Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Zyxel zywall 35 to zywall 5 vpn with isa 2004 at main office

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> VPN >> Zyxel zywall 35 to zywall 5 vpn with isa 2004 at main office Page: [1]
Login
Message << Older Topic   Newer Topic >>
Zyxel zywall 35 to zywall 5 vpn with isa 2004 at main o... - 30.Jul.2008 10:12:50 AM   
sam47

 

Posts: 1
Joined: 30.Jul.2008
Status: offline 		Hei

I have problem to get my vpn tunnel to work.
My vpn is between Zyxel Zywall 35 at main office and zyxell zywall 5 at branch office.
In main office I have sbs 2003 and isa 2004 as dc behind zywall35.
Sbs/isa internal 192.168.2.1/255.255.255.0
Sbs external 192.168.0.100, Zywall 35. 192.168.0.1 with a static public ip adrdess 217.x.x.x.
Zywall5 in branch office with ip 192.168.1.1/255.255.255, and a static public address.
Lan in branch office is 192.168.1.0/255.255.255.0, with tre pc no server.

Configuration:
zywall 35:
My address : 217.x.x.x (zywall35 public)
Primary remote gateway: 80.x.x.x (zywall 5 public)
Authentication key: Certificate (exported to the other router).
Peer ID type: E-mail ( copying the auto.gen.cert to the other router)

Local network:
192.168.2.0/255.255.255.0
Remote network:
192.168.1.0/255.255.255.0

IKE Proposal:
Negotiation moda: Main
Encryption alg.: 3DES
Authentication alg.: SHA1
SA life time: 28800 sec.
Key Group DH1
IPSec Proposal:
Encapsulation mode: Tunnel
Active Protocol: ESP
Encryption alg.: 3DES
Authentication alg.: SHA1
SA life time: 28800 sec.
Key Group DH1

ywall 5: (branch office with tre pc no server)
My address : 80.x.x.x (zywall35 public)
Primary remote gatway: 217.x.x.x (zywall 5 public)
Authentication key: Certificate (exported to the other router).
Peer ID type: E-mail ( copying the auto.gen.cert to the other router)

Local network:
192.168.1.0/255.255.255.0
Remote network:
192.168.2.0/255.255.255.0

IKE Proposal:
Negotiation moda: Main
Encryption alg.: 3DES
Authentication alg.: SHA1
SA life time: 28800 sec.
Key Group DH1
IPSec Proposal:
Encapsulation mode: Tunnel
Active Protocol: ESP
Encryption alg.: 3DES
Authentication alg.: SHA1
SA life time: 28800 sec.
Key Group DH1

The tunnel between the routers i working, how can I configure ISA 2004 to let the computers from the branch office in the domain and fetch resources?

ISA logging shows a lot of denied connection, Protocol RIP, Dest. port 520, dest. address 192.168.0.255, client ip 192.168.0.1, external from default rule.

I appreciate any help!

Thanks

< Message edited by sam47 -- 1.Aug.2008 9:10:30 AM >
Post #: 1

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> VPN >> Zyxel zywall 35 to zywall 5 vpn with isa 2004 at main office Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts