Hi I have recently installed a Server 2000 SP4 box with ISA 2000 in a branch office to implement a site-to-site VPN scenario to our main office’s SBS 2003 Premium SP2 with ISA 2004, following Dr Thomas Shinder’s article at http://www.isaserver.org/articles/2004s2s2000.html. This article is in fact what prompted me initially to go with this setup since we had an unused Server 2000 box gathering dust in the store room.
This has been a longer journey than I expected and I have some unresolved problems which I just can’t find the answers to. I am hoping that the experts here can shed light on a couple of problems which are outstanding in this implementation.
At present, the five client PCs at the branch office make their own VPN connection to the SBS2K3 at the main office to log on to the domain.
With the new configuration at the branch office, the W2K/ISA2000’s external NIC is connected to the internet router at the edge of the LAN, and the internal NIC serves the main LAN clients through a switch.
Problem 1: Tom’s document suggests that both ISAs at each end should be able to initiate connections. In my case, the SBS2K3/ISA2004 box at the main office always makes the connection first. And when this happens, W2K box resources of the branch office become accessible from the SBS2K3 box of the main office but not other way round. In fact the branch W2K box is not even aware that there is a connection. Also, the branch W2K will not be able to establish a connection even if forced manually, with the error message ‘The remote computer cannot accept any more connections’. This I believe is because the connection is already on from the main office to the branch W2K box.
To combat this problem, I removed the option ‘Local machine can initiate connection’ in the SBS2K3 box at the main office. So the branch W2K box now gets the chance to make the connection in its own rather slower time. In this case both boxes can see each other’s resources.
I would like both boxes to be able to initiate connections. Why can’t the W2K box at the branch office see the main office resources when the connection is initiated from the main office box?
Problem 2: On an FAQ page, Tom replied ‘The VPN gateway won't prevent the clients from using the Internet through their local ISA Server’. When the W2K/ISA 2000 box at the branch office initiates a connection to the main office, the internet connection on the W2K box is lost. Resources can still be pinged but the internet connection fails!
Is this a DNS issue? What have I missed in the configuration of the W2k/ISA 2000 box at the branch office?
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2000 General] >> Installation >> Site-to-site VPN from ISA 2000 to ISA 2004 problem 
Site-to-site VPN from ISA 2000 to ISA 2004 problem - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread