[isalist] Re: Error establishing a VPN to the ISA server
- From: "Glenn P. JOHNSTON" <glenn.johnston@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Wed, 28 Jun 2006 16:41:20 +1000
No I think this is something to do with SBS.
I put a second IP onto my play w3K standard server, and I get a ping response
on both the old, and the NEW IP address, in both cases, with the new IP on the
same sub set, and the new IP on a different subnet. I can get a ping response
on both IP's from an appropriately configured notebook, and can attach to
fileshares, echange SQL exactly like you'd expect to be able to.
But, do the same thing on my play SBS 2003 premium server, and I only get a
response on the NEW address, the server stops responding to PING's on the old
address, whether it's on the same or different subnet. and of course, I can
connect to nothing on the OLD IP !!
________________________________
From: isalist-bounce@xxxxxxxxxxxxx on behalf of Jim Harrison
Sent: Wed 28/Jun/2006 15:39
To: isalist@xxxxxxxxxxxxx
Subject: RE: [isalist] Re: Error establishing a VPN to the ISA server
it's not about SBS; it's about basic TCP/IP routing.
If the client thinks it has the same network "here" and "there"; it'll always
use "here" to reach IPs in that subnet.
Use the diffrent subnet suggestion; it works.
________________________________
From: isalist-bounce@xxxxxxxxxxxxx on behalf of Glenn P. JOHNSTON
Sent: Tue 6/27/2006 9:06 PM
To: isalist@xxxxxxxxxxxxx
Subject: RE: [isalist] Re: Error establishing a VPN to the ISA server
I've just tried adding second IP to the internal adaptor on my play SBS server,
and now I can't access it from the internal LAN It's no longer responding on
it's original address, only on the new 'second' address, which is in the same
/24 subnet
Anyone got some good oil on whether this is an expected SBS characteristic ?
________________________________
From: isalist-bounce@xxxxxxxxxxxxx on behalf of Thor (Hammer of God)
Sent: Wed 28/Jun/2006 12:49
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Error establishing a VPN to the ISA server
http://www.ISAserver.org <http://www.isaserver.org/>
-------------------------------------------------------
Well, it would have worked other than the gw on the hotel being the same as
the SBS box... Bad luck there. But, I've had to do this several times for
the exact same scenario with my people. Seems the Marriott and I thought
alike in our IP schemes ;)
You could always just add another IP address to the SBS box (well, you could
if it were a "regular" server install-- I don't know what you'd have to go
through on SBS to do that.) That would work, though.
Not much we can do about a guy who wants to scream more than get the job
done, though. I'd tell him that if he wanted his email to STFU and do what
was needed. It's not like it is anyone's "fault." There are other options
you have, but they would all require him doing *something*.
I'm assuming that OWA is not an option for some reason?
t
On 6/27/06 7:37 PM, "Glenn P. JOHNSTON" <glenn.johnston@xxxxxxxxxxx> spoketh
to all:
> The internal IP of the SBS server is 192.168.110.2, G/W on the hotel BB
> service is also 192.168.110.2 unfortunately !
>
> I tried the static route on my home ADSL service by changing the internal
> private IP to match the Hotel's to play with, and everything else works, I can
> get to the internet and other clients networks fine, but I can not get to
> anything on the remote network after the tunnel is connected, of the client
> with the problem.
>
> Putting the static route in I doubt will work anyway, the fellow will probably
> just yell and scream as soon as he is asked to do anything remotely technical,
> expecting it to be magically fixed from this end.
>
> ________________________________
>
> From: isalist-bounce@xxxxxxxxxxxxx on behalf of Thor (Hammer of God)
> Sent: Wed 28/Jun/2006 12:27
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Error establishing a VPN to the ISA server
>
>
>
> http://www.ISAserver.org <http://www.isaserver.org/>
> -------------------------------------------------------
>
> All he has to do is set a static route for the SBS box's IP to the gateway
> address of the VPN endpoint.
>
> IOW, if the SBS box is 192.168.110.101, and his PPP VPN interface got
> assigned something like 192.168.110.11 from the RRAS server (do an IP config
> to see what ip his PPP adapter is, or look at the RRAS properties of the
> connection) then you would have him do a:
>
> ROUTE -p add 192.168.110.101 mask 255.255.255.255 192.168.110.11
>
> That way, when he attempts to access the SBS server, the request will route
> down the VPN rather than broadcasting on the "local" 192.168.110.x network.
>
> t
>
>
> On 6/27/06 7:13 PM, "Glenn P. JOHNSTON" <glenn.johnston@xxxxxxxxxxx> spoketh
> to all:
>
>> http://www.ISAserver.org <http://www.isaserver.org/>
>> -------------------------------------------------------
>>
>> Hi,
>>
>> Maybe, maybe not directly and ISA question, and I've posted this in an SBS
>> forum as well, but you people are pretty bright & I thought you might have
>> some worth while input on this.
>>
>> One of my clients has an issue with VPN tunnel. This has been inplace since
>> Sunday afternoon, but they only rang me this morning.
>>
>> One of their directors is at a week long conference, and the Hotel where he
>> is
>> staying, has provides an in room broadband service.
>> The BroadBand in the hotel is using a 192.168.110.0/24 address range, the
>> internal address of the clients network at the office is also a
>> 192.168.110.0/24 range.
>>
>> The VPN tunnel establishes fine, and the VPN connector on his notebook get
>> an
>> address, of course, in the 192.168.110.100 to 192.168.110.199 range of the
>> DHCP server on the SBS server.
>>
>> Once the tunnel is established, he can acess nothing on the SBS. This is to
>> be
>> expected as the address ranges are the same, does anyone have any bright
>> idea's on how to get around this. The Director is yelling and screaming about
>> not being able to get his e-mail.
>>
>> Unfortunately he is out out direct reach in another state, and has very
>> little
>> tolerance for such problems.
>>
>> Regards
>> Glenn
>> ------------------------------------------------------
>> List Archives: //www.freelists.org/archives/isalist/
>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>> ISA Server Articles and Tutorials:
>> http://www.isaserver.org/articles_tutorials/
>> ISA Server Blogs: http://blogs.isaserver.org/
>> ------------------------------------------------------
>> Visit TechGenix.com for more information about our other sites:
>> http://www.techgenix.com <http://www.techgenix.com/>
>> ------------------------------------------------------
>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>> Report abuse to listadmin@xxxxxxxxxxxxx
>>
>>
>>
>
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com <http://www.techgenix.com/>
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com <http://www.techgenix.com/>
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
