[isalist] Re: Error establishing a VPN to the ISA server

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Wed, 28 Jun 2006 08:53:51 -0500

http://www.ISAserver.org
-------------------------------------------------------

Ack, you're right. I was hitting the sauce a little early. I was
thinking of off-subnet stub zones.

I'll go play with my stub zone alone now...

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx 
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor 
> (Hammer of God)
> Sent: Tuesday, June 27, 2006 10:51 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Error establishing a VPN to the ISA server
> 
> http://www.ISAserver.org
> -------------------------------------------------------
>   
> Because the destination IP is considered "local" traffic.  I 
> won't go down
> the VPN in the first place.  As it happens, the local subnet 
> on the hotel's
> ethernet is the same number scheme (192.168.110.x) as in the 
> client's own
> local LAN.  The SBS box's IP is the same IP as the local 
> hotel's default
> gateway.  Even with the VPN connected, when guy tries to hit 
> the SBS box,
> and it resolves to 192.168.110.2, the request will be sent 
> directly to the
> gateway, not down the VPN, because that's a "local" address.
> 
> That's why I'm confused on how Jim and Tom's "change the VPN 
> assignment"
> works... But I'm obviously missing something- that or Jim and Tom are
> hitting the sauce a bit early ;)
> 
> t
> 
> 
> On 6/27/06 8:39 PM, "Mark Morgan" 
> <MMorgan@xxxxxxxxxxxxxxxxxxxxx> spoketh to
> all:
> 
> > http://www.ISAserver.org
> > -------------------------------------------------------
> > 
> > If your not using split tunnelling which it shouldn't be 
> then why not?  that
> > should force all traffic to go through the tunnel shouldn't it??
> > 
> > Mark Morgan
> > Sent Via WM-5 enabled PPC
> > 
> > -----Original Message-----
> > From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
> > To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
> > Sent: 06/27/06 20:14
> > Subject: [isalist] Re: Error establishing a VPN to the ISA server
> > 
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >   
> > The problem isn't the VPN client subnet-  The remote SBS 
> box is on the same
> > logical subnet as the "local" network the guy is on at the 
> hotel, so when he
> > tries to go to 192.168.110.2, it's the "local" gateway.  
> Changing the VPN
> > Client subnet doesn't really do anything here...
> > 
> > t  
> > 
> > 
> > On 6/27/06 8:04 PM, "Jim Harrison" <jim@xxxxxxxxxxxx> 
> spoketh to all:
> > 
> >> http://www.ISAserver.org
> >> -------------------------------------------------------
> >> 
> >> Use RRAS or ISA 2004 settings to assign VPN clients an IP 
> from a different
> >> subnet.
> >> So long as the internal clients use the SBS as the last 
> hop, it'll work fine.
> >> 
> >> Sent via WM5-enabled PPC-phone
> >> 
> >> -----Original Message-----
> >> From: "Glenn P. JOHNSTON" <glenn.johnston@xxxxxxxxxxx>
> >> To: isalist@xxxxxxxxxxxxx
> >> Sent: 6/27/06 19:13
> >> Subject: [isalist] Error establishing a VPN to the ISA server
> >> 
> >> http://www.ISAserver.org
> >> -------------------------------------------------------
> >>   
> >> Hi,
> >>  
> >> Maybe, maybe not directly and ISA question, and I've 
> posted this in an SBS
> >> forum as well, but you people are pretty bright & I 
> thought you might have
> >> some worth while input on this.
> >>  
> >> One of my clients has an issue with VPN tunnel. This has 
> been inplace since
> >> Sunday afternoon, but they only rang me this morning.
> >>  
> >> One of their directors is at a week long conference, and 
> the Hotel where he
> >> is
> >> staying, has provides an in room broadband service.
> >> The BroadBand in the hotel is using a 192.168.110.0/24 
> address range, the
> >> internal address of the clients network at the office is also a
> >> 192.168.110.0/24 range.
> >>  
> >> The VPN tunnel  establishes fine, and the VPN connector on 
> his notebook get
> >> an
> >> address, of course, in the 192.168.110.100 to 
> 192.168.110.199 range of the
> >> DHCP server on the SBS server.
> >>  
> >> Once the tunnel is established, he can acess nothing on 
> the SBS. This is to
> >> be
> >> expected as the address ranges are the same, does anyone 
> have any bright
> >> idea's on how to get around this. The Director is yelling 
> and screaming about
> >> not being able to get his e-mail.
> >>  
> >> Unfortunately he is out out direct reach in another state, 
> and has very
> >> little
> >> tolerance for such problems.
> >>  
> >> Regards
> >> Glenn
> >> ------------------------------------------------------
> >> List Archives: //www.freelists.org/archives/isalist/
> >> ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> >> ISA Server Articles and Tutorials:
> >> http://www.isaserver.org/articles_tutorials/
> >> ISA Server Blogs: http://blogs.isaserver.org/
> >> ------------------------------------------------------
> >> Visit TechGenix.com for more information about our other sites:
> >> http://www.techgenix.com
> >> ------------------------------------------------------
> >> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> >> Report abuse to listadmin@xxxxxxxxxxxxx
> >> 
> >> 
> >> 
> >> All mail to and from this domain is GFI-scanned.
> >> 
> >> ------------------------------------------------------
> >> List Archives: //www.freelists.org/archives/isalist/
> >> ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> >> ISA Server Articles and Tutorials:
> >> http://www.isaserver.org/articles_tutorials/
> >> ISA Server Blogs: http://blogs.isaserver.org/
> >> ------------------------------------------------------
> >> Visit TechGenix.com for more information about our other sites:
> >> http://www.techgenix.com
> >> ------------------------------------------------------
> >> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> >> Report abuse to listadmin@xxxxxxxxxxxxx
> >> 
> >> 
> >> 
> > 
> > 
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server Articles and Tutorials:
> > http://www.isaserver.org/articles_tutorials/
> > ISA Server Blogs: http://blogs.isaserver.org/
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server Articles and Tutorials:
> > http://www.isaserver.org/articles_tutorials/
> > ISA Server Blogs: http://blogs.isaserver.org/
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > 
> > 
> 
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/  
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
> ISA Server Articles and Tutorials: 
> http://www.isaserver.org/articles_tutorials/ 
> ISA Server Blogs: http://blogs.isaserver.org/ 
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com 
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
> Report abuse to listadmin@xxxxxxxxxxxxx 
> 
> 
> 
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » [isalist] Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server
• » [isalist] Re: Error establishing a VPN to the ISA server

1. Home
2. isalist
3. Archive
4. 06-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---