http://www.ISAserver.org ------------------------------------------------------- Ack, you're right. I was hitting the sauce a little early. I was thinking of off-subnet stub zones. I'll go play with my stub zone alone now... Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor > (Hammer of God) > Sent: Tuesday, June 27, 2006 10:51 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Error establishing a VPN to the ISA server > > http://www.ISAserver.org > ------------------------------------------------------- > > Because the destination IP is considered "local" traffic. I > won't go down > the VPN in the first place. As it happens, the local subnet > on the hotel's > ethernet is the same number scheme (192.168.110.x) as in the > client's own > local LAN. The SBS box's IP is the same IP as the local > hotel's default > gateway. Even with the VPN connected, when guy tries to hit > the SBS box, > and it resolves to 192.168.110.2, the request will be sent > directly to the > gateway, not down the VPN, because that's a "local" address. > > That's why I'm confused on how Jim and Tom's "change the VPN > assignment" > works... But I'm obviously missing something- that or Jim and Tom are > hitting the sauce a bit early ;) > > t > > > On 6/27/06 8:39 PM, "Mark Morgan" > <MMorgan@xxxxxxxxxxxxxxxxxxxxx> spoketh to > all: > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > If your not using split tunnelling which it shouldn't be > then why not? that > > should force all traffic to go through the tunnel shouldn't it?? > > > > Mark Morgan > > Sent Via WM-5 enabled PPC > > > > -----Original Message----- > > From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx> > > To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx> > > Sent: 06/27/06 20:14 > > Subject: [isalist] Re: Error establishing a VPN to the ISA server > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > The problem isn't the VPN client subnet- The remote SBS > box is on the same > > logical subnet as the "local" network the guy is on at the > hotel, so when he > > tries to go to 192.168.110.2, it's the "local" gateway. > Changing the VPN > > Client subnet doesn't really do anything here... > > > > t > > > > > > On 6/27/06 8:04 PM, "Jim Harrison" <jim@xxxxxxxxxxxx> > spoketh to all: > > > >> http://www.ISAserver.org > >> ------------------------------------------------------- > >> > >> Use RRAS or ISA 2004 settings to assign VPN clients an IP > from a different > >> subnet. > >> So long as the internal clients use the SBS as the last > hop, it'll work fine. > >> > >> Sent via WM5-enabled PPC-phone > >> > >> -----Original Message----- > >> From: "Glenn P. JOHNSTON" <glenn.johnston@xxxxxxxxxxx> > >> To: isalist@xxxxxxxxxxxxx > >> Sent: 6/27/06 19:13 > >> Subject: [isalist] Error establishing a VPN to the ISA server > >> > >> http://www.ISAserver.org > >> ------------------------------------------------------- > >> > >> Hi, > >> > >> Maybe, maybe not directly and ISA question, and I've > posted this in an SBS > >> forum as well, but you people are pretty bright & I > thought you might have > >> some worth while input on this. > >> > >> One of my clients has an issue with VPN tunnel. This has > been inplace since > >> Sunday afternoon, but they only rang me this morning. > >> > >> One of their directors is at a week long conference, and > the Hotel where he > >> is > >> staying, has provides an in room broadband service. > >> The BroadBand in the hotel is using a 192.168.110.0/24 > address range, the > >> internal address of the clients network at the office is also a > >> 192.168.110.0/24 range. > >> > >> The VPN tunnel establishes fine, and the VPN connector on > his notebook get > >> an > >> address, of course, in the 192.168.110.100 to > 192.168.110.199 range of the > >> DHCP server on the SBS server. > >> > >> Once the tunnel is established, he can acess nothing on > the SBS. This is to > >> be > >> expected as the address ranges are the same, does anyone > have any bright > >> idea's on how to get around this. The Director is yelling > and screaming about > >> not being able to get his e-mail. > >> > >> Unfortunately he is out out direct reach in another state, > and has very > >> little > >> tolerance for such problems. > >> > >> Regards > >> Glenn > >> ------------------------------------------------------ > >> List Archives: //www.freelists.org/archives/isalist/ > >> ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > >> ISA Server Articles and Tutorials: > >> http://www.isaserver.org/articles_tutorials/ > >> ISA Server Blogs: http://blogs.isaserver.org/ > >> ------------------------------------------------------ > >> Visit TechGenix.com for more information about our other sites: > >> http://www.techgenix.com > >> ------------------------------------------------------ > >> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > >> Report abuse to listadmin@xxxxxxxxxxxxx > >> > >> > >> > >> All mail to and from this domain is GFI-scanned. > >> > >> ------------------------------------------------------ > >> List Archives: //www.freelists.org/archives/isalist/ > >> ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > >> ISA Server Articles and Tutorials: > >> http://www.isaserver.org/articles_tutorials/ > >> ISA Server Blogs: http://blogs.isaserver.org/ > >> ------------------------------------------------------ > >> Visit TechGenix.com for more information about our other sites: > >> http://www.techgenix.com > >> ------------------------------------------------------ > >> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > >> Report abuse to listadmin@xxxxxxxxxxxxx > >> > >> > >> > > > > > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx