Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Cannot Establish PPTP VPNs from Branch to Main and Main to Branch at the same time
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Cannot Establish PPTP VPNs from Branch to Main and Main... - 8.Sep.2008 10:36:07 AM
|
|
|
daithi69
Posts: 3
Joined: 8.Sep.2008
Status: offline
|
Hi
I am pulling my hair out here :-)
I have an existing ISA 2004 setup at 3 sites and othewise all is working fine.
I want to temporarily setup PPTP VPNs from each Branch site to the Main Site.
Everything is configured correctly i think. I can establish PPTP VPN from either of the Branch Sites to Main Site without any problems but when i tried the opposite direction it would not work.
Ok so i disabled the VPNs from Branch to Main at both Branch Sites and presto the Main to Branch VPNs connected without any problems. If i re-enable Branch to Main VPNs nothing will happen until i disable Main to Branch VPNs.
At each site i have ADSL connections which are connected to the external interface of each ISA 2004. While testing this to rule out the ADSL i disabled each of their firewalls but this made no difference. I also have remote users who dial in regularily to each of the 3 sites without any issues.
Any ideas???
Regards
David
|
|
|
|
|
RE: Cannot Establish PPTP VPNs from Branch to Main and ... - 8.Sep.2008 11:16:39 AM
|
|
|
Rotorblade
Posts: 1002
Joined: 27.Feb.2007
Status: offline
|
quote:
Everything is configured correctly i think. I can establish PPTP VPN from either of the Branch Sites to Main Site without any problems but when i tried the opposite direction it would not work.
Ok so i disabled the VPNs from Branch to Main at both Branch Sites and presto the Main to Branch VPNs connected without any problems. If i re-enable Branch to Main VPNs nothing will happen until i disable Main to Branch VPNs.
Ok, maybe I'm missing something here but are you trying to configure tunnels in both directions?
RB
_____________________________
David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003
|
|
|
|
|
RE: Cannot Establish PPTP VPNs from Branch to Main and ... - 8.Sep.2008 11:26:12 AM
|
|
|
daithi69
Posts: 3
Joined: 8.Sep.2008
Status: offline
|
Hi David
Yes I am trying to configure VPNs in both directions. If you take 2 sites as an example Main and Branch. I am trying to create the following.
VPN from Main Office to Branch Office -- Main_Branch
VPN from Branch Office to Main Ofice -- Branch_Main
I would have referenced these instructions and similar
http://www.isaserver.org/tutorials/2004ipsectunnelmode.html
I can only establish a VPN in one direction at a time, both connect perfectly from either site but not at the same time. I have to disable one to make the other one work.
< Message edited by daithi69 -- 8.Sep.2008 11:55:10 AM >
|
|
|
|
|
RE: Cannot Establish PPTP VPNs from Branch to Main and ... - 8.Sep.2008 12:13:41 PM
|
|
|
Rotorblade
Posts: 1002
Joined: 27.Feb.2007
Status: offline
|
I think maybe you're confused a little. You can have only 1 VPN tunnel established at a time not 2 to the same network. (There would be no need too and once the tunnel is established, the two networks are connected.) but you need 2 access rules to allow traffic to and from each network.
RB
_____________________________
David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003
|
|
|
|
|
RE: Cannot Establish PPTP VPNs from Branch to Main and ... - 9.Sep.2008 4:43:57 AM
|
|
|
daithi69
Posts: 3
Joined: 8.Sep.2008
Status: offline
|
These are the steps i have taken
1. Create a remote VPN site to site connection in ISA 2004 from my Branch Office to the Main Office.
2. Create the network rule to route all traffic from Branch Office to the Main Office.
3. Create access rule to allow all outbound protocols from Branch Offce to Main Office.
VPN has successfully connected
Now i need to route traffic from Main Office to Branch Office.
I dont see any other way of doing this other that creating another remote VPN site to site connection this time from the Main Office to the Branch Office.
When i create the second VPN it will not connect unless i either delete or disable the first one.
Sorry if i was not as clear in my earlier post.
|
|
|
|
|
RE: Cannot Establish PPTP VPNs from Branch to Main and ... - 10.Sep.2008 9:48:18 AM
|
|
|
Rotorblade
Posts: 1002
Joined: 27.Feb.2007
Status: offline
|
quote:
I dont see any other way of doing this other that creating another remote VPN site to site connection this time from the Main Office to the Branch Office.
To stress again, you don't need to create another remote VPN; you need to create another access rule to allow access, i.e. from Main to Branch and Branch to Main. If you read down through the article that you referenced, you will find a section that mentions that you must create another access rule to allow traffic from the other direction. So the process would be, create the Site-to-Site VPN at each ISA locations. Create the Network rule (Route) at each and then create access rules, two of them at each location to allow access to and from each VPN network. Once this is done, establish the connection from only one site or the other.
HTH
RB
_____________________________
David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
