Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Present our server as another network for vpn enpoint tunnel
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Present our server as another network for vpn enpoint t... - 31.Jul.2008 1:10:57 PM
|
|
|
microwebmark
Posts: 2
Joined: 31.Jul.2008
Status: offline
|
Hoping someone can help with this:
Have a ISA with an external Nic with a public IP...
Internal IP is 10.1.1.1
We have setup a Endpoint VPN with a hostpital and it is partially working as far as the enpoint IP's are concerned. Went through the steps to do this using the guide from http://www.isaserver.org/tutorials/2004ipsectunnelmode.html and this part is working. However these are the instructions that we get from the hospital to setup the vpn:
The IP address of the terminal server you will connect to is 10.107.9.57 (This will be configured in your tunnel as the remote network)
You will need to present yourself as 172.19.36.X/24 To accomplish this you may natively assign these IP's to end devices. Another, more complicated way, is to NAT all devices to the IP range above.
The only other info I will need from you is your Endpoint IP address to configure my end of the tunnel.
Our ISA also does DHCP and DNS. So how to do I present our internal network as the 172.19.36.x/24 network. Our internal network is 10.1.1.0 and it will be a big deal to change our IP scheme internally to a 172 network.
My Question is. What would be the best way to get this done? Install another nic card in the ISA and assign it a 172 number? Can I put in a rule whereas before some of the 10.1.1.0 clients go through the tunnel they can route to the 17.19.36.0 network? Or maybe should I setup the clients up with a vpn client and then connect to their terminal server at the 10.107.9.57 address? I guess they have a lot of 10.0.0.0 addresses taken up so they have to use the 172? I am at a big loss here if someone can help.. Thanks
Mark Williams
_____________________________
Hello,
I am a Small Business Network Admin, Build Servers, Workstations, I work too much.
|
|
|
|
|
RE: Present our server as another network for vpn enpoi... - 1.Aug.2008 10:25:22 AM
|
|
|
justmee
Posts: 505
Joined: 14.May2007
Status: offline
|
Hi Mark,
First we need to clarify some stuff:
How many internal clients will connect to the remote server 10.107.9.57 ?
If they are only a few, the simplest solution will be to add another NIC on ISA, and put them on that net 172.19.36.X/24.
If there are many of them, it appears that you are screwed.
Solution that will probably not work: put a router between ISA and your internal net, have the router do the NAT tricks. If you have a spare box, you could do that with a Linux box.
Why it might not work: hard to tell ISA that the local subnet of the site-to-site connection is not its entire Internal Network(10.1.1.0/24+172.19.36.0/24). Never figured out why this was imposed by default.
You might try this in order to fix that:
http://forums.isaserver.org/fb.aspx?m=2002058945
Or put a device in front of ISA to do the NAT tricks and to take care of the site-to-site VPN. Then change on ISA the network relationship between Internal and External from NAT to route.
Regards!
|
|
|
|
|
RE: Present our server as another network for vpn enpoi... - 3.Aug.2008 5:29:08 PM
|
|
|
microwebmark
Posts: 2
Joined: 31.Jul.2008
Status: offline
|
Thanks, We decided to change our internal network to the 172 numbers..
The Tunnel is now all the way up but I am having some kind of routing issues on ISA side of the tunnel. He opened Ping for me but when I try to ping his server it gives me a negotiating IP security. He says the problem is all on my side. I have checked and double checked all the networks and rules I put in based on the site above, and have read different solutions to my problem, but can't seem to solve it.
I did a query when I try to do a tracert and it gives me this A packet generated on the local host was rejected because its source IP address is assigned to one network adapter and its destination IP address is reachable through another network adapter. And it offers no rule:
The query says it is letting ping through, however it just comes back negotiating IP Security.. We are just trying to do an Terminal Services Sessions under this VPN, but I can't do that either.. Any ideas on this one?
thanks
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
