Topic: Confused

[xebec]

Hi All,

I am very sorry if this sounds stupid, but I have read and studied and searched and researched, but I can't seem to get anywhere.

Simple setup (I thought):

1 Windows 2000 server with DHCP, domain controller, email server (exchange 2000).  IP address 10.0.0.2 mask 255.255.255.0

1 SME server 6.01 server and gateway IP 10.0.0.3 mask 255.255.255.0.
External IP 192.168.10.2 mask 255.255.255.0 G/W 192.168.10.1 which is a netgear FVS 318 VPN router.

I can receive mail, browse the net from the local network (10.0.0.x).  I have a stable router to router VPN (netgear).  I can ping the remote network which is 192.168.1.0, the remote network can ping the SME 192.168.10.2, but won't ping nor see the internal 10.0.0.x network.

I have tried adding a local network, but then I can't ping a thing.

Is what I am trying to do achievable or am I wasting my time and yours???

Any help, as usual, would be enormously appreciated (big time, tanto, mucho, etc. etc.)

regards to all

GB

[raem]

Deleted

[duncan]

Set SME server as "Server only" 1 nic - 10.0.0.3

FVS 318 is more than enough firewall for the network. Internal network of FVS 318 becomes 10.0.0.0 (probably 1). Set your VPN for the 10.0.0.0 network.

I have the same set up here (3 way vpn using FVS318s as the gateways) No problems.

Regards Duncan

PS - dont double post

[xebec]

Hi thanks for the reply,

didn't mean to double post, the other was a VPN problem with win2000 and winxp which I am still to sort out.

In order to do that I will have to re-install then won't I??

thanks again and regards

GB

[duncan]

In order to do that I will have to re-install then won't I??

GB

Re-install?

[xebec]

Allright, I just thought I'd ask for the simple reason that if you try and remove a nic from Win2k or UNIX all hell breaks loose, but obviously with sme everything is different.    Gees...I need a serious

 

Thanks again for the help to all and best regards

[kruhm]

can you still use sme as a transparent proxy server in this configuration?

what if you set the 2 nics to 10.0.0.3 & 10.0.0.4 respectively? would you see the whole network via vpn?

[MSmith]

I mean, why have the SME server there at all?  Right now you have a router (SME) inside a router (Netgear), and SME is explicitly designed to NOT allow access from its WAN side to its LAN side.  (The SME thinks your 192.168.10.X subnet is the Internet, in other words.)

Me, I'd flatten that network.  The question is, will it be more trouble to reconfigure your 2K server's IP, which is more aggravating than you'd think since it's a domain controller, or to reconfigure the Netgear's internal address and change the VPNs.  Like Duncan, I'd choose the latter.

The SME will be dead easy ... remove one NIC and rerun the configuration by logging in as "admin".  Set it as server-only, as Duncan suggested.  It can still act as email and file server but won't have the gateway/proxy role.  And of course make sure you have only one DHCP server, if any, on your flattened network.

[d6hq]

Run the SME in server only mode with one NIC as suggested. If you want to use it as a proxy you still can but you will need to set all clients to use it on port 3128 rather than in its transparent mode.

[kruhm]

The SME server has lots of capabilities to control internet access (dansguardian, etc). Still, it lacks an easy to configure VPN panel (that's why the VPN threads get so many views).

So why spend the hours trying to make the SME vpn work when the FVS318 has a easy to configure panel that works with two or more dynamic dns networks (the FVM318 was better but they stopped making it)? Buy 2 of them and presto -VPN.

It was a little OT but the question was a question of theory, not of suggestion; wanting the easy-to-config netgear VPN along with the internet management capabilities of the SME. All routers are inside other routers (except backbone) and block incoming/outgoing traffic on demand. But what if the SME had the netbios ports open, would it allow the capability to browse both networks?

This would save a lot of time not having to configure openvpn and save a lot of trouble not having to set the proxy on all the clients (AD, group policies, etc).