RE: Change IP Address of VPN

  • From: "William Robertson" <robertson.william@xxxxxxxxxxxxxx>
  • To: "'[ Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 1 Jul 2003 07:08:32 +0200

Hey Greg, I'm with you on that one, but let me explain my FULL picture.


I have 3 IP Addresses assigned to my External NIC (x.x.x.153, x.x.x.155
and x.x.x.156), and by default all my outbound user WEB & FIREWALL
traffic is on the x.x.x.153 address.


Now when my VPN clients try to connect to the x.x.x.153 address, they
can connect fine and the VPN is as solid as can be, but when the VPN
clients are connected all the outbound FIREWALL traffic "fails" over to
the next available IP Address, x.x.x.155. My presumption is that because
the VPN session "secures" the IP Address on which it was connected and
thus doesn't allow any other FIREWALL traffic out. I haven't yet been
able to prove this with WEB traffic as well, but it is definitely the
case with the FIREWALL traffic.


Anyways, the problem with ISA "failing over" to the next IP is that my
external suppliers have firewalled the x.x.x.153 address and NOT the
x.x.x.155 address. So without getting them to adjust their pool of
allowed addresses from me, I have now dedicated the x.x.x.156 address to
VPN traffic only, but I cannot seem to get my clients to connect to this
new IP Address.


If someone has any more info as to why an inbound VPN connection forces
ISA to use a different outbound IP I'm sure it would also explain a lot.



William R.


-----Original Message-----
From: Greg Mulholland [mailto:greg_mul@xxxxxxxxxxxxxxx] 
Sent: 30 June 2003 16:25 PM
To: [ Discussion List]
Subject: [isalist] RE: Change IP Address of VPN



Don't really see the point. In theory the connection and password policy
should be secure enough to handle anything anyway. The only reason I
would change the ip is if I was doing some major network restructuring.
But that's my opinion.


Greg Mulholland

Tech Services Manager

Harvey Norman

+613 98019333




From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx] 
Sent: Monday, June 30, 2003 11:42 PM
To: [ Discussion List]

Hi there


Is there any opinion out there regarding the changing of the VPN Address
used by the clients?



William R.



-----Original Message-----
From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx] 
Sent: 27 June 2003 15:28 PM
To: [ Discussion List]
Subject: [isalist] Change IP Address of VPN

Hi there


My ISA Server has 3 external IP Addresses bound to the external
interface of my ISA Server. It has now become time for me to change the
IP Address on which my VPN clients connect to my server.


To do this I simply modified the 2 default packet filters:

1)       Allow PPTP protocol packets (client) - PPTP Call

2)       Allow PPTP protocol packets (server) - PPTP Receive


And changed the Local IP Address to the new external IP Address.


This is obviously not all that needs to be done because my VPN still
doesn't work to this new address. Would someone know if there is any
config change required on RRAS in order to permit VPN access via this
new IP Address?



William R.


William Robertson

AST Mpumalanga

Systems House / Consultant: Software

Tel: 013-2472703 / 083 638 0354

   Fax: 013-2462236



Everything in this e-mail and attachments relating to the official 
business of Columbus Stainless is proprietary to the company. It is 
confidential, legally privileged and protected by law. Columbus 
Stainless does not own and endorse any other content. Views and 
opinions are those of the sender unless clearly stated as being that 
of Columbus Stainless. The person addressed in the e-mail is the sole 
authorised recipient.  Please notify the sender immediately if it has 
unintentionally reached you and do not read, disclose or use the 
content in any way. Whilst all reasonable steps are taken to ensure 
the accuracy and integrity of information and data transmitted 
electronically and to preserve the confidentiality thereof, no 
liability or responsibility whatsoever is accepted if information or 
data is,for whatever reason, corrupted or does not reach its intended

Other related posts: