Announcement

Collapse
No announcement yet.

Subnet access issues

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Subnet access issues

    We have three sites with w2k3 servers, all of which are joined by hardware vpn units.

    .16 subnet (our original)
    .2 subnet
    .3 subnet

    We have recently added a satellite office - .4 subnet - again connected to the rest of the system by another hardware vpn unit but this time without a server.

    I can see users on the .4 subnet authenticate on the .2 subnet server (the closest to them), either with .4 subnet ip addresses or using a software vpn connection, in which case they get a .2 subnet address.

    The problem is access to some items that are hosted on the .16 subnet server, namely IIS intranet pages and Exchange public folders.

    When they are logged on via the .2 subnet they can access the intranet pages and public folders, when they are logged on via the .4 subnet they can't.

    IE gives a "The webpage cannot be displayed" message, Outlook says "Cannot display the folder. Network problems are preventing connection to Microsoft Exchange". (At the same time email is streaming fine from the local Exchange server).

    I have added the .4. subnet as a site attached to the .2 subnet, and granted access for all the subnets in IIS Directory security. The .2 and .4 subnets are geographically remote from the .16 subnet (on the other side of the world in fact).

    Any ideas as to what is going wrong here?

    Many thanks
    Peter

  • #2
    Re: Subnet access issues

    sounds like a missing route from the .4 subnet to the .16 network.
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Subnet access issues

      Thanks for the reply.

      I've added a route from .4 to .16 on the .4 router, let's hope this does the trick!

      Many thanks
      Peter

      Comment


      • #4
        Re: Subnet access issues

        try pinging from the .4 to the .16 subnet
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: Subnet access issues

          Weird... adding the routes actually made matters worse.

          The two people in that office could no longer see the network drives or connect to the exchange server on the .2 subnet.

          Took the routes back out of the router and things reverted back to the previous problematic but semi-functioning state.

          Any other ideas?

          Comment


          • #6
            Re: Subnet access issues

            yeah, already tried a traceroute?
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: Subnet access issues

              Pings from .4 subnet to .2 or .16 come back with 'no answer' (not 'timed out').

              Traceroutes from .4 subnet to .2 or .16 last response is on about hop 8 or 9 (of max of 30), in both cases in the TELSTRACLEAR-NZ network (.4 is in NZ, .2 in Aus and .16 in the UK).

              Can ping .16 objects from .2, but not objects on .4.

              Comment


              • #8
                Re: Subnet access issues

                So there is definitely a routing issue.
                Make a drawing with each routing component and track down where it goes wrong.
                Marcel
                Technical Consultant
                Netherlands
                http://www.phetios.com
                http://blog.nessus.nl

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"

                Comment


                • #9
                  Re: Subnet access issues

                  Correction, I can ping objects on both .16 and .4 subnets from the .2 subnet. The routers won't do an internal traceroute.

                  Just noticed in the Security Log on the .2 subnet - loads and loads of Logon/Logoff entries for a user on the .4 subnet, often only seconds apart.

                  I have also changed the same users profile to use a different login script but it appears that it is still using the previous one - can logins be cached like this?

                  Does this give anyone any clues to what is going on?

                  It struck me the other day that the .2 server is giving out ips on that subnet, and the .4 router is giving out ips for the .4 subnet, I have added the .4 subnet as a subnet under the .2 site in Sites and Services, is there anything else I should have done?

                  Many thanks
                  Peter

                  Comment

                  Working...
                  X