How to set up this VPN satellite link? (Full Version)

All Forums >> [ISA Server 2000 Firewall] >> VPN



Message


bernardo -> How to set up this VPN satellite link? (22.Apr.2003 5:05:00 PM)

HI
I have a dial up connection that I then establish a VPN link over to my ISP to enable the downstream (return path) to travel via satellite.
The satellite receiver card gets installed as an auto-configured LAN card with a auto-configured IP address 169.x

This works fine without ISA. I create a dial up connection and a VPN connection and everything works hunky dorey.

How do I get this to work using ISA?
I have set up ISA to dial on demand via the Dial up entry. This works fine.

My understanding is that I now need to establish the VPN link using RRAS?
I've tried this by setting up a demand dial interface that has the same VPN settings as I know works without ISA. I right click and connect and ISA even shows it as connected.
However it seems that all the traffic coming down the satellite is blocked or shown as IP spoof?

Please could someone try and help - I've read every VPN article on isaserver.org and tried everything I could think of and nothing works "[Frown]"

[ April 22, 2003, 10:40 PM: Message edited by: bernardo ]




tshinder -> RE: How to set up this VPN satellite link? (23.Apr.2003 2:05:00 AM)

Hi Bernardo,

Does your ISP support VPN connections?

Thanks!
Tom




zzz343 -> RE: How to set up this VPN satellite link? (23.Apr.2003 9:06:00 AM)

Hi Bernardo,

Include satellite card ip in LAT.
Which company 's downlaod vpn connection are you using ?




bernardo -> RE: How to set up this VPN satellite link? (23.Apr.2003 10:18:00 AM)

Hi
Yes my ISP does support VPN connections. As I mentioned this all works fine if I disable ISA and do it using dial up connections and a VPN connection under Windows.
Can someone confirm that the only way to do this is to:
1) get ISA to dial using my modem and a dial-up entry
2) then use RRAS and manually setup a demand dial permanent VPN network interface in RRAS
3) create a route in RRAS of 0.0.0.0 that goes out through the modem?
4) enable IP routing in ISA packet filters

I'm not so sure about putting the satellite NIC private address in my LAT as ALL return traffic is going to come down that path...if I put it in my LAT would that be the same as putting any external NIC in my LAT?

In my ISA FW log I keep getting these entries:
2003-04-19 10:22:11 196.38.110.1 168.210.91.119 Udp 53 7324 Spoof 169.254.215.108
2003-04-19 10:23:19 169.254.215.108 255.255.255.255 Udp 7327 38293 BLOCKED 169.254.215.108
2003-04-19 10:23:26 155.239.136.246 24.206.132.196 Tcp 445 3005 BLOCKED Dialout
2003-04-22 12:26:43 210.212.240.254 168.210.91.87 Tcp 1424 80 BLOCKED 169.254.215.108
2003-04-22 20:45:20 0.0.0.0 255.255.255.255 Udp 68 67 BLOCKED 169.254.215.108
where 169.254.215.108 is the auoto-configured IP of the satellite NIC, 10.8.10.11 is an internal SNAT client and 155.239.136.246 is my dial up adaptor?

Thanks in advance
Bernard




rogozinskiy -> RE: How to set up this VPN satellite link? (16.Jul.2004 9:20:00 AM)

http://support.microsoft.com/?id=284811

http://www.tacteam.net/isaserverorg/vpnkitbeta2/outboundnat-t.htm




Page: [1]