I have seen this topic a couple of times but no solution.

I have a 2 NIC sbs 2003 at the head office and 3 PC's at the branch office.

I want to connect the branch office via a site to site VPN using 2 Vigor 2800G's. I have established a stable PPTP VPN between the 2 sites and can ping the branch office client from the server and can ping the external interface of the SBS server from the branch office PC.
However I can ping the internal interface of the SBS box.

I have seen a number of solutions including adding a second network to the TCP settings on the Draytek and setting up a static route on the SBS box. None have worked. I can't ping the internal interface of the SBS box.

A VPN from a single external PC using the MS VPN works fine.

Has anyone managed to do this and could you give an explaniation of how.

Thanks.

Do you have ISA 2004 on the SBS? If you have, this should help: http://www.microsoft.com/technet/isa/2004/plan/sitetositeipsec.mspx . If you don't have ISA 2004, do yourself a favour and convert your SBS to a single-NIC architecture (then your DrayTek-based site-to-site VPN will work as expected). You will have to if and when you upgrade to SBS 2008 anyway.

No I don't have ISA.

I think your right about the single NIC switch.
I have spent over a week looking for an answer and not found one.

If no one can offer a solution on a 2 NIC SBS I will follow your advice and switch to single NIC.

It would be interesting to know why RRAS cannot be configured to route packets from the WAN to LAN.

Cheers.

Frank

I'm a little confused now. You were asking about a site-to-site VPN via two routers, now you are talking about RRAS on the SBS. These are two very different beasts.

Sorry for the confusion. Hope this clarifies.

The site to site VPN is working fine. I can ping from the SBS to a client at the BO and ping from the BO to the SBS server external interface.

The problem (i think) is routing from the external interface on the SBS to the internal. Hence my assumption that RRAS is where the problem lies.

Hope this clears up the confusion.

OK I understand. RRAS isn't going to help you in this instance. You could instead establish VPN connections from the Branch Office clients to RRAS on the SBS, but then you'd need VPN clients on the client workstations. If you want to run a site-to-site VPN via your routers you'll either need ISA 2004 (from SBS Premium) or you'll need to move to a single NIC SBS config.