I have my vpn setup for client access to internal working great; but i cannot get the computers from internal to talk to any VPN clients. I get the following message and was hoping someone might be able to help.
0xc0040012 FWX_E_NETWORK_RULES_DENIED
I have created new rules to allow all traffic from internal to vpn clients till i have this figured out. My VPN clients are NAT'd to my internal network which is spread over many subnets. I have created on my border router route entries so that I can get back to the ISA box. The VPN client addresses are ranged from 10.70.2.101 - .200 and the ISA logical IP from the VPN network is 10.70.2.100. The weird thing is that I can ping from internal to the 10.70.2.100 interface but when I ping and client I get the above mentioned entry in the log as being denied. Any Ideas???
If the VPN Clients NAT to the Internal network, then they would only be accessible through Server Publishing rules. You;ll probably have to change the network rule to Route in order for this to work correctly.
You can PING the ISA Server's VPN address because ISA has a Network Rule stating that it will route to all networks and the traffic flows correctly.
When 2 network route, the route relationship is mirrored (if A routes to B, it's implied that B routes to A), but on a NAT relationship, if A NATs to B, A is only accessible to B through server publishing rules.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2004 Firewall] >> VPN >> error message 0xc0040012 FWX_E_NETWORK_RULES_DENIED 
error message 0xc0040012 FWX_E_NETWORK_RULES_DENIED - 
RE: error message 0xc0040012 FWX_E_NETWORK_RULES_DENIED - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread