First I would like to say THANK YOU for the vast amount of knowledge you are sharing with the rest of us! Although this is my first forum post, I have used your site as the one stop shop for anything "how-to" with ISA. Again, thanks!!
With regards to setting up the branch office connection between ISA 2006 EE servers. I am trying to do L2TP/IPSEC using local user accounts on both sides versus Domain accounts but one side is NLB array. What would yo put for the domain field in the User authentication for the VPN connection?
When following the article I get to step 8: Remote Authentication page and I cannot enter the full domain name. The ISA 2006 server at the branch site is also a domain controller so I must use a domain account. The domain name box will only allow me to enter 15 characters. Is there a way around this?
Hello Thomas. (ahtung, extremly bad english) I am trying to use static ip in hq and branch, and every time Alerts tab on both sides shows:
Description: ISA Server detected routes through the network adapter hq that do not correlate with the network to which this network adapter belongs. When networks are configured correctly, the IP address ranges included in each array-level network must include all IP addresses that are routable through its network adapters according to their routing tables. Otherwise valid packets may be dropped as spoofed. The following ranges are included in the network's IP address ranges but are not routable through any of the network's adapters: 10.0.0.2-10.0.0.2,10.1.1.3-10.1.1.3;. Note that this event may be generated once after you add a route, create a remote site network, or configure Network Load Balancing and may be safely ignored if it does not re-occur.
hq lan - 192.168.0.0/24 hq vpn pool - 10.0.0.0/24 isp branch lan - 192.168.1.0/24 branch vpn pool - 10.1.1.0/24
I the article you said:
If you use a static address pool, you might want to consider using off-subnet IP addresses. There is no problem with this, but you must make your routing infrastructure aware that in order to reach the network ID used for the VPN clients network that they must forward those connections to the ISA firewall interface from which the connection was received. In a simple dual NIC configuration, this would be the Internal interface.
Can you explain what is that means?
It seems like i have to do something with my rounting tables on every isa server, but what i can't undastand.
< Message edited by RoadRunner2 -- 30.Mar.2010 7:15:18 AM >