Posts: 21
Joined: 13.Mar.2001
From: Clifton Springs, Vic, Australia
Status: offline
Hi,
We have remote sites that don't have a backup link. So, we installed RRAS and PPTP on the remote sites server so it could connect to our VPN server (ISA/RRAS) and then the rest of the remote network connects through the server and they continue to work as if nothing has happened.
There is a little manual labour required if the link goes down but that is OK.
The problem is that after we create the VPN server connection using the "Set Up Local ISA VPN Server" Wizard, our Internet email seems to stop working.
I can only guess, as I am no network wizard, that it is looping looking for the right place to go. A kind of routing problem.
We are using the SMTP filter and IIS SMTP (on a different machine which is published) to forward mail to our Domino server which in turn delivers the mail to the right person.
Why does the mail stop being delivered when the interfaces are created RRAS?
That is indeed very strange that SMTP should stop working after RRAS is started. Could it be that you're running a DDNS and somehow an errant address was added to the DDNS? Check it out.
If that happened to me, I would run network montior on the ISA Server interfaces and also at the mail server. Then I would send an email to the from an external network client, and observe the traffic pattern.
Another thing to check it the packet filter and Firewall service logs. If you turn on Rule#1 and Rule#2 for the Firewall service log, you will see what rule denied the request, if indeed the request was actually denied.
Posts: 21
Joined: 13.Mar.2001
From: Clifton Springs, Vic, Australia
Status: offline
Tom,
I may not have described the situation correctly.
RRAS was already running on our ISA Server and has been running successfully for quite some time.
VPN works fine without any problems.
We have a site that use the 192.168.60.x address range. They connect to us via our FrameRelay WAN.
If that site goes down I want them to connect to us using VPN. We connect a modem to the server and dialup to VPN server and network is back on-line.
If I create a VPN connection using the 'Set Up Local ISA VPN Server' wizard and use the addresses 192.68.60.1 - 192.168.60.254 in the wizard so it can create the Static Routes in RRAS could this cause conflicts?
Even when the site isn't down I wanted to have these interfaces created in RRAS and have them disabled so they could just be enabled if it was necessary to use them.
So problems are arising when the backup VPN interface is enabled or disabled.
Why do you need to add a modem to the ISA Server to accept VPN connections? You should be able to accept VPN connections on the existing internet connection.
OK, that makes sense. But could you possibly use another machine to attach the modem to? I can see how dynamically adding a new interface and routing table entry to the ISA Server (whenever the modem answers a call) might cause some interesting things, esp. when you already have an external interface.
Not that this can't work. I just don't have the facilities to test out this kind of connection, so I can't give you any cogent details on what the problems might be and how to fix them, other than recommending that you separate the services.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2000 Firewall] >> VPN >> VPN Server routing and mail delivery problem 
VPN Server routing and mail delivery problem - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread