Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
VPN Address Assignment Issue
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
VPN Address Assignment Issue - 23.Mar.2004 1:33:00 AM
|
|
|
jpierini
Posts: 23
Joined: 28.Jan.2004
From: Argentina
Status: offline
|
hI...I am very confused about address assignment to VPN Users. I had setted succesfully the L2TP tunnel, with both MSCHAP 2 and Certificates through RADIUS Policies. I can set the VPN client's address from RADIUS, RRAS or ISA 2004 Firewall or even from AD user's properties, byt I can not set the default gateway for the clients, so Its can not ping/browse/trace any address from my Internal network. I've been reading all the VPN Deployment Kit and I can not undestand how to set the routing properties to acomplish that.
I think that is very easy and I am a foll, but I can not get it ! Excuse me ! I need help as soon as possible, please !
Thanks in Advance,
Javier
|
|
|
|
|
RE: VPN Address Assignment Issue - 23.Mar.2004 3:51:00 AM
|
|
|
tshinder
Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Javier,
The DHCP server cannot create a default gateway for VPN clients, as the VPN interface should be the default gateway. You can create routes on the ISA firewall to route the requests from the VPN clients to subnets on your internal network.
HTH,
Tom
|
|
|
|
|
RE: VPN Address Assignment Issue - 23.Mar.2004 5:09:00 AM
|
|
|
jpierini
Posts: 23
Joined: 28.Jan.2004
From: Argentina
Status: offline
|
Hi Tom,
I am not using a DHCP server, I am setting the addresses from Routing and Remote Access (a static pool) running on a Windows 2003 server. The offline subnetting is 192.168.11.0/24, and the Internal subnet is 192.168.10.0/24.
Thanks,
Javier
|
|
|
|
|
RE: VPN Address Assignment Issue - 23.Mar.2004 12:08:00 PM
|
|
|
tshinder
Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Javier,
OK, in that case you need to create the routes on the ISA firewall machine. That way the client requests to remote subnets on the Internet network will be routed to the correct location.
HTH,
Tom
|
|
|
|
|
RE: VPN Address Assignment Issue - 23.Mar.2004 12:21:00 PM
|
|
|
jpierini
Posts: 23
Joined: 28.Jan.2004
From: Argentina
Status: offline
|
Hi Tom,
Thanks !
I'll try it !
JAVIER
|
|
|
|
|
RE: VPN Address Assignment Issue - 23.Mar.2004 12:24:00 PM
|
|
|
jpierini
Posts: 23
Joined: 28.Jan.2004
From: Argentina
Status: offline
|
Tom, I'm a little confused about my Internal (dedicated) adapter and the Internal (virtual adapter) creater by the RRAS.
I think there is the routing problem.
Javier
|
|
|
|
|
RE: VPN Address Assignment Issue - 23.Mar.2004 6:19:00 PM
|
|
|
jpierini
Posts: 23
Joined: 28.Jan.2004
From: Argentina
Status: offline
|
Hi,
Could be a problem that I am connecting to RRAS over the Lan and not over dial up?
This is the scenario:
RRAS/ISA Server
Public Address: 192.168.0.51 Default 192.168.0.1
Private Address: 192.168.5.200
Client
Lan Interface: 192.168.0.41 Default 192.168.0.1
When I connect through VPN, the client gets a 192.168.99.x address.
The RRAS assigns itself the 192.168.99.1 address on the virtual interface.
Then I can ping my own address (client) but I can not ping the RRAS (192.168.99.1) address.
The client default gateway remains on 192.168.0.1
And there are the following routes configured:
192.168.99.5 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.99.255 255.255.255.255 192.168.99.5 192.168.99.5 1
IS that correct? I am so confused !
Best wishes,
Javier
|
|
|
|
|
RE: VPN Address Assignment Issue - 24.Mar.2004 2:00:00 AM
|
|
|
tshinder
Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Javier,
Are you using DHCP for the VPN client addresses? Have you created a rule that allows the VPN clients access to the Internal network?
Thanks!
Tom
|
|
|
|
|
RE: VPN Address Assignment Issue - 24.Mar.2004 4:23:00 AM
|
|
|
jpierini
Posts: 23
Joined: 28.Jan.2004
From: Argentina
Status: offline
|
Hi Tom, thanks for your time.
I am assiginig the addresses from a static poll address (RRAS). I.ve tried setting the address from ISA Server, from RADIUS Access Policy properties and even the domain user's properties.
I can set the addresses without any problem, except that I can not get the internal network.
The routing access is configured by default: VPN and VPN Quarantine ROUTE to Internal network.
Why can not I even ping the address picked by the RRAS, which is on the same subnetwork from the client's VPN adapter?
Thanks a lot,
Javier.
|
|
|
|
|
RE: VPN Address Assignment Issue - 24.Mar.2004 10:28:00 AM
|
|
|
tshinder
Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Javier,
Did you create an Access Rule that allows traffic from the VPN clients access to the Internal network?
Thanks!
Tom
|
|
|
|
|
RE: VPN Address Assignment Issue - 24.Mar.2004 5:20:00 PM
|
|
|
jpierini
Posts: 23
Joined: 28.Jan.2004
From: Argentina
Status: offline
|
Hi Tom,
Yes, I did it.
I have an Access Rule: Allow-> from VPN CLients (and Quarantine)-> to Internal-> ALL Protocols-> All Users-> Always-> All Content
Thanks,
Javier
|
|
|
|
|
RE: VPN Address Assignment Issue - 25.Mar.2004 2:51:00 AM
|
|
|
tshinder
Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Javier,
What errors related to RRAS and VPN do you see in the Event viewer?
Thanks!
Tom
|
|
|
|
|
RE: VPN Address Assignment Issue - 25.Mar.2004 7:50:00 PM
|
|
|
jpierini
Posts: 23
Joined: 28.Jan.2004
From: Argentina
Status: offline
|
Hi TOM,
I donŠt have any error message in Event Viewer.
I fix the error. It was a combination of submasking and naming on the internal network.
Nex time I'll use Inside and Outside. The ISA was confused about the Internal (dedicated) adapter and the Internal (Virtual) adapter.
Thanks a lot everybody for your time and your help,
Best wishes,
Javier
|
|
|
|
|
RE: VPN Address Assignment Issue - 26.Mar.2004 1:44:00 AM
|
|
|
tshinder
Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Javier,
Thanks! Good to hear you got it working and thanks for the follow up!
Tom
|
|
|
|
|
RE: VPN Address Assignment Issue - 26.Mar.2004 8:29:00 PM
|
|
|
jpierini
Posts: 23
Joined: 28.Jan.2004
From: Argentina
Status: offline
|
Hi Tom,
Thanks to you and all your team !
Javier
|
|
|
|
|
RE: VPN Address Assignment Issue - 27.Mar.2004 5:53:00 PM
|
|
|
tshinder
Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Javier,
You bet! Thanks for sharing with us your expereinces. It helps us all learn about this new product!
Tom
|
|
|
|
|
RE: VPN Address Assignment Issue - 7.Apr.2004 9:25:00 PM
|
|
|
T-BoNe
Posts: 1
Joined: 7.Apr.2004
Status: offline
|
I used a static address pool, I had to add a static route on my route switch to route to the internal interface of the test ISA server. Is your ISA box your primary firewall? If not you will need to add static routes if you don't use DHCP.
|
|
|
|
|
RE: VPN Address Assignment Issue - 9.Apr.2004 4:51:00 AM
|
|
|
tshinder
Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi T,
Where would you add this route and why? Are you talking about an upstream route, or routing table entries on the Internal network so that internal hosts are aware of the route to the VPN clients network?
Thanks!
Tom
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
