Two servers, one VPN

[Michael A. Covington]

We had a Windows 2000 server with VPN access so that users elsewhere could
get to their files and the printers on the server.

We now have *two* servers (joint domain controllers, Windows 2003).

The VPN users can only see things that are on the first server.

How do we enable them to see the second server or even the whole local
subnetwork?

 

[Sharoon Shetty K [MSFT]]

Are the two servers on the same LAN?

 

[Michael A. Covington]

Are the two servers on the same LAN?

Yes. Until now we have not used VPN to access anything on the LAN except
the first server. The LAN is a departmental subnetwork which is on the
Internet.

Do I simply need to enable routing from one to the other, somehow?

Thanks,
Michael

 

[Michael A. Covington]

I should clarify the problem.

We are on a departmental LAN which is attached to the Internet.

We have 2 servers, which I'll call SERVER1 and SERVER2. Both of them share
resources in our LAN. SERVER1 hosts VPN (Routing and Remote Access).

For a long time I've been using the VPN to get into SERVER1 from home with
no problems, and access its shared resources. I didn't see if I could reach
anything else on the LAN because it didn't matter.

Then we added SERVER2. From home I can't get into SERVER2. (NET VIEW
SERVER2 gives "Network path not found" or words to that effect; NET VIEW
SERVER1 gives a list of shared resources.)

Even weirder... If I get into the VPN from a wireless network that is
attached to our local LAN (but firewalled, hence the need to use VPN), then
everything works fine. So I know that SERVER2 can be seen from SERVER1 via
VPN. Just not from my house!

I'm about to start logging everything possible and looking for error
messages. Any ideas?

 

[Michael A. Covington]

Solution (or workaround):


It's a matter of name recognition.

To reach LAN computers other than the VPN server, one has to give their full
path. Thus

net view server2.mydomain.myplace.edu works even though
net view server2 does not work.

Also, I can Map Network Drive to \\server2.mydomain.myplace.edu\whatever
with no problem.

Is there something I can toggle in Routing and Remote Access to enable name
recognition of everything on the LAN?

 

[Michael A. Covington]

Not so simple.

net view server2.mydomain.myplace.edu works from some sites and not from
others.

Likewise if I type the IP address in place of the domain path.

I can ping it by name and by IP number.

Does VPN use different port numbers for passing through to other computers
than for communicating with the VPN server itself? Am I looking at a
firewall problem?

 

[Sharoon Shetty K [MSFT]]

If server2.mydomain.myplace.edu is reachable but not server2, it usually is
a resolution problem and the fix for that will be to use DNS suffix for the
connection. It can be found under TCP/IP->Properties->Advanced->DNS Suffix
for this connection. This will be required when there is no WINS server but
only DNS server.