[isalist] Re: Error establishing a VPN to the ISA server

  • From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
  • To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 27 Jun 2006 23:06:46 -0700

http://www.ISAserver.org
-------------------------------------------------------
  
Yeah, I figured you didn't see that bit about the hotel net on the same sub
as the internal. ;)

RPC/HTTP is indeed the way to go for mail only, but I gotta tell ya- I
always carry my little linksys router with me just in case I have to do
"real" work while on a conflicting network, which unfortunately, is
happening to me more and more these days.  The thing is tiny, and there is
no configuration at all needed.  Just power, plug, done.  It's also nice to
have that little extra bit of distance from the other shmucks on the hotel
network.


t


On 6/27/06 10:41 PM, "Jim Harrison" <Jim@xxxxxxxxxxxx> spoketh to all:

> You're right - it can't work; when the VPN client resolves an "internal" name
> to an "internal" IP; it'll think it's local and send it to the hotel net.
>  
> RPC/HTTP, bro - that's the only way around this.  Don't waste the flight time
> unless you can configure this from the hotel.
> 
> ________________________________
> 
> From: isalist-bounce@xxxxxxxxxxxxx on behalf of Thor (Hammer of God)
> Sent: Tue 6/27/2006 8:51 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Error establishing a VPN to the ISA server
> 
> 
> 
> http://www.ISAserver.org <http://www.isaserver.org/>
> -------------------------------------------------------
>  
> Because the destination IP is considered "local" traffic.  I won't go down
> the VPN in the first place.  As it happens, the local subnet on the hotel's
> ethernet is the same number scheme (192.168.110.x) as in the client's own
> local LAN.  The SBS box's IP is the same IP as the local hotel's default
> gateway.  Even with the VPN connected, when guy tries to hit the SBS box,
> and it resolves to 192.168.110.2, the request will be sent directly to the
> gateway, not down the VPN, because that's a "local" address.
> 
> That's why I'm confused on how Jim and Tom's "change the VPN assignment"
> works... But I'm obviously missing something- that or Jim and Tom are
> hitting the sauce a bit early ;)
> 
> t
> 
> 
> On 6/27/06 8:39 PM, "Mark Morgan" <MMorgan@xxxxxxxxxxxxxxxxxxxxx> spoketh to
> all:
> 
>> http://www.ISAserver.org <http://www.isaserver.org/>
>> -------------------------------------------------------
>> 
>> If your not using split tunnelling which it shouldn't be then why not?  that
>> should force all traffic to go through the tunnel shouldn't it??
>> 
>> Mark Morgan
>> Sent Via WM-5 enabled PPC
>> 
>> -----Original Message-----
>> From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
>> To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
>> Sent: 06/27/06 20:14
>> Subject: [isalist] Re: Error establishing a VPN to the ISA server
>> 
>> http://www.ISAserver.org <http://www.isaserver.org/>
>> -------------------------------------------------------
>>  
>> The problem isn't the VPN client subnet-  The remote SBS box is on the same
>> logical subnet as the "local" network the guy is on at the hotel, so when he
>> tries to go to 192.168.110.2, it's the "local" gateway.  Changing the VPN
>> Client subnet doesn't really do anything here...
>> 
>> t 
>> 
>> 
>> On 6/27/06 8:04 PM, "Jim Harrison" <jim@xxxxxxxxxxxx> spoketh to all:
>> 
>>> http://www.ISAserver.org <http://www.isaserver.org/>
>>> -------------------------------------------------------
>>> 
>>> Use RRAS or ISA 2004 settings to assign VPN clients an IP from a different
>>> subnet.
>>> So long as the internal clients use the SBS as the last hop, it'll work
>>> fine.
>>> 
>>> Sent via WM5-enabled PPC-phone
>>> 
>>> -----Original Message-----
>>> From: "Glenn P. JOHNSTON" <glenn.johnston@xxxxxxxxxxx>
>>> To: isalist@xxxxxxxxxxxxx
>>> Sent: 6/27/06 19:13
>>> Subject: [isalist] Error establishing a VPN to the ISA server
>>> 
>>> http://www.ISAserver.org <http://www.isaserver.org/>
>>> -------------------------------------------------------
>>>  
>>> Hi,
>>> 
>>> Maybe, maybe not directly and ISA question, and I've posted this in an SBS
>>> forum as well, but you people are pretty bright & I thought you might have
>>> some worth while input on this.
>>> 
>>> One of my clients has an issue with VPN tunnel. This has been inplace since
>>> Sunday afternoon, but they only rang me this morning.
>>> 
>>> One of their directors is at a week long conference, and the Hotel where he
>>> is
>>> staying, has provides an in room broadband service.
>>> The BroadBand in the hotel is using a 192.168.110.0/24 address range, the
>>> internal address of the clients network at the office is also a
>>> 192.168.110.0/24 range.
>>> 
>>> The VPN tunnel  establishes fine, and the VPN connector on his notebook get
>>> an
>>> address, of course, in the 192.168.110.100 to 192.168.110.199 range of the
>>> DHCP server on the SBS server.
>>> 
>>> Once the tunnel is established, he can acess nothing on the SBS. This is to
>>> be
>>> expected as the address ranges are the same, does anyone have any bright
>>> idea's on how to get around this. The Director is yelling and screaming
>>> about
>>> not being able to get his e-mail.
>>> 
>>> Unfortunately he is out out direct reach in another state, and has very
>>> little
>>> tolerance for such problems.
>>> 
>>> Regards
>>> Glenn
>>> ------------------------------------------------------
>>> List Archives: //www.freelists.org/archives/isalist/
>>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>>> ISA Server Articles and Tutorials:
>>> http://www.isaserver.org/articles_tutorials/
>>> ISA Server Blogs: http://blogs.isaserver.org/
>>> ------------------------------------------------------
>>> Visit TechGenix.com for more information about our other sites:
>>> http://www.techgenix.com <http://www.techgenix.com/>
>>> ------------------------------------------------------
>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>>> Report abuse to listadmin@xxxxxxxxxxxxx
>>> 
>>> 
>>> 
>>> All mail to and from this domain is GFI-scanned.
>>> 
>>> ------------------------------------------------------
>>> List Archives: //www.freelists.org/archives/isalist/
>>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>>> ISA Server Articles and Tutorials:
>>> http://www.isaserver.org/articles_tutorials/
>>> ISA Server Blogs: http://blogs.isaserver.org/
>>> ------------------------------------------------------
>>> Visit TechGenix.com for more information about our other sites:
>>> http://www.techgenix.com <http://www.techgenix.com/>
>>> ------------------------------------------------------
>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>>> Report abuse to listadmin@xxxxxxxxxxxxx
>>> 
>>> 
>>> 
>> 
>> 
>> ------------------------------------------------------
>> List Archives: //www.freelists.org/archives/isalist/
>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>> ISA Server Articles and Tutorials:
>> http://www.isaserver.org/articles_tutorials/
>> ISA Server Blogs: http://blogs.isaserver.org/
>> ------------------------------------------------------
>> Visit TechGenix.com for more information about our other sites:
>> http://www.techgenix.com <http://www.techgenix.com/>
>> ------------------------------------------------------
>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>> Report abuse to listadmin@xxxxxxxxxxxxx
>> 
>> ------------------------------------------------------
>> List Archives: //www.freelists.org/archives/isalist/
>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>> ISA Server Articles and Tutorials:
>> http://www.isaserver.org/articles_tutorials/
>> ISA Server Blogs: http://blogs.isaserver.org/
>> ------------------------------------------------------
>> Visit TechGenix.com for more information about our other sites:
>> http://www.techgenix.com <http://www.techgenix.com/>
>> ------------------------------------------------------
>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>> Report abuse to listadmin@xxxxxxxxxxxxx
>> 
>> 
>> 
> 
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com <http://www.techgenix.com/>
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> 
> 
> All mail to and from this domain is GFI-scanned.
> 


------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 

Other related posts: