RE: Change IP Address of VPN

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 2 Jul 2003 01:36:08 -0500

Hi William,
 
OK, I now understand your problem. However, I do not understand the solution :-)
 
The conventional wisdom is that all outbound communcations leave with a source 
address that is the primary address on the external interface of the ISA 
Server. However, as you've discovered, that is not true. That fact is, there is 
no documentation as to what changes the source address to change from the 
primary address to one of the secondary addresses. I suspect its related to 
VPN, but since I really have no idea as to what's going on, it could be 
anything. 
 
Since there is no way to bind a particular service to a particular port for 
outbound access, you can't depend on a particular address of the external 
interface to be used as an identifier by a remote host. You can provide the 
range, but forget out used a single address on the external interface as an 
authenticator.
 
HTH,
Tom
 
 
 
Thomas W Shinder
www.isaserver.org/shinder <http://www.isaserver.org/shinder>  
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp> 

 

        -----Original Message-----
        From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx] 
        Sent: Wednesday, July 02, 2003 1:24 AM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: Change IP Address of VPN
        
        
        http://www.ISAserver.org
        
        

        Hi Tom

         

        Don't know if I understand. Are you asking whether a new resource 
record for my ISA's external IPis created in my DNS once a VPN client has 
connected? If so, I will check shortly...

         

        As for the clients unable to connect, I mentioned earlier that the 
problem is that RRAS seems to secure the external IP Address upon which the VPN 
has been established (well, that's my naïve understanding so far) and this then 
prohibits any other non-VPN connection to then leave ISA on that same IP 
Address. So ISA then decides to route all other traffic (such as my SAP/R3 
traffic) through one of the other 2 IP Addresses, and the reason then why my 
connection fails is because the "receiving" firewall for my SAP/R3 connection 
doesn't permit that specific IP Address. It is configured to only allow the 
first address, and none others.

         

        Now I know that I can fix this by telling my parent company to accept 
my full range of addresses, but I am concerned for future problems arising from 
a similar scenario.

         

        That is why I wish to change the IP Address that VPN clients use to 
connect to my ISA Server (I wish to use the last of the 3 addresses and 
"dedicate" it to VPN connections only) so that all the other (normal) traffic 
goes through the first IP Address, as it currently does, and then all inbound 
VPN's are established on the last IP Address.

         

        Your comments?

         

Other related posts:

• » Change IP Address of VPN
• » RE: Change IP Address of VPN
• » RE: Change IP Address of VPN
• » RE: Change IP Address of VPN
• » RE: Change IP Address of VPN
• » RE: Change IP Address of VPN
• » RE: Change IP Address of VPN
• » RE: Change IP Address of VPN
• » RE: Change IP Address of VPN
• » RE: Change IP Address of VPN
• » RE: Change IP Address of VPN
• » RE: Change IP Address of VPN
• » RE: Change IP Address of VPN
• » RE: Change IP Address of VPN
• » RE: Change IP Address of VPN

1. Home
2. isalist
3. Archive
4. 07-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---