• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

HP DL 320 THAT WONT ALLOW VPN ACEESS TO NETORK RESOURCES BECAUSE OF SUBNET CONFLICTT

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Misc.] >> ISA Firewall Appliances >> HP DL 320 THAT WONT ALLOW VPN ACEESS TO NETORK RESOURCES BECAUSE OF SUBNET CONFLICTT Page: [1]
Login
Message << Older Topic   Newer Topic >>
HP DL 320 THAT WONT ALLOW VPN ACEESS TO NETORK RESOURCE... - 7.Jul.2006 1:31:16 PM   
agona

 

Posts: 2
Joined: 6.Jul.2006
Status: offline
I am a firewall administrator with a charity in London. I have recently decided to upgade our aging ISA 2000 (that was a product of an in-place upgrade of Proxy server) to HP Proliant DL320 VPN appliance with iSA2004. It worked well straight off the box after modifying the policies but only using web proxy client and secure NAT client. All my attempts to use the firewall client were fruitless. I decided to patch the appliance with SP2 and that was when the FWC started working. But now we have got a VPN issue where clients connect to the server without any problems using PPTP but can not access resources on the network. The address assignmens I have tried the default setting using the internal interface and DHCP / Issuing a range of Static IP addresses but no joy. When you run an IPCONFIG you come with correct IP address issued by DHCP but the subnet mask is a broadcast address 255.255.255.255 yet our DHCP issues 255.255.0.0 mask. Any help with this will be appreciated....  
Post #: 1
RE: HP DL 320 THAT WONT ALLOW VPN ACEESS TO NETORK RESO... - 8.Jul.2006 11:07:20 AM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi agona,

did you already check out the VPN deployment kit at http://www.microsoft.com/technet/prodtechnol/isa/2004/technologies/vpn.mspx?

You must make sure you have a proper network relationship between the VPN clients network and the internal network, and that you have the proper access rules too. Also, be aware that the network ID the VPN client is member of must be different than all network ID's they must connect to through the VPN tunnel.

In case you have name resolving problems, it might be useful to check out my article http://www.isaserver.org/tutorials/work-around-VPN-clients-split-DNS.html.

BTW --- the VPN client will have a /32 subnetmask in his ipconfig. That's normal behavior. So, nothing to worry about.

HTH,
Stefaan

(in reply to agona)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Misc.] >> ISA Firewall Appliances >> HP DL 320 THAT WONT ALLOW VPN ACEESS TO NETORK RESOURCES BECAUSE OF SUBNET CONFLICTT Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts