a main office with a machine running small business server 2003 w/
exchange. We have set up a site-to-site vpn connection to a remote office. We
cannot currently send/receive mail from outlook exchange accounts on the
remote computers. However if we disconnect the site-to-site vpn and connect
from the remote computers to the main office server with the microsoft vpn
client we can send/recieve mail without a problem.

The main office has a subnet of 192.168.1.0. The exchange server has 2
NIC's. The IP of the server's internal LAN NIC is 192.168.1.13. The IP of the
server's WAN nic (connects to router) is 192.168.1.103. Finally the exchange
server is identified as "mailserver.ourorganization.local"

The satellite office has a subnet of 192.168.2.0.

With the site-to-site vpn connected we have a computer at the satellite
office setup to use 192.168.1.103 as its DNS server. From this remote
computer we can ping the exchange server at 192.168.1.13 with no problem.
When setting up the users account in outlook we enter 192.168.1.13 as the
server and it automatically updates to "mailserver.ourorganization.local".
This leads me to believe the remote computers are communicating with the
server (as is verified in the router logs).

When pinging mailserver.ourorganization.local the address resolves to
192.168.1.103 but the ping times out.



Not sure where to proceed from here, any help is greatly appreciated.

CSI Albany <CSI Albany@newsgroup> wrote:

> Hello,
>
> We have a main office with a machine running small business server
> 2003 w/ exchange. We have set up a site-to-site vpn connection to a
> remote office. We cannot currently send/receive mail from outlook
> exchange accounts on the remote computers. However if we disconnect
> the site-to-site vpn and connect from the remote computers to the
> main office server with the microsoft vpn client we can send/recieve
> mail without a problem.
>
> The main office has a subnet of 192.168.1.0. The exchange server has 2
> NIC's. The IP of the server's internal LAN NIC is 192.168.1.13. The
> IP of the server's WAN nic (connects to router) is 192.168.1.103.

This is a problem - they shouldn't be in the same subnet. But see below,
because this is going to be moot soon...

> Finally the exchange server is identified as
> "mailserver.ourorganization.local"
>
> The satellite office has a subnet of 192.168.2.0.
>
> With the site-to-site vpn connected we have a computer at the
> satellite office setup to use 192.168.1.103 as its DNS server. From
> this remote computer we can ping the exchange server at 192.168.1.13
> with no problem. When setting up the users account in outlook we
> enter 192.168.1.13 as the server and it automatically updates to
> "mailserver.ourorganization.local". This leads me to believe the
> remote computers are communicating with the server (as is verified in
> the router logs).
>
> When pinging mailserver.ourorganization.local the address resolves to
> 192.168.1.103 but the ping times out.
>
> Not sure where to proceed from here, any help is greatly appreciated.

Get rid of the 2nd NIC in the SBS box. You need to be behind a good
firewall appliance that does NAT. Don't connect directly to your ISP's
modem. Then rerun the CEICW accordingly, and this should work. Outside of
SBS, multihomed DCs are considered a very bad idea, and if you aren't using
ISA you don't need it (and it doesn't buy you much). Plus, you're currently
misconfigured if you have both NICs on the same subnet.

"Lanwench [MVP - Exchange]"
<lanwench@newsgroup> wrote in message
news:%23Dhzk3dPKHA.4208@newsgroup

> CSI Albany <CSI Albany@newsgroup> wrote:

>> Hello,
>>
>> We have a main office with a machine running small business server
>> 2003 w/ exchange. We have set up a site-to-site vpn connection to a
>> remote office. We cannot currently send/receive mail from outlook
>> exchange accounts on the remote computers. However if we disconnect
>> the site-to-site vpn and connect from the remote computers to the
>> main office server with the microsoft vpn client we can send/recieve
>> mail without a problem.
>>
>> The main office has a subnet of 192.168.1.0. The exchange server has 2
>> NIC's. The IP of the server's internal LAN NIC is 192.168.1.13. The
>> IP of the server's WAN nic (connects to router) is 192.168.1.103.

>
> This is a problem - they shouldn't be in the same subnet. But see below,
> because this is going to be moot soon...
>

>> Finally the exchange server is identified as
>> "mailserver.ourorganization.local"
>>
>> The satellite office has a subnet of 192.168.2.0.
>>
>> With the site-to-site vpn connected we have a computer at the
>> satellite office setup to use 192.168.1.103 as its DNS server. From
>> this remote computer we can ping the exchange server at 192.168.1.13
>> with no problem. When setting up the users account in outlook we
>> enter 192.168.1.13 as the server and it automatically updates to
>> "mailserver.ourorganization.local". This leads me to believe the
>> remote computers are communicating with the server (as is verified in
>> the router logs).
>>
>> When pinging mailserver.ourorganization.local the address resolves to
>> 192.168.1.103 but the ping times out.
>>
>> Not sure where to proceed from here, any help is greatly appreciated.

>
> Get rid of the 2nd NIC in the SBS box. You need to be behind a good
> firewall appliance that does NAT. Don't connect directly to your ISP's
> modem. Then rerun the CEICW accordingly, and this should work. Outside of
> SBS, multihomed DCs are considered a very bad idea, and if you aren't
> using ISA you don't need it (and it doesn't buy you much). Plus, you're
> currently misconfigured if you have both NICs on the same subnet.
>

I agree. There's no way to (such as you CANNOT) have an internal interface
and external interface on the same subnet. Otherwise, it cannot route. It
wouldn't know which direction to send the traffic.

Either change the external interface to a 192.168.3.x or something else, or
as you said, disable the external NIC and get a reliable firewall/router,
such as a Cisco ASA 5505.

Curious what's being used for the site to site VPN? SBS or the
router/firewall? If you get an ASA at the remote location, too, you can
create a secure tunnel between the ASA's. It also offers SSL VPN
capabilities.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS 2008, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA
Messaging
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

If all the OP wants is mail between the 2 offices then he may not need to
use VPN at all especially since he doesn't seem to understand networking
basics very well. Outlook Anywhere should work very nicely.

"Ace Fekay [MCT]" <aceman@newsgroup> wrote in message
news:uomfHdePKHA.4244@newsgroup

> "Lanwench [MVP - Exchange]"
> <lanwench@newsgroup> wrote in
> message news:%23Dhzk3dPKHA.4208@newsgroup

>> CSI Albany <CSI Albany@newsgroup> wrote:

>>> Hello,
>>>
>>> We have a main office with a machine running small business server
>>> 2003 w/ exchange. We have set up a site-to-site vpn connection to a
>>> remote office. We cannot currently send/receive mail from outlook
>>> exchange accounts on the remote computers. However if we disconnect
>>> the site-to-site vpn and connect from the remote computers to the
>>> main office server with the microsoft vpn client we can send/recieve
>>> mail without a problem.
>>>
>>> The main office has a subnet of 192.168.1.0. The exchange server has 2
>>> NIC's. The IP of the server's internal LAN NIC is 192.168.1.13. The
>>> IP of the server's WAN nic (connects to router) is 192.168.1.103.

>>
>> This is a problem - they shouldn't be in the same subnet. But see below,
>> because this is going to be moot soon...
>>

>>> Finally the exchange server is identified as
>>> "mailserver.ourorganization.local"
>>>
>>> The satellite office has a subnet of 192.168.2.0.
>>>
>>> With the site-to-site vpn connected we have a computer at the
>>> satellite office setup to use 192.168.1.103 as its DNS server. From
>>> this remote computer we can ping the exchange server at 192.168.1.13
>>> with no problem. When setting up the users account in outlook we
>>> enter 192.168.1.13 as the server and it automatically updates to
>>> "mailserver.ourorganization.local". This leads me to believe the
>>> remote computers are communicating with the server (as is verified in
>>> the router logs).
>>>
>>> When pinging mailserver.ourorganization.local the address resolves to
>>> 192.168.1.103 but the ping times out.
>>>
>>> Not sure where to proceed from here, any help is greatly appreciated.

>>
>> Get rid of the 2nd NIC in the SBS box. You need to be behind a good
>> firewall appliance that does NAT. Don't connect directly to your ISP's
>> modem. Then rerun the CEICW accordingly, and this should work. Outside of
>> SBS, multihomed DCs are considered a very bad idea, and if you aren't
>> using ISA you don't need it (and it doesn't buy you much). Plus, you're
>> currently misconfigured if you have both NICs on the same subnet.
>>

>
>
> I agree. There's no way to (such as you CANNOT) have an internal interface
> and external interface on the same subnet. Otherwise, it cannot route. It
> wouldn't know which direction to send the traffic.
>
> Either change the external interface to a 192.168.3.x or something else,
> or as you said, disable the external NIC and get a reliable
> firewall/router, such as a Cisco ASA 5505.
>
> Curious what's being used for the site to site VPN? SBS or the
> router/firewall? If you get an ASA at the remote location, too, you can
> create a secure tunnel between the ASA's. It also offers SSL VPN
> capabilities.
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Please reply back to the newsgroup or forum for collaboration benefit
> among responding engineers, and to help others benefit from your
> resolution.
>
> Ace Fekay, MCT, MCTS 2008, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA
> Messaging
> Microsoft Certified Trainer
>
> For urgent issues, please contact Microsoft PSS directly. Please check
> http://support.microsoft.com for regional support phone numbers.
>
>
>

"SteveB" <newsgroup@newsgroup> wrote in message
news:%235v2sMfPKHA.4692@newsgroup

> If all the OP wants is mail between the 2 offices then he may not need to
> use VPN at all especially since he doesn't seem to understand networking
> basics very well. Outlook Anywhere should work very nicely.

True, but I think the poster also needs other access, unless I
mis-understood the intentions.

Ace

>
> "Ace Fekay [MCT]" <aceman@newsgroup> wrote in message
> news:uomfHdePKHA.4244@newsgroup

>> "Lanwench [MVP - Exchange]"
>> <lanwench@newsgroup> wrote in
>> message news:%23Dhzk3dPKHA.4208@newsgroup

>>> CSI Albany <CSI Albany@newsgroup> wrote:
>>>> Hello,
>>>>
>>>> We have a main office with a machine running small business server
>>>> 2003 w/ exchange. We have set up a site-to-site vpn connection to a
>>>> remote office. We cannot currently send/receive mail from outlook
>>>> exchange accounts on the remote computers. However if we disconnect
>>>> the site-to-site vpn and connect from the remote computers to the
>>>> main office server with the microsoft vpn client we can send/recieve
>>>> mail without a problem.
>>>>
>>>> The main office has a subnet of 192.168.1.0. The exchange server has 2
>>>> NIC's. The IP of the server's internal LAN NIC is 192.168.1.13. The
>>>> IP of the server's WAN nic (connects to router) is 192.168.1.103.
>>>
>>> This is a problem - they shouldn't be in the same subnet. But see below,
>>> because this is going to be moot soon...
>>>
>>>> Finally the exchange server is identified as
>>>> "mailserver.ourorganization.local"
>>>>
>>>> The satellite office has a subnet of 192.168.2.0.
>>>>
>>>> With the site-to-site vpn connected we have a computer at the
>>>> satellite office setup to use 192.168.1.103 as its DNS server. From
>>>> this remote computer we can ping the exchange server at 192.168.1.13
>>>> with no problem. When setting up the users account in outlook we
>>>> enter 192.168.1.13 as the server and it automatically updates to
>>>> "mailserver.ourorganization.local". This leads me to believe the
>>>> remote computers are communicating with the server (as is verified in
>>>> the router logs).
>>>>
>>>> When pinging mailserver.ourorganization.local the address resolves to
>>>> 192.168.1.103 but the ping times out.
>>>>
>>>> Not sure where to proceed from here, any help is greatly appreciated.
>>>
>>> Get rid of the 2nd NIC in the SBS box. You need to be behind a good
>>> firewall appliance that does NAT. Don't connect directly to your ISP's
>>> modem. Then rerun the CEICW accordingly, and this should work. Outside
>>> of SBS, multihomed DCs are considered a very bad idea, and if you aren't
>>> using ISA you don't need it (and it doesn't buy you much). Plus, you're
>>> currently misconfigured if you have both NICs on the same subnet.
>>>

>>
>>
>> I agree. There's no way to (such as you CANNOT) have an internal
>> interface and external interface on the same subnet. Otherwise, it cannot
>> route. It wouldn't know which direction to send the traffic.
>>
>> Either change the external interface to a 192.168.3.x or something else,
>> or as you said, disable the external NIC and get a reliable
>> firewall/router, such as a Cisco ASA 5505.
>>
>> Curious what's being used for the site to site VPN? SBS or the
>> router/firewall? If you get an ASA at the remote location, too, you can
>> create a secure tunnel between the ASA's. It also offers SSL VPN
>> capabilities.
>>
>> --
>> Ace
>>
>> This posting is provided "AS-IS" with no warranties or guarantees and
>> confers no rights.
>>
>> Please reply back to the newsgroup or forum for collaboration benefit
>> among responding engineers, and to help others benefit from your
>> resolution.
>>
>> Ace Fekay, MCT, MCTS 2008, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA
>> Messaging
>> Microsoft Certified Trainer
>>
>> For urgent issues, please contact Microsoft PSS directly. Please check
>> http://support.microsoft.com for regional support phone numbers.
>>
>>
>>

>
>