• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Site to Site VPN ISA 2004 question

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> VPN >> Site to Site VPN ISA 2004 question Page: [1]
Login
Message << Older Topic   Newer Topic >>
Site to Site VPN ISA 2004 question - 14.Oct.2004 12:40:00 PM   
awj

 

Posts: 107
Joined: 26.Feb.2004
From: UK
Status: offline
After some problems with crashing etc i have almost got the Site to Site VPN working. The servers both connect and i can then ping machines on either subnet from the ISA servers at each end. However the clients at each end can not get through the connection, i have the access rules to allow branch to main - main to branch at each end but still nothing.

PS I used local accounts at each end rather than domain accounts for the dial in connection (using ADSL with routers and static ip's) but can't see why that should be a problem

I also notice that RRAS service defines the internal interface as the ip the VPN picks up rather than ISA's definition of the internal facing network cards segment.

Any ideas on this final part of the puzzle
Post #: 1
RE: Site to Site VPN ISA 2004 question - 14.Oct.2004 3:42:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Al,

Check the RRAS console to confirm that these are not VPN remote access client connections and that the demand-dial interfaces are connected.

HTH,
Tom

(in reply to awj)
Post #: 2
RE: Site to Site VPN ISA 2004 question - 14.Oct.2004 3:57:00 PM   
awj

 

Posts: 107
Joined: 26.Feb.2004
From: UK
Status: offline
Hi Tom

If i look in the receiving end of a RRAS console it shows 1 Remote Access client connection, should this be different for a site to site VPN?

(Both sides have a connection to them)

PS I followed the VPN kit as closely as i could and have tried 3 times from scratch could and can't figure out where i went wrong

Al

[ October 14, 2004, 04:11 PM: Message edited by: AWJ ]

(in reply to awj)
Post #: 3
RE: Site to Site VPN ISA 2004 question - 14.Oct.2004 7:16:00 PM   
awj

 

Posts: 107
Joined: 26.Feb.2004
From: UK
Status: offline
Have looked further and part of the connection appears to be getting classed as a VPN client.

How should this work?

The two networks are 192.168.1.0 and 192.168.2.0 with external interfaces using static ip's

The external ip of the firewall at the other end is used as the gateway ip when configuring the vpn network with the remote networks internal addresses as the network definition.

Once the connection is up it seems to take a couple of DHCP ip addresses one from each internal network range and i am guessing one of these is getting classed as a VPN client any ideas?

Should i be allowing the dhcp server at each remote site to dish out the ip address from it pool to the site to site connection?

(in reply to awj)
Post #: 4
RE: Site to Site VPN ISA 2004 question - 17.Nov.2004 12:13:00 PM   
awj

 

Posts: 107
Joined: 26.Feb.2004
From: UK
Status: offline
Follow up to this in case someone gets same problem.

It was a stupid mistake, i assumed as it connected etc it was a routing problem, it wasn't. Problem was that the connection accounts need to match the remote network name (which i had) i just had them the wrong way round. E.G. Remote network XXX should use dial in account YYY and remote nework YYY should use XXX. Not XXX to XXX as i had. So if you have followed the VPN site to site kit from Microsoft and see similar problems just switch the login names around and that should fix it.

(in reply to awj)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> VPN >> Site to Site VPN ISA 2004 question Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts