Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Odd routing problem with site to site vpn

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Branch Office >> Odd routing problem with site to site vpn Page: [1]
Login
Message << Older Topic   Newer Topic >>
Odd routing problem with site to site vpn - 27.Oct.2007 6:59:33 PM   
jsalow

 

Posts: 16
Joined: 19.Feb.2002
From: orange county, ca
Status: offline 		I have 3 isa 2006 arrays- home office and two remote offices. On one of the remote offices I have a site to site vpn that is routing two ip address ranges 10.1.4.0-10.1.4.255 and 10.1.5.0-10.1.5.255. The odd thing is that for some reason it adds one static ip route - 10.1.4.0 with a different mask of 255.255.254.0. It totally ignores the 10.1.5.0 route. If I remove the 10.1.4.0 address range, it correctly adds 10.1.5.0 on 255.255.255.0. If I add the 10.1.4.0 range back, the 10.1.5 disappears again, and the 10.1.4 on 255.255.254.0 shows up. I have another remote office setup exactly the same routing addresses 10.1.6.0 and 10.1.5.0 address ranges - it correctly adds the static routes.

Any ideas? See attached pictures.

settings and routing from troubled branch
http://lakeforestweather.com/route1.jpg
http://lakeforestweather.com/route2.jpg
http://lakeforestweather.com/route3.jpg
settings and routing from branch that works
http://lakeforestweather.com/route4.jpg
http://lakeforestweather.com/route5.jpg
http://lakeforestweather.com/route6.jpg
(the static routes show up in the branch that works whether I add persistent routes or not. If I add persistent routes to the troubled branch, nothing routes)
Post #: 1
RE: Odd routing problem with site to site vpn - 18.Dec.2007 4:00:20 PM   
pwindell

 

Posts: 752
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline 		Delete the Static Routes.  There is no purpose for there to even be any static routes in this case.  Everything is classified as a "directly connected network" in this situation which means that there are no Static Routes or even any Dynamic Routes.

Stay away from the RRAS Admin MMC.   ISA totally "owns" RRAS and anything you mess with in RRAS Admin has the potential to conflict with ISA. ISA will configure RRAS the way it wants it to be automatically.

The Routing Table entries are built automatically based on the Nic configuration.  Verify that the TCP/IP Config on all of the nics is correct,..pay particular attention to the masks,...if they are correct the routing table will be correct.

Sometimes the best thing to do is clear the table and reboot. The table will rebuild on reboot.  You can clear the table with the command "route /f" from a command prompt.


_____________________________

Phillip Windell
www.wandtv.com

(in reply to jsalow)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Branch Office >> Odd routing problem with site to site vpn Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts