Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Discussion about Branch Office Connectivity Site to Site VPN
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: Discussion about Branch Office Connectivity Site to... - 30.Jan.2007 10:11:32 AM
|
|
|
habibalby
Posts: 126
Joined: 20.May2006
From: Kingdom of Bahrain
Status: offline
|
Hi Mr.Thomas,
First of all I would like to thank you for the great Tutorials you are posting in this great forum.
Regading the Branch Office Connectivity, Part 5. After making all the necessary configuration and creating the Answer File. I ran the AppCfgWzd.exe to start the Wizard which is connecting the Branch Office to the Main Office.
All the Process is done fine without any problem including joining the Branch Office ISA Firewall to the Domain. But after restarting the machine, and again Resuming the Wizard, when the Branch ISA Firewall tryes to Switch from it's ows CSS to the Remote CSS which is located in the Main office, the wizard hangs in here.
I have seen the Active Connection on both Machines, Branch ISA Firewall and Main office CSS Machine. Strage things is happening I can see an APIPA Address tryes to connect to the CSS machine.
HMS-CSS01:
Active Connection
quote:
Active Connections
Proto Local Address Foreign Address State
TCP 192.168.1.20:2171 169.254.14.156:6135 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6137 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6140 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6145 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6147 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6171 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6186 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6188 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6191 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6198 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6201 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6206 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6225 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6236 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6243 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6245 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6250 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6258 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6260 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6271 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6276 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6284 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6286 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6294 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6296 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6301 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6304 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6311 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6314 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6316 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6319 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6321 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6329 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6339 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6341 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6356 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6359 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6361 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6369 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6371 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6379 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6381 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6384 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6386 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6389 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6391 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6406 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6421 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6429 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6431 TIME_WAIT
TCP 192.168.1.20:2171 169.254.14.156:6434 ESTABLISHED
TCP 192.168.1.20:2171 169.254.14.156:6436 ESTABLISHED
TCP 192.168.1.20:2171 192.168.1.12:1292 ESTABLISHED
TCP 192.168.1.20:2605 192.168.1.3:1025 ESTABLISHED
TCP 192.168.1.20:3389 192.168.1.33:1782 ESTABLISHED
NCISA01 Branch Office
Active Connection
quote:
Active Connections
Proto Local Address Foreign Address State
TCP 25.1.1.4:2171 25.1.1.4:5591 ESTABLISHE
TCP 25.1.1.4:2171 25.1.1.4:5592 ESTABLISHE
TCP 25.1.1.4:2171 25.1.1.4:5623 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5624 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5628 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5629 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5633 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5634 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5638 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5639 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5643 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5644 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5648 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5649 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5653 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5654 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5658 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5659 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5663 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5664 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5668 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5669 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5673 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5674 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5678 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5679 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5683 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5684 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5688 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5689 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5693 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5694 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5698 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5699 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5703 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5704 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5708 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5709 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5713 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5714 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5718 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5719 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5723 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5724 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5728 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5729 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5733 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5734 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5738 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5739 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5743 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5744 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5748 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5749 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5753 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5754 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5758 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5759 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5763 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5764 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5768 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5769 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5773 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5774 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5778 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5779 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5783 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5784 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5788 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5789 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5793 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5794 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5798 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5799 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5803 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5804 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5808 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5809 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5813 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5814 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5818 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5819 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5823 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5824 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5828 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5829 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5833 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5834 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5838 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5839 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5843 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5844 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5848 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5849 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5853 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5854 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5858 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5859 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5863 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5864 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5868 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5869 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5873 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5874 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5878 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5879 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5883 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5884 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5888 TIME_WAIT
TCP 25.1.1.4:2171 25.1.1.4:5889 TIME_WAIT
TCP 25.1.1.4:5591 25.1.1.4:2171 ESTABLISHE
TCP 25.1.1.4:5592 25.1.1.4:2171 ESTABLISHE
TCP 169.254.14.156:5625 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5630 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5635 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5637 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5640 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5645 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5647 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5650 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5652 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5655 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5657 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5660 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5665 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5667 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5670 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5672 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5675 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5677 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5680 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5685 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5687 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5690 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5692 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5695 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5697 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5700 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5702 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5705 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5707 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5710 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5712 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5715 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5717 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5720 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5722 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5725 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5727 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5730 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5732 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5735 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5737 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5742 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5745 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5747 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5750 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5752 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5755 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5760 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5765 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5767 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5770 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5772 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5775 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5777 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5780 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5785 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5790 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5792 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5795 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5797 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5800 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5805 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5807 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5810 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5812 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5815 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5820 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5822 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5825 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5832 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5835 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5840 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5842 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5845 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5847 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5850 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5855 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5860 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5870 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5872 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5875 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5880 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5882 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5887 192.168.1.20:2171 TIME_WAIT
TCP 169.254.14.156:5892 192.168.1.20:2171 TIME_WAIT
Brahcn office ISA Firewall Events:
21271
21257
21211
14147
I gues the APIPA Address is the one which is creating the problem when the Branch Office ISA Firewall tryes to connect to the CSS Machine @ the Main office, it tryes with the APIPA Address instead of the one of the Static Pool Addresses.
Any Help ?
Thanks,
habibalby
_____________________________
For online help with ISA Server 2004 & 2006 SE or EE. Please call on +973-39228431
|
|
|
|
|
RE: Discussion about Branch Office Connectivity Site to... - 30.Jan.2007 10:37:08 AM
|
|
|
tshinder
Posts: 46637
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Are the autonet addresses coming from the branch office?
Check the Event Viewer to see why this is happening. You should have a static address pool or use DHCP at the branch office, depending on what resources you have available.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
MVP -- ISA Firewalls
|
|
|
|
|
RE: Discussion about Branch Office Connectivity Site to... - 31.Jan.2007 12:21:55 AM
|
|
|
habibalby
Posts: 126
Joined: 20.May2006
From: Kingdom of Bahrain
Status: offline
|
Hi Mr.Thomas,
one of the main event i beleive is this:
quote:
ISA Server Detected Routes Through Network Adapter Adapter_Name That Do Not Correlate with the Network Element to Which This Adapter Belongs
Becuase when the connection trys to be established from Branch to the Main office, and ISA Firewall in the Branch office trys to conntact CSS Machine @ the main office, in the main office Active Connection are the Autonet Address.
I have followed the same as your instruction given, but the only differents are the IP Addresses,
Public IP's: 10.90.8.x /24
Main office LAN: 192.168.1.x/24
Branch office LAN: 25.1.1.x/24
DC is located @ the branch also which is reprsenting the other site in the Active Directory Site and Services.
What is the idea of deplying DHCP Server @ the Branch office? what will be the configurations?
Thanks,
Habibalby
_____________________________
For online help with ISA Server 2004 & 2006 SE or EE. Please call on +973-39228431
|
|
|
|
|
RE: Discussion about Branch Office Connectivity Site to... - 31.Jan.2007 11:17:00 AM
|
|
|
tshinder
Posts: 46637
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Habibalby,
A DHCP server at the branch office is not required, but it might help explain why things aren't working.
What addresses are you using in the branch office?
What addresses are you assinging to the branch office static address pool?
Tom
_____________________________
Thomas W Shinder, M.D.
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
MVP -- ISA Firewalls
|
|
|
|
|
RE: Discussion about Branch Office Connectivity Site to... - 1.Feb.2007 3:39:19 AM
|
|
|
habibalby
Posts: 126
Joined: 20.May2006
From: Kingdom of Bahrain
Status: offline
|
HI Thomas,
Branch Office Addresses: 25.1.1.0 /24
NCDC01 25.1.1.2
NCISA01 25.1.1.4
Main office Addresses: 192.168.1.0/24
HMSISA01 1921.168.1.12
HMSDC01 1921.168.1.3
HMSDC02 1921.168.1.4
HMC-CSS01 192.168.1.20
----------------------------
Branch office DC is DNS integrated and prefered DNS is pointing to itself and secondary to the Main office 192.168.1.3
ISA Firewall in Branch office, LAN Nic DNS is pointint to 25.1.1.2 and secondary to 192.168.1.3
---------------------------------
Internal Address of ISA Server is 25.1.1.0 ~ 25.1.1.255, actually i have selected the LAN instead of typing the Addresses.
Static Address pool. 25.1.1.252 ~ 25.1.1.254 "the same as your tutorials"
--------------------
I think, the problem is from the Static Address Pool when it tryes to establish a connection to the main office, instead of using the address assigened, it automatically assigend an APIPA address.
Any though?
BR,
habibalby
_____________________________
For online help with ISA Server 2004 & 2006 SE or EE. Please call on +973-39228431
|
|
|
|
|
RE: Discussion about Branch Office Connectivity Site to... - 1.Feb.2007 10:54:08 AM
|
|
|
tshinder
Posts: 46637
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Branch office DC is DNS integrated and prefered DNS is pointing to itself and secondary to the Main office 192.168.1.3
ISA Firewall in Branch office, LAN Nic DNS is pointint to 25.1.1.2 and secondary to 192.168.1.3
TOM: Remove the secondary DNS server, it's not required and could create real problems for branch office users in certain circrumstances.
---------------------------------
Internal Address of ISA Server is 25.1.1.0 ~ 25.1.1.255, actually i have selected the LAN instead of typing the Addresses.
TOM: What do you mean by "I have selected the LAN instead of typing the Addresses" mean?
Static Address pool. 25.1.1.252 ~ 25.1.1.254 "the same as your tutorials"
TOM: How can you "Select the LAN" and have a static address pool?
--------------------
_____________________________
Thomas W Shinder, M.D.
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
MVP -- ISA Firewalls
|
|
|
|
|
RE: Discussion about Branch Office Connectivity Site to... - 1.Feb.2007 10:59:55 AM
|
|
|
habibalby
Posts: 126
Joined: 20.May2006
From: Kingdom of Bahrain
Status: offline
|
Hi Tom,
quote:
nternal Address of ISA Server is 25.1.1.0 ~ 25.1.1.255, actually i have selected the LAN instead of typing the Addresses.
TOM: What do you mean by "I have selected the LAN instead of typing the Addresses" mean?
I mean during the Setup of Branch office ISA Firewall, when it asks for Internal LAN Address, I have selected the LAN Interface.
quote:
Static Address pool. 25.1.1.252 ~ 25.1.1.254 "the same as your tutorials"
TOM: How can you "Select the LAN" and have a static address pool?
The static Address Pool is creared by the Answer file when I created it.
What to do then during the setup of ISA Firewall in Branch office installation when it asks for the Internal Network Address ? Do I have to type a range or selecting the Internal Interface itself ?
Events:
14147
------------------------------------
ISA Server detected routes through the network adapter WAN that do not correlate with the network to which this network adapter belongs. When networks are configured correctly, the IP address ranges included in each array-level network must include all IP addresses that are routable through its network adapters according to their routing tables. Otherwise valid packets may be dropped as spoofed. The following ranges are included in the network's IP address ranges but are not routable through any of the network's adapters: 25.255.255.255-25.255.255.255,169.254.119.194-169.254.119.194;. Note that this event may be generated once after you add a route, create a remote site network, or configure Network Load Balancing and may be safely ignored if it does not re-occur.
-----------------------------------
20111
A Demand Dial connection to the remote interface Branch on port VPN3-4 was successfully initiated but failed to complete successfully because of the following error: The L2TP connection attempt failed because security negotiation timed out.
-------------------------------------------------------------------------
21265
The routing table for the network adapter Branch includes IP address ranges that are not defined in the array-level network Branch, to which it is bound. As a result, packets arriving at this network adapter from the IP address ranges listed below or sent to these IP address ranges via this network adapter will be dropped as spoofed. To resolve this issue, add the missing IP address ranges to the array network. The following IP address ranges will be dropped as spoofed: External:169.254.119.194-169.254.119.194;
BR,
Habibalby
< Message edited by habibalby -- 2.Feb.2007 2:32:24 PM >
_____________________________
For online help with ISA Server 2004 & 2006 SE or EE. Please call on +973-39228431
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
