• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Discussion on Hub and Spoke VPN Network article

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> VPN >> Discussion on Hub and Spoke VPN Network article Page: [1]
Login
Message << Older Topic   Newer Topic >>
Discussion on Hub and Spoke VPN Network article - 15.Apr.2003 10:59:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
This thread is on the VPN Hub and Spoke network article at http://www.isaserver.org/tutorials/hubandspokevpn.html

Thanks!
Tom

[ April 15, 2003, 11:01 PM: Message edited by: tshinder ]
Post #: 1
RE: Discussion on Hub and Spoke VPN Network article - 16.Apr.2003 7:22:00 PM   
ThiefX

 

Posts: 10
Joined: 14.Apr.2003
From: Canada
Status: offline
Tom,

Have you tried setting up a web publishing rule on the Hub (Seattle) ISA Server for a web server that is on a spoke network (Dallas let's say)?

This is basically a cross-post... See my other topic in this same forum "Publish web on remote network"

(in reply to tshinder)
Post #: 2
RE: Discussion on Hub and Spoke VPN Network article - 16.Apr.2003 7:30:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Theif,

Web Publishing has no interaction at all with VPN. Setting up the hub and spoke VPN will have no effect, good or bad, on Web Publishing Rules.

HTH,
Tom

(in reply to tshinder)
Post #: 3
RE: Discussion on Hub and Spoke VPN Network article - 22.Apr.2003 3:23:00 PM   
Darren Thompson

 

Posts: 146
Joined: 21.May2002
From: Perth, Western Australia
Status: offline
This is a duplicate post - sorry, didn't notice this thread till after (duh?!?) and thought I should probably keep this thread together (not that there is acyually any great insights, or significance to this post [Roll Eyes] )

---snip---snip---
I'm in the throws of setting up a similar scenario in a lab at the moment (my "new domain from scratch" has extended to include 2 remote sites (one with static IP DSL connection, the other dynamic IP DSL connection - thus my other earlier post looking for PPPoE server software))

It would appear that I have plenty of time in which to get it sorted.

I'll give your tute a once over and let you know of my experiences - any additional tips from the world weary ?

Darren
---snip---snip---

(in reply to tshinder)
Post #: 4
RE: Discussion on Hub and Spoke VPN Network article - 15.Jul.2003 5:07:00 PM   
dan.thompson

 

Posts: 1
Joined: 15.Jul.2003
Status: offline
I followed the directions in your how-to articles, and I keep coming up with the same problem: my servers can talk to each other just fine and even pull DNS just fine. However, when another system on the remote (or local for that matter) tries to access a computer on the local network it cannot. I did a trace route from a work station and it finds the ISA server, which then forwards it to the other ISA server and then it stops. All computers are members of the same domain (I've also tried it with them not being members of the same domain) and I've tried using accounts that are common on all systems, but I keep getting the same result. Is there something else I need to do to the workstations to make them see the other networks?

Your help is much appreciated.. and thanks for the thorough articles!

dan

[ August 12, 2003, 05:24 PM: Message edited by: dan.thompson ]

(in reply to tshinder)
Post #: 5
RE: Discussion on Hub and Spoke VPN Network article - 16.Jul.2003 3:16:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by Darren Thompson:
This is a duplicate post - sorry, didn't notice this thread till after (duh?!?) and thought I should probably keep this thread together (not that there is acyually any great insights, or significance to this post [Roll Eyes] )

---snip---snip---
I'm in the throws of setting up a similar scenario in a lab at the moment (my "new domain from scratch" has extended to include 2 remote sites (one with static IP DSL connection, the other dynamic IP DSL connection - thus my other earlier post looking for PPPoE server software))

It would appear that I have plenty of time in which to get it sorted.

I'll give your tute a once over and let you know of my experiences - any additional tips from the world weary ?

Darren
---snip---snip---

Hi Darren,

He's an easier way to try. Have the external ISA firewall create the gateay to gateway link to the remote office. Then have the internal ISA firewall create the gateway to gateway link to the remote office *inside* that tunnel.

Pretty clever, eh?

[Big Grin]

HTH,
Tom

(in reply to tshinder)
Post #: 6
RE: Discussion on Hub and Spoke VPN Network article - 7.Aug.2003 6:25:00 PM   
palberini

 

Posts: 12
Joined: 10.Jul.2003
From: ct
Status: offline
This is what I have:
1 HUB ISA server(P4, 1.8MHz, 1GBDDR)and 5 ISA/file server remotes (all 2K's sp4, integrated mode, ISA SP1 and FP). Only the HUB dials out to remotes. Connections are permanent. Here what happens:

- CPU utilization on the HUB gets very high and spikes to 80-100%, if I disconnect all remotes, it goes down to 5%. I am going to change and have the remotes to dial-in and see if I get a lower utilization on the HUB.

- Network browsing (AD, DNS, WINS are on an PDC on the HUB side, and no BDC on remotes) is very slow, and shows HUB and some remotes on the HUB side. Remotes show only local computers, and sometimes also computers on the HUB side, but no other remotes. I can see computers and map drives if I type the name.

- File transfer is very slow. I can copy single files, but if I try to copy a folder, it starts and after a while I get an error: "The specified network name is no longer available".

- Sometimes the HUB stops with a BOD and "BAD_POOL_CALLER". I searched the Knowledge Base but got no answers.

Any ideas? [Confused]

(in reply to tshinder)
Post #: 7
RE: Discussion on Hub and Spoke VPN Network article - 8.Aug.2003 5:16:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi P,

What kind of connections are you using?

What is the network utilization on the WAN link at the Hub?

What processes are generating the high processor utilization?

Move name servers and authentication services to the branches if you can. Then set up a reasonable replication schedule to optimize WAN usage.

HTH,
Tom

(in reply to tshinder)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> VPN >> Discussion on Hub and Spoke VPN Network article Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts