• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

VPN routing Troubles

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> VPN >> VPN routing Troubles Page: [1]
Login
Message << Older Topic   Newer Topic >>
VPN routing Troubles - 26.Jul.2009 12:21:23 PM   
rbyrne

 

Posts: 3
Joined: 26.Jul.2009
Status: offline
I'm having what appears to be routing issues with ISA 2004. I have a IPSEC/VPN connection to a vendor with a Cisco ASA 5505 because NAT
interesting is required. Here is the set up:

Clients behind VPN Server (192.168.50.XXX, 255.255.255.0) ----Public
IP #1---Cisco ASA 5505---Internal IP (10.8.2.254, 255.255.255.0)

Public IP #2 ----- ISA Server 2004 -----Internal IP (10.8.2.1, 255.255.255.0)

Set a static route with command prompt route -p add 192.168.50.0 mask 255.255.255.0 10.8.2.254 metric 1

Added a Network set for clients behind VPN server RemoteClients
192.168.50.0-192.168.50.255

Added a Network rule Internal to RemoteClients Route source:Internal destination: RemoteClients

Added an Access rule Allow all outbound from Internal to RemoteClients.

With ISA turned off I am able to ping RemoteClients from 10.8.2.1. When ISA is turned on I get destination host unreachable. What am I missing?

Robert
Post #: 1
RE: VPN routing Troubles - 26.Jul.2009 2:58:54 PM   
rbyrne

 

Posts: 3
Joined: 26.Jul.2009
Status: offline
I have resolved this issue. I removed the rules added in ISA. Then added the 192.168.50.0-192.168.50.255 to the internal network.

(in reply to rbyrne)
Post #: 2
RE: VPN routing Troubles - 29.Jul.2009 11:50:16 AM   
rbyrne

 

Posts: 3
Joined: 26.Jul.2009
Status: offline
So I have ping working in both directions. Now RemoteClients are unable to resolve a directory on the default website on the SBS2003 server. Because of the NAT interesting ASA VPN tunnel, remoteclients attempt to connect via http://172.38.112.1/SureScripts1.1/Service1.asmx
The ISA responds with:

12202 The ISA Server denied the specified Uniform Resource Locator (URL)
Rule:.
Source: 192.168.50.83
Destination:10.8.2.1:80
Request:GET/SureScripts1.1/Service1.asmx
User: anonymous

I have set anonymous access to the directory using the domain administrators username and password.

Users on the internal network (10.8.2.XXX) are able to resolve the directory using anonymous access.

Anyone have any idea what's missing?

(in reply to rbyrne)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> VPN >> VPN routing Troubles Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts