SBS 2003 premium - Hardware-Hardware VPN Configuration (Full Version)

All Forums >> [ISA Server 2004 General ] >> ISA 2004 SBS


MyMy -> SBS 2003 premium - Hardware-Hardware VPN Configuration (27.Apr.2011 10:47:51 PM)

I have a remote office we are attempting to connect using two CISCO RV042 routers. We are trying to do this while keeping ISA as in the following article: from Javier's SBS Wonderland.

The main server is a SBS 2003 premium installation with ISA 2004. On the main site (SBS) we have as the local area network, where is the SBS server and being the main sites router address. DHCP is disabled on this router and a laptop plugged into the routers switch port does pick up an IP from the SBS DHCP pool.

On the remote side we have as the address range with being the remote sites router address. DHCP is enabled in this router and hands out the IP addresses for the remote site. A laptop plugged into the routers switch port obtains an address from the routers DHCP server as expected.

At his point the two laptops can ping each other without a problem across the tunnel. The laptops can also ping client PC's on the other side of the tunnel without a problem.

Unfortunately the remote clients cannot ping the SBS address (they time out). Also the SBS server cannot ping the remote clients and gets a "Negotiating IP Security" error. Part of the instructions from the above site states you need a route command as in my case would be:
route add -p mask

This would imply to me that any request to a 192.168.44.x address should be sent to the address which is the main sites router. Instead I get the "Negotiating IP Security" error. I am confused. I assume that all negotiating and security is the job of the routers. Why the error on the SBS console at all? If I look at the log in the main sites router, the ping from the SBS server to the remote router does not even show up. The "Negotiating IP Security." error is preventing the request from even hitting the router.

I have read many posting regarding the "Negotiating IP Security" error but mainly in the context of doing a VPN through ISA. I would think that in the above setup, ISA should have been totally bypassed by the "route" command. I did try adding the address range to the ISA "Local Network" without success. After two days of reading and trying I am hoping someone can point me in the correct direction.

TIA, Mark

Page: [1]