Need some advice.

Priapus · 11 Oct 2009 at 16:56

Howzit guys,

I hope someone can help me out here as I am scratching my head with this.

I have a server setup which goes like this:

Internet lines:

ADSL Line 1 ( static IP ), ADSL 2 ( Dynamic IP ), 3G Modem, Satilite connection )

The lines go into a failover device. So, 4 x WAN ports and 1 x LAN port.

So, Fail over - LAN port - External on SBS 2003 server - Internal Nic to Switch.

At the moment, I have setup IP addresses like this:

Fail Over: 10.1.0.1 ( static - DHCP off on fail over )
External - 10.1.0.2
Subnet: 255.0.0.0
Default: 10.1.0.1
Internal: 10.1.0.10
Subnet: 255.0.0.0
default: BLANK
DNS10.1.10

At the moment, everyone can get; Internet, Exchange, Server files all good.

However:

I cannot ping the fail over device from any client machine or even from the server, nor can I logon to the fail over. But it gets Internet from it?

Also, I cannot get; RDP, VPN and webmail ( From exchange) from outside the LAN.

I ran through the remote setup wizard from the Manage your server page. It only wants to setup VPN and won't give the option where you setup the RDP connection.

I have opened the following ports on the fail over device:

RDP: 3389
VPN: 1723
Webmail: 443/80/8080

I also opened these ports up on the Virtual Server part of the fail over device.

The failover device is as bidmax BR-6541K_M with latest firmware.

Can anyone tell me how I get the server to 'see' the fail over device and get this VPN and Remote connection working? Its driving me mad at the moment.

At the moment the only way I have remote access to this server is by RDPing into their other server which is not connected to the failover and has its own static IP address. Sigh....

Any help, would greatly be appreciated!!

Regards
Robert

radderfire · 11 Oct 2009 at 17:20

Ice On Fire said:
At the moment, I have setup IP addresses like this:

Fail Over: 10.1.0.1 ( static - DHCP off on fail over )
External - 10.1.0.2
Subnet: 255.0.0.0
Default: 10.1.0.1
Internal: 10.1.0.10
Subnet: 255.0.0.0
default: BLANK
DNS10.1.10

I am no networking expert, but I thought I'd reply as I wonder how many others will. I am wondering, if you were responsible for "assigning" IP addresses, have you used as standard a setup, i.e. as standard numbers, as possible, as otherwise some of the numbers you chose may not be recognised by certain elements of your setup.

Also, have you tried taking the failover out, i.e. step by step taking complexity out, checking all the settings, and then reintroducing the failover?

Rgds

radderfire · 11 Oct 2009 at 17:21

Also, the usual suspect of firewall software, have you checked that?

Rgds

Priapus · 11 Oct 2009 at 17:57

Thanks for the reply radderfire

Yes, if I setup as the other server ( Directly into the Internet line no fail over - all works as it should )

IP addresses were assigned by someone else. But it was working fine as they are now. Since putting this failover in all has gone pair shapped.

Oh and firewall is off on failover and on the server I have setup it correctly, too.

Regards
Robert.

radderfire · 11 Oct 2009 at 18:30

OK, here is another total guess from me. It is not enough to just have the Firewall on the failover device switched off, for certain port numbers, the incoming message is getting stopped at the failover device, as it does not currently propogate them. If using VPN for example, the message comes in to the failover, then gets suppressed, because the failover is not currently set to repropogate this particular message. Is this called port forwarding?? For certain port numbers associated with certain services, the failover needs to be told to recreate these messages, it may not just be a case of letting them through.

It does seem to me like you are tackling it the right way and you just have to look more carefully at the traffic coming in to the failover and then it coming out again. Use of network sniffing tools might allow you to see the difference between what is coming in to the failover and what is coming out the other side.

Again, this is a total guess.

Have you tried speaking to the failover device manufacturer?

Rgds

radderfire · 11 Oct 2009 at 18:34

Maybe one of these tools would help:

http://www.monitortools.com/traffic/

Rgds

Priapus · 11 Oct 2009 at 18:52

Hi radderfire,

I have opened all the ports I can think of on the failover for the SBS. So it gets a request from Internet comes to failover, say okay, forward this port i.e 3389 to 10.1.0.10 ( server ) and setup. I have spoken to guys who made the device, and setup how they have told me to. no joy.

Will look at tools in linky.
\
Thanks for the help!

radderfire · 11 Oct 2009 at 19:09

Ice On Fire said:
forward this port i.e 3389 to 10.1.0.10 ( server ) and setup.

I am also thinking how the traffic forwarded to the server from the failover might look different to the server once it has come from the failover instead of straight from the internet ... Maybe TCP monitoring tools would show you that ... Is the server treating the traffic from the failover in the same way, possibly not.

Best of luck with the solution, remember to try changing things step by step.

Rgds

Priapus · 12 Oct 2009 at 08:29

Even with the ports not working, the server should see the failover regards or at the very least be able to ping its address as its getting internet from it. It can't do either of these two.