RE: Change IP Address of VPN

Hi William,
 
Nope. You can call the 3rd address, but "most of the time" the responses
will come back from the primary IP address. Check out my articles
regarding NLB and VPN over at www.isaserver.org. That's why you could
only use Win2k and WinXP pre-SP1 as VPN clients, because the connecting
IP address and the response IP address was different.
 
Good new. *Maybe* fixed in Win2k SP4. DEFINITELY fixed in Win2003.
 
HTH,
Tom
 
 
Thomas W Shinder
www.isaserver.org/shinder <http://www.isaserver.org/shinder>  
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
<http://tinyurl.com/1llp> 

 

        -----Original Message-----
        From: William Robertson
[mailto:robertson.william@xxxxxxxxxxxxxx] 
        Sent: Wednesday, July 02, 2003 3:41 AM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: Change IP Address of VPN
        
        
        http://www.ISAserver.org
        
        

        Hi Tom

         

        I'm with you on the bottom line of not being able to control the
source address for outbound communications, but what about the reverse,
controlling the inbound address.

         

        For example, if I can get my inbound VPN clients to connect to
the 3rd IP Address, surely all communications will then leave ISA on
this 3rd IP and not the 1st one which is used by all other
communication?

        This should then in principle be a way in which I can "control"
the source address of the VPN connection?

         

        So I have changed the 2 Packet Filter rules to be applied to
this 3rd address, but I'm hoping you can assist in getting RRAS to
accept the connection on this 3rd IP Address because so far all my
efforts have failed.

         

        Cheers

        William R.

         

        -----Original Message-----
        From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
        Sent: 02 July 2003 09:57 AM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: Change IP Address of VPN

         

        http://www.ISAserver.org

        Hi William,

         

        I would not make that assumption because I have no idea how ISA
decides what address to use for the source address for outbound
communications. I once heard a pretty eloquent explanation from Jim
regarding this, but I don't recall the details, and I wasn't smart
enough at the time to fully appreciate what the issue was. However, I'm
a bottom line kind of guy and I did appreciate the fact that you can not
control the source address for any particuarl outbound packet. 

         

        And that's what counts, right?

         

        HTH,

        Tom

         

Other related posts: