Welcome to ISAserver.org

Negotiating IP Security from SBS to Remote VPN

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> VPN >> Negotiating IP Security from SBS to Remote VPN

Page: [1]

Message

<< Older Topic Newer Topic >>

Negotiating IP Security from SBS to Remote VPN - 15.Apr.2008 6:12:21 PM

shepcon

Posts: 17
Joined: 24.Nov.2003
Status: offline

I'm running SBS 2003 Premium with ISA 2004 and twin NICs. I have setup a
remote office and DC that's connected back to SBS via a hardware VPN
appliance and valid/static IP addresses. I'm using IPsec and the tunnel is
working fine from both ends. I have setup all of the necessary rules,
networks (route) and VPN in ISA 2004. I'm allowing all protocols to pass
between the two networks. SBS is using 192.168.16.* and the remote subnet
is 192.168.1.*.

The problem I'm having is that I can ping successfully from the remote
server and network back to my SBS network in my main office. I can also
ping from my internal PCs on my SBS network out to the remote office via the
VPN. However, when I attempt to ping from SBS to the remote site, I get a
constant "negotiating IP security" and never get replies.

I have done quite a bit of research on the ISA side and I've seen others
with the same issue, but never an answer. I have seen Javier's SBS
Worderland's suggestion about "keeping ISA in the mix" but his diagram would
cause me to change too much and impact my VOIP setup. Anyway, on my ISA
rules, I have created two sets that allow all traffic to pass from Internal
to my Branch Office VPN network and the other way around. I do understand
that Localhost (SBS) is not part of Internal, but even when I add Localhost
to the rules, I still cannot ping. My only though was to add another NIC to
my SBS server and give it 192.168.16.3, which would be part of Internal and use this in my rules.

Any thoughts or suggestions would be appreciated.

Ken