• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Site-to-site VPN from ISA 2000 to ISA 2004 problem

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> Installation >> Site-to-site VPN from ISA 2000 to ISA 2004 problem Page: [1]
Login
Message << Older Topic   Newer Topic >>
Site-to-site VPN from ISA 2000 to ISA 2004 problem - 18.Aug.2009 8:55:59 AM   
BobFall

 

Posts: 1
Joined: 17.Aug.2009
Status: offline
Hi
I have recently installed a Server 2000 SP4 box with ISA 2000 in a branch office to implement a site-to-site VPN scenario to our main office’s SBS 2003 Premium SP2 with ISA 2004, following Dr Thomas Shinder’s article at http://www.isaserver.org/articles/2004s2s2000.html. This article is in fact what prompted me initially to go with this setup since we had an unused Server 2000 box gathering dust in the store room.

This has been a longer journey than I expected and I have some unresolved problems which I just can’t find the answers to. I am hoping that the experts here can shed light on a couple of problems which are outstanding in this implementation.

At present, the five client PCs at the branch office make their own VPN connection to the SBS2K3 at the main office to log on to the domain.

With the new configuration at the branch office, the W2K/ISA2000’s external NIC is connected to the internet router at the edge of the LAN, and the internal NIC serves the main LAN clients through a switch.

Problem 1: Tom’s document suggests that both ISAs at each end should be able to initiate connections. In my case, the SBS2K3/ISA2004 box at the main office always makes the connection first. And when this happens, W2K box resources of the branch office become accessible from the SBS2K3 box of the main office but not other way round. In fact the branch W2K box is not even aware that there is a connection. Also, the branch W2K will not be able to establish a connection even if forced manually, with the error message ‘The remote computer cannot accept any more connections’. This I believe is because the connection is already on from the main office to the branch W2K box.

To combat this problem, I removed the option ‘Local machine can initiate connection’ in the SBS2K3 box at the main office. So the branch W2K box now gets the chance to make the connection in its own rather slower time. In this case both boxes can see each other’s resources.

I would like both boxes to be able to initiate connections. Why can’t the W2K box at the branch office see the main office resources when the connection is initiated from the main office box?

Problem 2: On an FAQ page, Tom replied ‘The VPN gateway won't prevent the clients from using the Internet through their local ISA Server’. When the W2K/ISA 2000 box at the branch office initiates a connection to the main office, the internet connection on the W2K box is lost. Resources can still be pinged but the internet connection fails!

Is this a DNS issue? What have I missed in the configuration of the W2k/ISA 2000 box at the branch office?

I thank anyone with comments in advance.
Post #: 1

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> Installation >> Site-to-site VPN from ISA 2000 to ISA 2004 problem Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts