• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

IPSEC Access issues

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> VPN >> IPSEC Access issues Page: [1]
Login
Message << Older Topic   Newer Topic >>
IPSEC Access issues - 14.Mar.2008 8:14:51 PM   
Tombo

 

Posts: 2
Joined: 14.Mar.2008
Status: offline
I have deployed a site-to-site IPSEC VPN using ISA Server 2004 and a D-Link DIR-330.

All appears to be working well.  I can ping devices on either side, from either side.  I can also print to remote printers and log into machines using RDP.  However, I've noticed a few strange things:

1. In the ISA Server Dashboard, there is no mention that a site-to-site VPN exists.  ON the DIR-330 it shows that there is an active tunnel on the VPN Status page.  This leads me to believe that there is still something not quite right???

2. I cannot ping any device on the remote network from the ISA console itself.  I get the 'Negotiating IP Security' message.  Tom's article on troubleshooting IPSEC VPNs didn't really explain what to do if it is an ISA to 3rd Party solution like mine.

3. I also cannot access the remote router's web admin page from any machine on my local network?? Nor can I access a remote printer's web admin page??

4. Last and most important, we use Subversion for source code management and the remote users need to be able to access the repository (which is behind the ISA Server) from the remote site.  However, they cannot.  The weird thing is, I see a connection request when I have logging turned on, but no denial and they just timeout?????

Please, does anyone have any ideas?

-Tom

_____________________________

Thomas A. Riedy
(c) 480-330-4866
(e) tariedy@gmail.com
http://www.tarenterprisesonline.com
Post #: 1
RE: IPSEC Access issues - 22.Mar.2008 9:58:09 PM   
ClintD

 

Posts: 1848
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
1) You'll have to use the IPSec Security Monitor MMC snap-in to see the "pure" IPsec tunnels. Admittedly, it's not very clear about this - I wish it was integrated into the ISA console.

2) The article (I authored it) just basically means if you try to PING from ISA itself, the remote endpoint (the D-Link DIR-330) has to have ISA's external address in the IPSec tunnel parameters. ISA automatically builds a filter stating ISA External IP to Remote Subnet but most likely the D-Link doesn't have a matching filter.

3) Does the router have any filters on what subnet is allowed to access it?

4) You might take a netstat from the Subversion box and see if you see the incoming connection (maybe take a network sniff). Does the Subversion box point to ISA for it's default gateway?

(in reply to Tombo)
Post #: 2
RE: IPSEC Access issues - 25.Mar.2008 3:38:53 PM   
Tombo

 

Posts: 2
Joined: 14.Mar.2008
Status: offline
Thanks Clint.

Found the problem wth the Subversion box.  Had it pointed at a different gateway.  Everything seems to be working now.  Next step deploy some sort of DNS solution at the remote site -- wish there was some easy solution to use alternate DNS servers when resolving hosts that fall within the VPN.

-Tombo  

(in reply to ClintD)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> VPN >> IPSEC Access issues Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts