Until the one you switch to is on a 10. network and all the work Tom did with the internal IP stuff is all for naught. ;) I¹m telling ya... This is becoming way more and more common. I¹m surprised to see this dude¹s hotel on 192.168.110 (I really am) but it¹s actually becoming more common for some of my people to be on conflicting nets, particularly when they give you a 10.0.0.0 address on a 255.0.0.0 subnet. Hence the need for a localized NAT solution? OWA/RCPoHTTP is fine when all you need is email stuff, but when you¹ve got to be RDP¹ing into multiple servers, accessing SQL boxes, hitting VoIP equipment, etc., publishing scenarios just don¹t cut it... I¹ve tried lots of different things at varying degrees of complexity (like a virtual pc install, Kerio routing tricks, KY jelly, etc) but I¹ve found that keeping things limited to the ³plug THIS into THAT, then plug THAT into the OTHER THING² mentality is the best. That¹s really why most of my mobile people have the high speed EVDO solutions (we use verizon) so that we don¹t really have to worry about it. Hotel connections are usually way faster, but EVDO works all the time (most of the time, anyway). I can actually envision a market for a little USB device that NAT¹s the connection all the time for the true ³road warrior² that spends a lot of time on other people¹s networks. t On 6/28/06 7:51 AM, "Jonathon J. Howey" <Jonathon@xxxxxxxx> spoketh to all: > A non-technical solution: Wouldn't it of been easier to tell the Directory to > switch hotels? :p > > But then that wouldn't be any fun for you guys... > > Jonathon J. Howey > MENSE Inc. > P 780.409.5620 > F 780.409.5621 > D 780.409.5628 > C 780.965.8363 > Jonathon@xxxxxxxx > > Defining the Future of Transportation > www.MENSE.ca <http://www.mense.ca/> > > > > > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On > Behalf Of Thomas W Shinder > Sent: June 28, 2006 8:31 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Error establishing a VPN to the ISA server > > Nice tip! > Thanks! > > Thomas W Shinder, M.D. > Site: www.isaserver.org <http://www.isaserver.org/> > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> > MVP -- ISA Firewalls > > > >> >> >> >> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On >> Behalf Of Thor (Hammer of God) >> Sent: Wednesday, June 28, 2006 9:19 AM >> To: isalist@xxxxxxxxxxxxx >> Subject: [isalist] Re: Error establishing a VPN to the ISA server >> >> >> You¹ll still hit it. The router will be given the local IP just like a >> lappy would, and you¹ll hit it via the NAT¹d connection. Do it all the >> time. >> >> t >> >> >> On 6/28/06 6:51 AM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> spoketh to >> all: >> >> >>> What if that broadband router has to interact with a log on page? >>> >>> Thomas W Shinder, M.D. >>> Site: www.isaserver.org <http://www.isaserver.org/> >>> Blog: http://blogs.isaserver.org/shinder/ >>> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> >>> MVP -- ISA Firewalls >>> >>> >>> >>> >>>> >>>> >>>> >>>> >>>> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] >>>> On Behalf Of Glenn P. JOHNSTON >>>> Sent: Tuesday, June 27, 2006 11:18 PM >>>> To: isalist@xxxxxxxxxxxxx >>>> Subject: RE: [isalist] Re: Error establishing a VPN to the ISA server >>>> >>>> >>>> >>>> Plan is, I am going to take; >>>> >>>> >>>> >>>> 1. >>>> 2. A linksys 4 port BB router, to plug in between the hotels BB, and his >>>> notebook, which I think will do the trick nicely. >>>> 3. >>>> 4. >>>> 5. A wireless broadband card, just in case. >>>> 6. >>>> 7. >>>> 8. A second notebook with the companys SOE on it, also just in case. >>>> 9. >>>> 10. >>>> 11. My Wife, it will be a nice little day or two away for us. >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> From: isalist-bounce@xxxxxxxxxxxxx on behalf of Thor (Hammer of God) >>>> Sent: Wed 28/Jun/2006 14:06 >>>> To: isalist@xxxxxxxxxxxxx >>>> Subject: [isalist] Re: Error establishing a VPN to the ISA server >>>> >>>> >>>> >>>> >>>> http://www.ISAserver.org >>>> ------------------------------------------------------- >>>> >>>> You gonna add a new IP to the server, bring a little NAT router, or >>>> both? ;) >>>> >>>> t >>>> >>>> >>>> On 6/27/06 9:00 PM, "Glenn P. JOHNSTON" <glenn.johnston@xxxxxxxxxxx> >>>> spoketh >>>> to all: >>>> >>>>> > I don't believe it. >>>>> > >>>>> > I've just been offered a return first class plane ticket, a nights >>>>> > accomodation, 2 nights if need be, all expenses + how ever many hours >>>>> it takes >>>>> > at my normal hourly rate to go see the director in person and fix this >>>>> for him >>>>> > so he can get his e-mail ! >>>>> > >>>>> > "Well I'll loose a whole day on this", "Fine, then charge us for every >>>>> hour >>>>> > your away, just get it fixed !" >>>>> > >>>>> > >>>>> > >>>>> > ________________________________ >>>>> > >>>>> > From: isalist-bounce@xxxxxxxxxxxxx on behalf of Thor (Hammer of God) >>>>> > Sent: Wed 28/Jun/2006 13:45 >>>>> > To: isalist@xxxxxxxxxxxxx >>>>> > Subject: [isalist] Re: Error establishing a VPN to the ISA server >>>>> > >>>>> > >>>>> > >>>>> > http://www.ISAserver.org >>>>> > ------------------------------------------------------- >>>>> > >>>>> > OWA would be a great "backup" solution in the rare case where the >>>>> local >>>>> > Ethernet LAN is the same logical subnet as their own offices, even if >>>>> he >>>>> > couldn't sync. But, in your case of having a jackass for a client, >>>>> you're >>>>> > kind of stuck. >>>>> > >>>>> > An easier thing to do would be to get a little Linksys NAT router to >>>>> stick >>>>> > in between. Plug the hotel ethernet to the "Internet" port, and plug >>>>> the >>>>> > laptop into a "LAN" port. That way he'll get a local 192.168.1 >>>>> address and >>>>> > have no problems. Plus, there is no configuration needed at all. The >>>>> > defaults will work just fine. Just plug it in and go. >>>>> > >>>>> > t >>>>> > >>>>> > >>>>> > On 6/27/06 8:29 PM, "Glenn P. JOHNSTON" <glenn.johnston@xxxxxxxxxxx> >>>>> spoketh >>>>> > to all: >>>>> > >>>>>> >> I'm told he refuses to use OWA as he can't sync his mail with the >>>>>> OST on his >>>>>> >> notebook. There is just no helping some people, no matter how hard >>>>>> you try to >>>>>> >> be helpful and solve their problem, they just refuse all help on >>>>>> principle ! >>>>>> >> >>>>>> >> Also they passed on to me, that in his yelling and screaming his >>>>>> demanding to >>>>>> >> know 'Why someone did not realise this would happen, and get it >>>>>> fixed before >>>>>> >> hand, so I can get my e-mail" >>>>>> >> >>>>>> >> I really feel sorry for the IT guy at the site, his early 20's, >>>>>> finished a >>>>>> >> development oriented IT degree last year, is quite bright really, >>>>>> but is >>>>>> >> still >>>>>> >> just learning the finer points of the winserver environment, >>>>>> supporting XP >>>>>> >> etc, and it working toward his MCSE, having passed the first 2 exams >>>>>> in the >>>>>> >> last couple of months. He reports to this Director, and from what I >>>>>> can see, >>>>>> >> gets one hell of a serve from him as soon as anything a little bit >>>>>> odd >>>>>> >> occurs. >>>>>> >> >>>>>> >> I can't see a away around this, without the Director having to do >>>>>> something >>>>>> >> out of the ordinary, which apparently, is just not an option, and >>>>>> have just >>>>>> >> told them that. >>>>>> >> >>>>>> >> I've suggested the only possibly way, I can see, is to go out and >>>>>> purchase a >>>>>> >> wireless broadband card from someone local, get it on the net, set >>>>>> up a >>>>>> >> notebook with it and his e-mail, and get it express couriered to >>>>>> him. He'd >>>>>> >> have it early eveing or first thing in the morning. >>>>>> >> >>>>>> >> There was a chocking sound on the other end of the phone, "but then >>>>>> he'd have >>>>>> >> to carry 2 notebooks back ! " and "What do I do if he gets it and it >>>>>> does not >>>>>> >> work ?" .................................. >>>>>> >> >>>>>> >> Find another job came to mind.. >>>>>> >> >>>>>> >> ________________________________ >>>>>> >> >>>>>> >> From: isalist-bounce@xxxxxxxxxxxxx on behalf of Thor (Hammer of >>>>>> God) >>>>>> >> Sent: Wed 28/Jun/2006 12:49 >>>>>> >> To: isalist@xxxxxxxxxxxxx >>>>>> >> Subject: [isalist] Re: Error establishing a VPN to the ISA server >>>>>> >> >>>>>> >> >>>>>> >> >>>>>> >> http://www.ISAserver.org >>>>>> >> ------------------------------------------------------- >>>>>> >> >>>>>> >> Well, it would have worked other than the gw on the hotel being the >>>>>> same as >>>>>> >> the SBS box... Bad luck there. But, I've had to do this several >>>>>> times for >>>>>> >> the exact same scenario with my people. Seems the Marriott and I >>>>>> thought >>>>>> >> alike in our IP schemes ;) >>>>>> >> >>>>>> >> You could always just add another IP address to the SBS box (well, >>>>>> you could >>>>>> >> if it were a "regular" server install-- I don't know what you'd have >>>>>> to go >>>>>> >> through on SBS to do that.) That would work, though. >>>>>> >> >>>>>> >> Not much we can do about a guy who wants to scream more than get the >>>>>> job >>>>>> >> done, though. I'd tell him that if he wanted his email to STFU and >>>>>> do what >>>>>> >> was needed. It's not like it is anyone's "fault." There are other >>>>>> options >>>>>> >> you have, but they would all require him doing *something*. >>>>>> >> >>>>>> >> I'm assuming that OWA is not an option for some reason? >>>>>> >> >>>>>> >> t >>>>>> >> >>>>>> >> >>>>>> >> On 6/27/06 7:37 PM, "Glenn P. JOHNSTON" <glenn.johnston@xxxxxxxxxxx> >>>>>> spoketh >>>>>> >> to all: >>>>>> >> >>>>>>> >>> The internal IP of the SBS server is 192.168.110.2, G/W on the >>>>>>> hotel BB >>>>>>> >>> service is also 192.168.110.2 unfortunately ! >>>>>>> >>> >>>>>>> >>> I tried the static route on my home ADSL service by changing the >>>>>>> internal >>>>>>> >>> private IP to match the Hotel's to play with, and everything else >>>>>>> works, I >>>>>>> >>> can >>>>>>> >>> get to the internet and other clients networks fine, but I can not >>>>>>> get to >>>>>>> >>> anything on the remote network after the tunnel is connected, of >>>>>>> the client >>>>>>> >>> with the problem. >>>>>>> >>> >>>>>>> >>> Putting the static route in I doubt will work anyway, the fellow >>>>>>> will >>>>>>> >>> probably >>>>>>> >>> just yell and scream as soon as he is asked to do anything >>>>>>> remotely >>>>>>> >>> technical, >>>>>>> >>> expecting it to be magically fixed from this end. >>>>>>> >>> >>>>>>> >>> ________________________________ >>>>>>> >>> >>>>>>> >>> From: isalist-bounce@xxxxxxxxxxxxx on behalf of Thor (Hammer of >>>>>>> God) >>>>>>> >>> Sent: Wed 28/Jun/2006 12:27 >>>>>>> >>> To: isalist@xxxxxxxxxxxxx >>>>>>> >>> Subject: [isalist] Re: Error establishing a VPN to the ISA >>>>>>> server >>>>>>> >>> >>>>>>> >>> >>>>>>> >>> >>>>>>> >>> http://www.ISAserver.org >>>>>>> >>> ------------------------------------------------------- >>>>>>> >>> >>>>>>> >>> All he has to do is set a static route for the SBS box's IP to the >>>>>>> gateway >>>>>>> >>> address of the VPN endpoint. >>>>>>> >>> >>>>>>> >>> IOW, if the SBS box is 192.168.110.101, and his PPP VPN interface got >>>>>>> >>> assigned something like 192.168.110.11 from the RRAS server (do an >>>>>>> IP config >>>>>>> >>> to see what ip his PPP adapter is, or look at the RRAS properties >>>>>>> of the >>>>>>> >>> connection) then you would have him do a: >>>>>>> >>> >>>>>>> >>> ROUTE -p add 192.168.110.101 mask 255.255.255.255 192.168.110.11 >>>>>>> >>> >>>>>>> >>> That way, when he attempts to access the SBS server, the request >>>>>>> will route >>>>>>> >>> down the VPN rather than broadcasting on the "local" 192.168.110.x >>>>>>> network. >>>>>>> >>> >>>>>>> >>> t >>>>>>> >>> >>>>>>> >>> >>>>>>> >>> On 6/27/06 7:13 PM, "Glenn P. JOHNSTON" >>>>>>> <glenn.johnston@xxxxxxxxxxx> spoketh >>>>>>> >>> to all: >>>>>>> >>> >>>>>>>> >>>> http://www.ISAserver.org >>>>>>>> >>>> ------------------------------------------------------- >>>>>>>> >>>> >>>>>>>> >>>> Hi, >>>>>>>> >>>> >>>>>>>> >>>> Maybe, maybe not directly and ISA question, and I've posted this >>>>>>>> in an SBS >>>>>>>> >>>> forum as well, but you people are pretty bright & I thought you >>>>>>>> might have >>>>>>>> >>>> some worth while input on this. >>>>>>>> >>>> >>>>>>>> >>>> One of my clients has an issue with VPN tunnel. This has been >>>>>>>> inplace since >>>>>>>> >>>> Sunday afternoon, but they only rang me this morning. >>>>>>>> >>>> >>>>>>>> >>>> One of their directors is at a week long conference, and the >>>>>>>> Hotel where he >>>>>>>> >>>> is >>>>>>>> >>>> staying, has provides an in room broadband service. >>>>>>>> >>>> The BroadBand in the hotel is using a 192.168.110.0/24 address >>>>>>>> range, the >>>>>>>> >>>> internal address of the clients network at the office is also a >>>>>>>> >>>> 192.168.110.0/24 range. >>>>>>>> >>>> >>>>>>>> >>>> The VPN tunnel establishes fine, and the VPN connector on his >>>>>>>> notebook get >>>>>>>> >>>> an >>>>>>>> >>>> address, of course, in the 192.168.110.100 to 192.168.110.199 >>>>>>>> range of the >>>>>>>> >>>> DHCP server on the SBS server. >>>>>>>> >>>> >>>>>>>> >>>> Once the tunnel is established, he can acess nothing on the SBS. >>>>>>>> This is to >>>>>>>> >>>> be >>>>>>>> >>>> expected as the address ranges are the same, does anyone have >>>>>>>> any bright >>>>>>>> >>>> idea's on how to get around this. The Director is yelling and >>>>>>>> screaming >>>>>>>> >>>> about >>>>>>>> >>>> not being able to get his e-mail. >>>>>>>> >>>> >>>>>>>> >>>> Unfortunately he is out out direct reach in another state, and >>>>>>>> has very >>>>>>>> >>>> little >>>>>>>> >>>> tolerance for such problems. >>>>>>>> >>>> >>>>>>>> >>>> Regards >>>>>>>> >>>> Glenn >>>>>>>> >>>> ------------------------------------------------------ >>>>>>>> >>>> List Archives: //www.freelists.org/archives/isalist/ >>>>>>>> >>>> ISA Server Newsletter: >>>>>>>> http://www.isaserver.org/pages/newsletter.asp >>>>>>>> >>>> ISA Server Articles and Tutorials: >>>>>>>> >>>> http://www.isaserver.org/articles_tutorials/ >>>>>>>> >>>> ISA Server Blogs: http://blogs.isaserver.org/ >>>>>>>> >>>> ------------------------------------------------------ >>>>>>>> >>>> Visit TechGenix.com for more information about our other >>>>>>>> sites: >>>>>>>> >>>> http://www.techgenix.com >>>>>>>> >>>> ------------------------------------------------------ >>>>>>>> >>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp >>>>>>>> >>>> Report abuse to listadmin@xxxxxxxxxxxxx >>>>>>>> >>>> >>>>>>>> >>>> >>>>>>>> >>>> >>>>>>> >>> >>>>>>> >>> >>>>>>> >>> ------------------------------------------------------ >>>>>>> >>> List Archives: //www.freelists.org/archives/isalist/ >>>>>>> >>> ISA Server Newsletter: >>>>>>> http://www.isaserver.org/pages/newsletter.asp >>>>>>> >>> ISA Server Articles and Tutorials: >>>>>>> >>> http://www.isaserver.org/articles_tutorials/ >>>>>>> >>> ISA Server Blogs: http://blogs.isaserver.org/ >>>>>>> >>> ------------------------------------------------------ >>>>>>> >>> Visit TechGenix.com for more information about our other sites: >>>>>>> >>> http://www.techgenix.com >>>>>>> >>> ------------------------------------------------------ >>>>>>> >>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp >>>>>>> >>> Report abuse to listadmin@xxxxxxxxxxxxx >>>>>>> >>> >>>>>>> >>> >>>>>>> >>> >>>>>> >> >>>>>> >> >>>>>> >> ------------------------------------------------------ >>>>>> >> List Archives: //www.freelists.org/archives/isalist/ >>>>>> >> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp >>>>>> >> ISA Server Articles and Tutorials: >>>>>> >> http://www.isaserver.org/articles_tutorials/ >>>>>> >> ISA Server Blogs: http://blogs.isaserver.org/ >>>>>> >> ------------------------------------------------------ >>>>>> >> Visit TechGenix.com for more information about our other sites: >>>>>> >> http://www.techgenix.com >>>>>> >> ------------------------------------------------------ >>>>>> >> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp >>>>>> >> Report abuse to listadmin@xxxxxxxxxxxxx >>>>>> >> >>>>>> >> >>>>>> >> >>>>> > >>>>> > >>>>> > ------------------------------------------------------ >>>>> > List Archives: //www.freelists.org/archives/isalist/ >>>>> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp >>>>> > ISA Server Articles and Tutorials: >>>>> > http://www.isaserver.org/articles_tutorials/ >>>>> > ISA Server Blogs: http://blogs.isaserver.org/ >>>>> > ------------------------------------------------------ >>>>> > Visit TechGenix.com for more information about our other sites: >>>>> > http://www.techgenix.com >>>>> > ------------------------------------------------------ >>>>> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp >>>>> > Report abuse to listadmin@xxxxxxxxxxxxx >>>>> > >>>>> > >>>>> > >>>> >>>> >>>> ------------------------------------------------------ >>>> List Archives: //www.freelists.org/archives/isalist/ >>>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp >>>> ISA Server Articles and Tutorials: >>>> http://www.isaserver.org/articles_tutorials/ >>>> ISA Server Blogs: http://blogs.isaserver.org/ >>>> ------------------------------------------------------ >>>> Visit TechGenix.com for more information about our other sites: >>>> http://www.techgenix.com >>>> ------------------------------------------------------ >>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp >>>> Report abuse to listadmin@xxxxxxxxxxxxx >>>> >>> >> >