ISA 2004 VPN to DLink 804HV (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> VPN



Message


zodiaczz -> ISA 2004 VPN to DLink 804HV (17.Nov.2005 4:11:55 AM)

I am trying to do the following
http://www.isaserver.org/articles/2004isadlink.html

Setting up a remote VPN site to site connection between the two locations with this D-Link device.

I have set up everything I can think of but obviously I am missing something.
1. Set up the IPSEC Tunnel mode
2. Put in my local and remote endpoints
3. Set my security IKE Group settings etc
4. Allowed Access through the firewall policy to the remote subnet into my local subnet and vice versa
5. Used a route relationship between the two devices not NAT

When I look at the Dlink it says that the IKE VPN is established
When I go into the network monitor on ISA I see the remote connection and IPSEC and that it is enabled.
When I go to the IP SEC Monitor MMC tool I can see it there.

However I have these problems
1. I cannot access any machines from either side
2. IF I ping the remote subnet from my ISA Server I got Negoitiating Security Policy
3. If I ping from the remote side I just get a time out
4.  However if I ping the internal IP of the remote Dlink from anotehr server on the local LAN I get a response? however if I try to ping a computer behind the DLINK it times out.

Suggestions?

Would one have to open up the IPSEC ports separately as well? such as port 500

Any ideas I am just about out




tshinder -> RE: ISA 2004 VPN to DLink 804HV (18.Nov.2005 2:44:46 PM)

Hi Zodiac,

I've pinged Tiago and hopefully he'll be able to help you out.

Thanks!
Tom




zodiaczz -> RE: ISA 2004 VPN to DLink 804HV (18.Nov.2005 3:04:56 PM)

Hey Thanks Tom,

I am pretty well out of ideas, I will keep my eye on the forum.

Thanks





tiagoaviz -> RE: ISA 2004 VPN to DLink 804HV (21.Nov.2005 12:40:10 PM)

Hi there Zodiac,

Well, looks like a IPSec configuration problem. Most likely it isn't matching. Can you post the D-link Logs or send them to me at tiago@softsell.com.br ? Also explain your IP addressing, network masks and Internet connection type on both sides.

Is the security audir policy indicating an IPSec error on the ISA Server end? Check out your event viewer when you try to ping a machine on the d-link subnet.

Do IPSec and IKE policies match on both sides? Do you have more than one subnet on your "internal" network object on ISA 2004? My article explains how these policies must be configured on both sides in order to work.




Page: [1]