RE: Change IP Address of VPN

Hi Tom

 

No, only the "physical" address is registered. The other 2 do not appear
in my NSLOOKUP.

 

Cheers

William R.

 

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Sent: 01 July 2003 07:32 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Change IP Address of VPN

 

http://www.ISAserver.org

Hi William,

 

Is the ISA Server registering its virtual address in the DNS?

 

Thanks!

Tom

 

 

Thomas W Shinder

 <http://www.isaserver.org/shinder> www.isaserver.org/shinder 

ISA Server and Beyond: http://tinyurl.com/1jq1

Configuring ISA Server:  <http://tinyurl.com/1llp>
http://tinyurl.com/1llp

 

-----Original Message-----
From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx] 
Sent: Tuesday, July 01, 2003 12:09 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Change IP Address of VPN

http://www.ISAserver.org

Hey Greg, I'm with you on that one, but let me explain my FULL picture.

 

I have 3 IP Addresses assigned to my External NIC (x.x.x.153, x.x.x.155
and x.x.x.156), and by default all my outbound user WEB & FIREWALL
traffic is on the x.x.x.153 address.

 

Now when my VPN clients try to connect to the x.x.x.153 address, they
can connect fine and the VPN is as solid as can be, but when the VPN
clients are connected all the outbound FIREWALL traffic "fails" over to
the next available IP Address, x.x.x.155. My presumption is that because
the VPN session "secures" the IP Address on which it was connected and
thus doesn't allow any other FIREWALL traffic out. I haven't yet been
able to prove this with WEB traffic as well, but it is definitely the
case with the FIREWALL traffic.

 

Anyways, the problem with ISA "failing over" to the next IP is that my
external suppliers have firewalled the x.x.x.153 address and NOT the
x.x.x.155 address. So without getting them to adjust their pool of
allowed addresses from me, I have now dedicated the x.x.x.156 address to
VPN traffic only, but I cannot seem to get my clients to connect to this
new IP Address.

 

If someone has any more info as to why an inbound VPN connection forces
ISA to use a different outbound IP I'm sure it would also explain a lot.

 

Cheers

William R.

 

-----Original Message-----
From: Greg Mulholland [mailto:greg_mul@xxxxxxxxxxxxxxx] 
Sent: 30 June 2003 16:25 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Change IP Address of VPN

 

http://www.ISAserver.org

William

 

Don't really see the point. In theory the connection and password policy
should be secure enough to handle anything anyway. The only reason I
would change the ip is if I was doing some major network restructuring.
But that's my opinion.

 

Greg Mulholland

Tech Services Manager

Harvey Norman

+613 98019333

greg_mul@xxxxxxxxxxxxxxx

 


  _____  


From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx] 
Sent: Monday, June 30, 2003 11:42 PM
To: [ISAserver.org Discussion List]

 

http://www.ISAserver.org

Hi there

 

Is there any opinion out there regarding the changing of the VPN Address
used by the clients?

 

Cheers

William R.

 

 

-----Original Message-----
From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx] 
Sent: 27 June 2003 15:28 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Change IP Address of VPN

 

http://www.ISAserver.org

Hi there

 

My ISA Server has 3 external IP Addresses bound to the external
interface of my ISA Server. It has now become time for me to change the
IP Address on which my VPN clients connect to my server.

 

To do this I simply modified the 2 default packet filters:

1)       Allow PPTP protocol packets (client) - PPTP Call

2)       Allow PPTP protocol packets (server) - PPTP Receive

 

And changed the Local IP Address to the new external IP Address.

 

This is obviously not all that needs to be done because my VPN still
doesn't work to this new address. Would someone know if there is any
config change required on RRAS in order to permit VPN access via this
new IP Address?

 

Cheers

William R. 

 


---------------------------------------------------------------------
Everything in this e-mail and attachments relating to the official 
business of Columbus Stainless is proprietary to the company. It is 
confidential, legally privileged and protected by law. Columbus 
Stainless does not own and endorse any other content. Views and 
opinions are those of the sender unless clearly stated as being that 
of Columbus Stainless. The person addressed in the e-mail is the sole 
authorised recipient.  Please notify the sender immediately if it has 
unintentionally reached you and do not read, disclose or use the 
content in any way. Whilst all reasonable steps are taken to ensure 
the accuracy and integrity of information and data transmitted 
electronically and to preserve the confidentiality thereof, no 
liability or responsibility whatsoever is accepted if information or 
data is,for whatever reason, corrupted or does not reach its intended
destination.
---------------------------------------------------------------------

Other related posts: