Welcome to ISAserver.org

Site to Site VPN: Adjacant IP ranges

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 Firewall] >> VPN >> Site to Site VPN: Adjacant IP ranges

Page: [1]

Message

<< Older Topic Newer Topic >>

Site to Site VPN: Adjacant IP ranges - 12.Jan.2007 4:04:16 PM

aswatogor

Posts: 14
Joined: 22.Nov.2002
From: toronto
Status: offline

HI,

I am running into issues with tunnels for which I do not want to connect to an entire subnet. As an example: at Site A I want to connect to machines 10.2.40.50~54. Site A's IpSec filters match my local class C (10.7.7.0/255.255.255.0) to each individual machine on their side (10.2.40.50/255.255.255.255).

However, ISA 2006 does not create individual filters (as ISA 2004 must have). ISA creates filters for 10.2.40.50/255.255.255.254 and 10.2.40.52/255.255.255.252.

These obviously do not match the filters at the other side of the tunnel.

ISA may be doing things the 'right' way. But, I am finding the lack of control over the filters frustrating. Does anyone know a way to force ISA into creating filters for individual IPs?

Can I use netsh to manually add my own filters? Will ISA overwrite any filters I create myself?

Thanks!

Post #: 1

Featured Links*

RE: Site to Site VPN: Adjacant IP ranges - 22.Jan.2007 10:57:40 AM

tshinder

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline

Try using L2TP/IPSec. It's routing functionity is much better and its more secure.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to aswatogor)