• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Discussion about Branch Office Connectivity Site to Site VPN

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> VPN >> Discussion about Branch Office Connectivity Site to Site VPN Page: [1]
Login
Message << Older Topic   Newer Topic >>
Discussion about Branch Office Connectivity Site to Sit... - 10.Dec.2006 1:40:11 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
This thread is for discussing the branch office connectivity wizard site to site VPN article at: http://isaserver.org/tutorials/Creating-VPN-ISA-2006-Firewall-Branch-Office-Connection-Wizard-Part1.html

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.
Post #: 1
RE: Discussion about Branch Office Connectivity Site to... - 30.Jan.2007 10:11:32 AM   
habibalby

 

Posts: 144
Joined: 20.May2006
From: Kingdom of Bahrain
Status: offline
Hi Mr.Thomas,

First of all I would like to thank you for the great Tutorials you are posting in this great forum.

Regading  the Branch Office Connectivity, Part 5. After making all the necessary configuration and creating the Answer File. I ran  the AppCfgWzd.exe to start the Wizard which is connecting the Branch Office to the Main Office.

All the Process is done fine without any problem including joining the Branch Office ISA Firewall to the Domain. But after restarting the machine, and again Resuming the Wizard, when the Branch ISA Firewall tryes to Switch from it's ows CSS to the Remote CSS which is located in the Main office, the wizard hangs in here.

I have seen the Active Connection on both Machines, Branch ISA Firewall and Main office CSS Machine. Strage things is happening I can see an APIPA Address tryes to connect to the CSS machine.

HMS-CSS01:
Active Connection
quote:


Active Connections
Proto  Local Address          Foreign Address        State
TCP    192.168.1.20:2171      169.254.14.156:6135    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6137    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6140    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6145    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6147    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6171    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6186    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6188    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6191    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6198    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6201    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6206    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6225    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6236    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6243    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6245    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6250    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6258    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6260    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6271    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6276    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6284    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6286    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6294    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6296    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6301    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6304    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6311    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6314    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6316    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6319    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6321    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6329    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6339    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6341    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6356    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6359    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6361    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6369    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6371    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6379    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6381    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6384    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6386    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6389    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6391    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6406    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6421    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6429    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6431    TIME_WAIT
TCP    192.168.1.20:2171      169.254.14.156:6434    ESTABLISHED
TCP    192.168.1.20:2171      169.254.14.156:6436    ESTABLISHED
TCP    192.168.1.20:2171      192.168.1.12:1292      ESTABLISHED
TCP    192.168.1.20:2605      192.168.1.3:1025       ESTABLISHED
TCP    192.168.1.20:3389      192.168.1.33:1782      ESTABLISHED


NCISA01 Branch Office
Active Connection
quote:


Active Connections
Proto  Local Address          Foreign Address        State
TCP    25.1.1.4:2171          25.1.1.4:5591          ESTABLISHE
TCP    25.1.1.4:2171          25.1.1.4:5592          ESTABLISHE
TCP    25.1.1.4:2171          25.1.1.4:5623          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5624          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5628          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5629          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5633          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5634          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5638          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5639          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5643          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5644          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5648          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5649          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5653          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5654          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5658          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5659          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5663          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5664          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5668          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5669          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5673          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5674          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5678          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5679          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5683          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5684          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5688          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5689          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5693          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5694          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5698          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5699          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5703          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5704          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5708          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5709          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5713          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5714          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5718          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5719          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5723          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5724          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5728          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5729          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5733          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5734          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5738          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5739          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5743          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5744          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5748          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5749          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5753          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5754          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5758          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5759          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5763          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5764          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5768          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5769          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5773          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5774          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5778          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5779          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5783          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5784          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5788          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5789          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5793          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5794          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5798          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5799          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5803          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5804          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5808          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5809          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5813          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5814          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5818          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5819          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5823          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5824          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5828          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5829          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5833          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5834          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5838          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5839          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5843          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5844          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5848          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5849          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5853          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5854          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5858          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5859          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5863          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5864          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5868          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5869          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5873          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5874          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5878          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5879          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5883          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5884          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5888          TIME_WAIT
TCP    25.1.1.4:2171          25.1.1.4:5889          TIME_WAIT
TCP    25.1.1.4:5591          25.1.1.4:2171          ESTABLISHE
TCP    25.1.1.4:5592          25.1.1.4:2171          ESTABLISHE
TCP    169.254.14.156:5625    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5630    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5635    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5637    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5640    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5645    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5647    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5650    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5652    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5655    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5657    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5660    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5665    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5667    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5670    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5672    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5675    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5677    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5680    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5685    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5687    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5690    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5692    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5695    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5697    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5700    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5702    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5705    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5707    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5710    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5712    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5715    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5717    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5720    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5722    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5725    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5727    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5730    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5732    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5735    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5737    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5742    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5745    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5747    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5750    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5752    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5755    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5760    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5765    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5767    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5770    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5772    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5775    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5777    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5780    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5785    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5790    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5792    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5795    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5797    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5800    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5805    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5807    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5810    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5812    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5815    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5820    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5822    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5825    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5832    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5835    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5840    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5842    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5845    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5847    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5850    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5855    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5860    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5870    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5872    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5875    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5880    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5882    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5887    192.168.1.20:2171      TIME_WAIT
TCP    169.254.14.156:5892    192.168.1.20:2171      TIME_WAIT


Brahcn office ISA Firewall Events:
21271
21257
21211
14147

I gues the APIPA Address is the one which is creating the problem when the Branch Office ISA Firewall tryes to connect to the CSS Machine @ the Main office, it tryes with the APIPA Address instead of the one of the Static Pool Addresses.
 
 
Any Help ?
 
Thanks,
 
habibalby

(in reply to tshinder)
Post #: 2
RE: Discussion about Branch Office Connectivity Site to... - 30.Jan.2007 10:37:08 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Are the autonet addresses coming from the branch office?

Check the Event Viewer to see why this is happening. You should have a static address pool or use DHCP at the branch office, depending on what resources you have available.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to habibalby)
Post #: 3
RE: Discussion about Branch Office Connectivity Site to... - 31.Jan.2007 12:21:55 AM   
habibalby

 

Posts: 144
Joined: 20.May2006
From: Kingdom of Bahrain
Status: offline
Hi Mr.Thomas,

one of the main event i beleive is this:
quote:


ISA Server Detected Routes Through Network Adapter Adapter_Name That Do Not Correlate with the Network Element to Which This Adapter Belongs


Becuase when the connection trys to be established from Branch to the Main office, and ISA Firewall in the Branch office trys to conntact CSS Machine @ the main office, in the main office Active Connection are the Autonet Address.

I have followed the same as your instruction given, but the only differents are the IP Addresses,

Public IP's: 10.90.8.x /24
Main office LAN: 192.168.1.x/24
Branch office LAN: 25.1.1.x/24

DC is located @ the branch also which is reprsenting the other site in the Active Directory Site and Services.

What is the idea of deplying DHCP Server @ the Branch office? what will be the configurations?

Thanks,

Habibalby

(in reply to tshinder)
Post #: 4
RE: Discussion about Branch Office Connectivity Site to... - 31.Jan.2007 11:17:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Habibalby,

A DHCP server at the branch office is not required, but it might help explain why things aren't working.

What addresses are you using in the branch office?
What addresses are you assinging to the branch office static address pool?

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to habibalby)
Post #: 5
RE: Discussion about Branch Office Connectivity Site to... - 1.Feb.2007 3:39:19 AM   
habibalby

 

Posts: 144
Joined: 20.May2006
From: Kingdom of Bahrain
Status: offline
HI Thomas,

Branch Office Addresses: 25.1.1.0 /24
NCDC01  25.1.1.2
NCISA01 25.1.1.4
Main office Addresses: 192.168.1.0/24
HMSISA01  1921.168.1.12
HMSDC01   1921.168.1.3
HMSDC02   1921.168.1.4
HMC-CSS01 192.168.1.20
----------------------------
Branch office DC is DNS integrated and prefered DNS is pointing to itself and secondary to the Main office 192.168.1.3

ISA Firewall in Branch office,  LAN Nic DNS is pointint to 25.1.1.2 and secondary to 192.168.1.3
---------------------------------

Internal Address of ISA Server is 25.1.1.0 ~ 25.1.1.255, actually i have selected the LAN instead of typing the Addresses.

Static Address pool. 25.1.1.252  ~ 25.1.1.254 "the same as your tutorials"
--------------------

I think, the problem is from the Static Address Pool when it tryes to establish a connection to the main office, instead of using the address assigened, it automatically assigend an APIPA address.

Any though?

BR,

habibalby

(in reply to tshinder)
Post #: 6
RE: Discussion about Branch Office Connectivity Site to... - 1.Feb.2007 10:54:08 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Branch office DC is DNS integrated and prefered DNS is pointing to itself and secondary to the Main office 192.168.1.3

ISA Firewall in Branch office,  LAN Nic DNS is pointint to 25.1.1.2 and secondary to 192.168.1.3
TOM: Remove the secondary DNS server, it's not required and could create real problems for branch office users in certain circrumstances.
---------------------------------

Internal Address of ISA Server is 25.1.1.0 ~ 25.1.1.255, actually i have selected the LAN instead of typing the Addresses.
TOM: What do you mean by "I have selected the LAN instead of typing the Addresses" mean?

Static Address pool. 25.1.1.252  ~ 25.1.1.254 "the same as your tutorials"
TOM: How can you "Select the LAN" and have a static address pool?
--------------------

_____________________________

Thomas W Shinder, M.D.

(in reply to habibalby)
Post #: 7
RE: Discussion about Branch Office Connectivity Site to... - 1.Feb.2007 10:59:55 AM   
habibalby

 

Posts: 144
Joined: 20.May2006
From: Kingdom of Bahrain
Status: offline
Hi Tom,

quote:


nternal Address of ISA Server is 25.1.1.0 ~ 25.1.1.255, actually i have selected the LAN instead of typing the Addresses.
TOM: What do you mean by "I have selected the LAN instead of typing the Addresses" mean?


I mean during the Setup of Branch office ISA Firewall, when it asks for Internal LAN Address, I have selected the LAN Interface.
quote:


Static Address pool. 25.1.1.252  ~ 25.1.1.254 "the same as your tutorials"
TOM: How can you "Select the LAN" and have a static address pool?


The static Address Pool is creared by the Answer file when I created it.

What to do then during the setup of ISA Firewall in Branch office installation when it asks for the Internal Network Address ?  Do I have to type a range or selecting the  Internal Interface itself ?

Events:
14147
------------------------------------

ISA Server detected routes through the network adapter WAN that do not correlate with the network to which this network adapter belongs. When networks are configured correctly, the IP address ranges included in each array-level network must include all IP addresses that are routable through its network adapters according to their routing tables. Otherwise valid packets may be dropped as spoofed. The following ranges are included in the network's IP address ranges but are not routable through any of the network's adapters: 25.255.255.255-25.255.255.255,169.254.119.194-169.254.119.194;. Note that this event may be generated once after you add a route, create a remote site network, or configure Network Load Balancing and may be safely ignored if it does not re-occur.
-----------------------------------
20111

A Demand Dial connection to the remote interface Branch on port VPN3-4 was successfully initiated but failed to complete successfully because of the following error: The L2TP connection attempt failed because security negotiation timed out.
-------------------------------------------------------------------------

21265

The routing table for the network adapter Branch includes IP address ranges that are not defined in the array-level network Branch, to which it is bound. As a result, packets arriving at this network adapter from the IP address ranges listed below or sent to these IP address ranges via this network adapter will be dropped as spoofed. To resolve this issue, add the missing IP address ranges to the array network. The following IP address ranges will be dropped as spoofed: External:169.254.119.194-169.254.119.194;

BR,

Habibalby

< Message edited by habibalby -- 2.Feb.2007 2:32:24 PM >

(in reply to tshinder)
Post #: 8
RE: Discussion about Branch Office Connectivity Site to... - 6.Aug.2009 7:07:23 AM   
JonMoore87

 

Posts: 16
Joined: 6.Aug.2009
Status: offline
Wow, this is a great article! Thanks!

Once the site to site VPN is up could I then follow this article;

http://www.isaserver.org/tutorials/gatewaytogatewaywithdc.html

and make my ISA a domain controller if it's ISA 2006?
Or would I just run the create VPN site-to-site connection wizard and then follow the DC article?
Also, What is CSS and do I need it as this would mean buying enterprise edition?

Thanks,

Jonathon

< Message edited by JonMoore87 -- 6.Aug.2009 8:01:07 AM >

(in reply to habibalby)
Post #: 9
RE: Discussion about Branch Office Connectivity Site to... - 6.Aug.2009 9:46:21 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Sure, after the site to site VPN is up, you could make it a DC, but there might be issues with authentication for the branch office in that you'll need to allow LDAP(s) etc. from the clients to the firewall.

In general, this isn't a supported configuration, but if you pound on it longer enough, it should work

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to JonMoore87)
Post #: 10
RE: Discussion about Branch Office Connectivity Site to... - 6.Aug.2009 9:51:00 AM   
JonMoore87

 

Posts: 16
Joined: 6.Aug.2009
Status: offline
Great, I'll purchase a standard ISA 2006 run the wite to site vpn wiz and then make it a dc... ship it off to the new office and I'm sure we'll be away!

thanks Tom!

(in reply to tshinder)
Post #: 11
RE: Discussion about Branch Office Connectivity Site to... - 7.Aug.2009 9:59:42 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
No problem.

Let us know how it works out for you.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to JonMoore87)
Post #: 12

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> VPN >> Discussion about Branch Office Connectivity Site to Site VPN Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts