http://www.ISAserver.org ------------------------------------------------------- Looks like I'm going to need to get me one of those. I've been lucky the last couple of years though -- I haven't encountered any hotels that didn't allow outbound PPTP and/or L2TP/IPSec. Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Glenn P. JOHNSTON > Sent: Wednesday, June 28, 2006 6:29 PM > To: isalist@xxxxxxxxxxxxx; isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Error establishing a VPN to the ISA server > > http://www.ISAserver.org > ------------------------------------------------------- > > The linksys unit Tom's link points at is infact the unit I > have taken to the Director in Melbourne. > > It's working a treat. > > But his still yelling and screaming, now about having to > carry and extra 500grams of weight home ! > > What an A. Hole ! > > I'm also suprised to see them using a 192.168.110.x range, > the reason I suggest them using something well away from the > common, 192.168.0.x, 192.168.1.x or 192.168.2.x range was > that most home BB routers 'out of the box' use these ranges, > as do the hotels I've come across in the past. I assumed, > incorrectly. that we'd be pretty safe moving well out of > these common addresses ranges > > Another one we came across a few weeks back, was the > inability to establish a VPN link, this user was far more > willing to be of assistance in sorting the issue. Turns out > the hotel's BB service was locked down, only allowing port 80 > or 443 through. Everything else was blocked. > > Fortunately, in that instance the user was quite happy to use > OWA for a few days. So it was only a minor issue. > > > ________________________________ > > From: isalist-bounce@xxxxxxxxxxxxx on behalf of Thomas W Shinder > Sent: Thu 29/Jun/2006 06:59 > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Error establishing a VPN to the ISA server > > > Or maybe this one? > > http://www-au.linksys.com/servlet/Satellite?c=L_Product_C2&chi > ldpagename=AU%2FLayout&cid=1130279436183&packedargs=site%3DAU& > pagename=Linksys%2FCommon%2FVisitorWrapper > > 4x1 inches. > > Thomas W Shinder, M.D. > Site: www.isaserver.org <http://www.isaserver.org/> > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> > MVP -- ISA Firewalls > > > > > ________________________________ > > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder > Sent: Wednesday, June 28, 2006 3:48 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Error establishing a VPN to the > ISA server > > > OK, like Thor said, you can only access the SBS box. Is > this the only requirement? > > One option is to enable RDP connections to the SBS box, > then within that RDP session, create a second RDP session to > the destination box. > > Pretty suboptimal. I'll go with Tim's idea and get a > NAT device out to the boss. > > Thomas W Shinder, M.D. > Site: www.isaserver.org <http://www.isaserver.org/> > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> > MVP -- ISA Firewalls > > > > > ________________________________ > > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder > Sent: Wednesday, June 28, 2006 2:19 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Error establishing a VPN > to the ISA server > > > > Or you can assign VPN clients the autonet > address in your VPN server configuration. I'm preparing an > article on how to do this. > > > > Tom > > > > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of D > PIETRUSZKA USWRN INTERLINK INFRA > Sent: Wednesday, June 28, 2006 1:20 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Error establishing a VPN > to the ISA server > > > > Why not just create two VPN's, one with 1 > subnet and the other one with another subnet, you won't have > this problem again no matter on which hotel your customer stay. > > For us OWA/RPC HTTP don't work because we use > RSA to authenticate user on OWA. > > > > Regards > > Diego R. Pietruszka > > > > ________________________________ > > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor > (Hammer of God) > Sent: Wednesday, June 28, 2006 1:57 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Error establishing a VPN > to the ISA server > > > > Until the one you switch to is on a 10. network > and all the work Tom did with the internal IP stuff is all > for naught. ;) > > I'm telling ya... This is becoming way more and > more common. I'm surprised to see this dude's hotel on > 192.168.110 (I really am) but it's actually becoming more > common for some of my people to be on conflicting nets, > particularly when they give you a 10.0.0.0 address on a > 255.0.0.0 subnet. Hence the need for a localized NAT > solution- OWA/RCPoHTTP is fine when all you need is email > stuff, but when you've got to be RDP'ing into multiple > servers, accessing SQL boxes, hitting VoIP equipment, etc., > publishing scenarios just don't cut it... > > I've tried lots of different things at varying > degrees of complexity (like a virtual pc install, Kerio > routing tricks, KY jelly, etc) but I've found that keeping > things limited to the "plug THIS into THAT, then plug THAT > into the OTHER THING" mentality is the best. > > That's really why most of my mobile people have > the high speed EVDO solutions (we use verizon) so that we > don't really have to worry about it. Hotel connections are > usually way faster, but EVDO works all the time (most of the > time, anyway). > > I can actually envision a market for a little > USB device that NAT's the connection all the time for the > true "road warrior" that spends a lot of time on other > people's networks. > > t > > > On 6/28/06 7:51 AM, "Jonathon J. Howey" > <Jonathon@xxxxxxxx> spoketh to all: > > A non-technical solution: Wouldn't it of been > easier to tell the Directory to switch hotels? :p > > But then that wouldn't be any fun for you guys... > > Jonathon J. Howey > MENSE Inc. > P 780.409.5620 > F 780.409.5621 > D 780.409.5628 > C 780.965.8363 > Jonathon@xxxxxxxx > > Defining the Future of Transportation > www.MENSE.ca <http://www.mense.ca/> > <http://www.mense.ca/> > > > > > > ________________________________ > > > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] > <mailto:isalist-bounce@xxxxxxxxxxxxx%5d> On Behalf Of Thomas > W Shinder > Sent: June 28, 2006 8:31 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Error establishing a VPN > to the ISA server > > Nice tip! > Thanks! > > Thomas W Shinder, M.D. > Site: www.isaserver.org > <http://www.isaserver.org/> <http://www.isaserver.org/> > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 > <http://tinyurl.com/3xqb7> <http://tinyurl.com/3xqb7> > MVP -- ISA Firewalls > > > > > > > > ________________________________ > > > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] > <mailto:isalist-bounce@xxxxxxxxxxxxx%5d> On Behalf Of Thor > (Hammer of God) > Sent: Wednesday, June 28, 2006 9:19 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Error establishing a > VPN to the ISA server > > > You'll still hit it. The router will be given > the local IP just like a lappy would, and you'll hit it via > the NAT'd connection. Do it all the time. > > t > > > On 6/28/06 6:51 AM, "Thomas W Shinder" > <tshinder@xxxxxxxxxxx> spoketh to all: > > > > What if that broadband router has to interact > with a log on page? > > Thomas W Shinder, M.D. > Site: www.isaserver.org > <http://www.isaserver.org/> <http://www.isaserver.org/> > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 > <http://tinyurl.com/3xqb7> <http://tinyurl.com/3xqb7> > MVP -- ISA Firewalls > > > > > > > > > > > ________________________________ > > > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] > <mailto:isalist-bounce@xxxxxxxxxxxxx%5d> On Behalf Of Glenn > P. JOHNSTON > Sent: Tuesday, June 27, 2006 11:18 PM > To: isalist@xxxxxxxxxxxxx > Subject: RE: [isalist] Re: Error establishing > a VPN to the ISA server > > > > Plan is, I am going to take; > > > > > 1. > 2. A linksys 4 port BB router, to plug > in between the hotels BB, and his notebook, which I think > will do the trick nicely. > 3. > 4. > 5. A wireless broadband card, just in case. > 6. > 7. > 8. A second notebook with the companys > SOE on it, also just in case. > 9. > 10. > 11. My Wife, it will be a nice little day > or two away for us. > > > > > > > > > ________________________________ > > > > > From: isalist-bounce@xxxxxxxxxxxxx on behalf > of Thor (Hammer of God) > Sent: Wed 28/Jun/2006 14:06 > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Error establishing a > VPN to the ISA server > > > > > http://www.ISAserver.org > ------------------------------------------------------- > > You gonna add a new IP to the server, bring a > little NAT router, or both? ;) > > t > > > On 6/27/06 9:00 PM, "Glenn P. JOHNSTON" > <glenn.johnston@xxxxxxxxxxx> spoketh > to all: > > > I don't believe it. > > > > I've just been offered a return first class > plane ticket, a nights > > accomodation, 2 nights if need be, all > expenses + how ever many hours it takes > > at my normal hourly rate to go see the > director in person and fix this for him > > so he can get his e-mail ! > > > > "Well I'll loose a whole day on this", > "Fine, then charge us for every hour > > your away, just get it fixed !" > > > > > > > > ________________________________ > > > > From: isalist-bounce@xxxxxxxxxxxxx on > behalf of Thor (Hammer of God) > > Sent: Wed 28/Jun/2006 13:45 > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: Error establishing a > VPN to the ISA server > > > > > > > > http://www.ISAserver.org > > > ------------------------------------------------------- > > > > OWA would be a great "backup" solution in > the rare case where the local > > Ethernet LAN is the same logical subnet as > their own offices, even if he > > couldn't sync. But, in your case of having > a jackass for a client, you're > > kind of stuck. > > > > An easier thing to do would be to get a > little Linksys NAT router to stick > > in between. Plug the hotel ethernet to the > "Internet" port, and plug the > > laptop into a "LAN" port. That way he'll > get a local 192.168.1 address and > > have no problems. Plus, there is no > configuration needed at all. The > > defaults will work just fine. Just plug it > in and go. > > > > t > > > > > > On 6/27/06 8:29 PM, "Glenn P. JOHNSTON" > <glenn.johnston@xxxxxxxxxxx> spoketh > > to all: > > > >> I'm told he refuses to use OWA as he can't > sync his mail with the OST on his > >> notebook. There is just no helping some > people, no matter how hard you try to > >> be helpful and solve their problem, they > just refuse all help on principle ! > >> > >> Also they passed on to me, that in his > yelling and screaming his demanding to > >> know 'Why someone did not realise this > would happen, and get it fixed before > >> hand, so I can get my e-mail" > >> > >> I really feel sorry for the IT guy at the > site, his early 20's, finished a > >> development oriented IT degree last year, > is quite bright really, but is > >> still > >> just learning the finer points of the > winserver environment, supporting XP > >> etc, and it working toward his MCSE, having > passed the first 2 exams in the > >> last couple of months. He reports to this > Director, and from what I can see, > >> gets one hell of a serve from him as soon > as anything a little bit odd > >> occurs. > >> > >> I can't see a away around this, without > the Director having to do something > >> out of the ordinary, which apparently, is > just not an option, and have just > >> told them that. > >> > >> I've suggested the only possibly way, I > can see, is to go out and purchase a > >> wireless broadband card from someone local, > get it on the net, set up a > >> notebook with it and his e-mail, and get it > express couriered to him. He'd > >> have it early eveing or first thing in the > morning. > >> > >> There was a chocking sound on the other > end of the phone, "but then he'd have > >> to carry 2 notebooks back ! " and "What do > I do if he gets it and it does not > >> work ?" .................................. > >> > >> Find another job came to mind.. > >> > >> ________________________________ > >> > >> From: isalist-bounce@xxxxxxxxxxxxx on > behalf of Thor (Hammer of God) > >> Sent: Wed 28/Jun/2006 12:49 > >> To: isalist@xxxxxxxxxxxxx > >> Subject: [isalist] Re: Error establishing > a VPN to the ISA server > >> > >> > >> > >> http://www.ISAserver.org > >> > ------------------------------------------------------- > >> > >> Well, it would have worked other than the > gw on the hotel being the same as > >> the SBS box... Bad luck there. But, I've > had to do this several times for > >> the exact same scenario with my people. > Seems the Marriott and I thought > >> alike in our IP schemes ;) > >> > >> You could always just add another IP > address to the SBS box (well, you could > >> if it were a "regular" server install-- I > don't know what you'd have to go > >> through on SBS to do that.) That would > work, though. > >> > >> Not much we can do about a guy who wants > to scream more than get the job > >> done, though. I'd tell him that if he > wanted his email to STFU and do what > >> was needed. It's not like it is anyone's > "fault." There are other options > >> you have, but they would all require him > doing *something*. > >> > >> I'm assuming that OWA is not an option for > some reason? > >> > >> t > >> > >> > >> On 6/27/06 7:37 PM, "Glenn P. JOHNSTON" > <glenn.johnston@xxxxxxxxxxx> spoketh > >> to all: > >> > >>> The internal IP of the SBS server is > 192.168.110.2, G/W on the hotel BB > >>> service is also 192.168.110.2 unfortunately ! > >>> > >>> I tried the static route on my home ADSL > service by changing the internal > >>> private IP to match the Hotel's to play > with, and everything else works, I > >>> can > >>> get to the internet and other clients > networks fine, but I can not get to > >>> anything on the remote network after the > tunnel is connected, of the client > >>> with the problem. > >>> > >>> Putting the static route in I doubt will > work anyway, the fellow will > >>> probably > >>> just yell and scream as soon as he is asked > to do anything remotely > >>> technical, > >>> expecting it to be magically fixed from this end. > >>> > >>> ________________________________ > >>> > >>> From: isalist-bounce@xxxxxxxxxxxxx on > behalf of Thor (Hammer of God) > >>> Sent: Wed 28/Jun/2006 12:27 > >>> To: isalist@xxxxxxxxxxxxx > >>> Subject: [isalist] Re: Error establishing > a VPN to the ISA server > >>> > >>> > >>> > >>> http://www.ISAserver.org > >>> > ------------------------------------------------------- > >>> > >>> All he has to do is set a static route > for the SBS box's IP to the gateway > >>> address of the VPN endpoint. > >>> > >>> IOW, if the SBS box is 192.168.110.101, > and his PPP VPN interface got > >>> assigned something like 192.168.110.11 > from the RRAS server (do an IP config > >>> to see what ip his PPP adapter is, or look > at the RRAS properties of the > >>> connection) then you would have him do a: > >>> > >>> ROUTE -p add 192.168.110.101 mask > 255.255.255.255 192.168.110.11 > >>> > >>> That way, when he attempts to access the > SBS server, the request will route > >>> down the VPN rather than broadcasting on > the "local" 192.168.110.x network. > >>> > >>> t > >>> > >>> > >>> On 6/27/06 7:13 PM, "Glenn P. JOHNSTON" > <glenn.johnston@xxxxxxxxxxx> spoketh > >>> to all: > >>> > >>>> http://www.ISAserver.org > >>>> > ------------------------------------------------------- > >>>> > >>>> Hi, > >>>> > >>>> Maybe, maybe not directly and ISA > question, and I've posted this in an SBS > >>>> forum as well, but you people are pretty > bright & I thought you might have > >>>> some worth while input on this. > >>>> > >>>> One of my clients has an issue with VPN > tunnel. This has been inplace since > >>>> Sunday afternoon, but they only rang me > this morning. > >>>> > >>>> One of their directors is at a week long > conference, and the Hotel where he > >>>> is > >>>> staying, has provides an in room > broadband service. > >>>> The BroadBand in the hotel is using a > 192.168.110.0/24 address range, the > >>>> internal address of the clients network > at the office is also a > >>>> 192.168.110.0/24 range. > >>>> > >>>> The VPN tunnel establishes fine, and > the VPN connector on his notebook get > >>>> an > >>>> address, of course, in the > 192.168.110.100 to 192.168.110.199 range of the > >>>> DHCP server on the SBS server. > >>>> > >>>> Once the tunnel is established, he can > acess nothing on the SBS. This is to > >>>> be > >>>> expected as the address ranges are the > same, does anyone have any bright > >>>> idea's on how to get around this. The > Director is yelling and screaming > >>>> about > >>>> not being able to get his e-mail. > >>>> > >>>> Unfortunately he is out out direct reach > in another state, and has very > >>>> little > >>>> tolerance for such problems. > >>>> > >>>> Regards > >>>> Glenn > >>>> > ------------------------------------------------------ > >>>> List Archives: > //www.freelists.org/archives/isalist/ > >>>> ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > >>>> ISA Server Articles and Tutorials: > >>>> http://www.isaserver.org/articles_tutorials/ > >>>> ISA Server Blogs: http://blogs.isaserver.org/ > >>>> > ------------------------------------------------------ > >>>> Visit TechGenix.com for more information > about our other sites: > >>>> http://www.techgenix.com > >>>> > ------------------------------------------------------ > >>>> To unsubscribe visit > http://www.isaserver.org/pages/isalist.asp > >>>> Report abuse to listadmin@xxxxxxxxxxxxx > >>>> > >>>> > >>>> > >>> > >>> > >>> > ------------------------------------------------------ > >>> List Archives: > //www.freelists.org/archives/isalist/ > >>> ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > >>> ISA Server Articles and Tutorials: > >>> http://www.isaserver.org/articles_tutorials/ > >>> ISA Server Blogs: http://blogs.isaserver.org/ > >>> > ------------------------------------------------------ > >>> Visit TechGenix.com for more information > about our other sites: > >>> http://www.techgenix.com > >>> > ------------------------------------------------------ > >>> To unsubscribe visit > http://www.isaserver.org/pages/isalist.asp > >>> Report abuse to listadmin@xxxxxxxxxxxxx > >>> > >>> > >>> > >> > >> > >> > ------------------------------------------------------ > >> List Archives: > //www.freelists.org/archives/isalist/ > >> ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > >> ISA Server Articles and Tutorials: > >> http://www.isaserver.org/articles_tutorials/ > >> ISA Server Blogs: http://blogs.isaserver.org/ > >> > ------------------------------------------------------ > >> Visit TechGenix.com for more information > about our other sites: > >> http://www.techgenix.com > >> > ------------------------------------------------------ > >> To unsubscribe visit > http://www.isaserver.org/pages/isalist.asp > >> Report abuse to listadmin@xxxxxxxxxxxxx > >> > >> > >> > > > > > > > ------------------------------------------------------ > > List Archives: > //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > > ------------------------------------------------------ > > Visit TechGenix.com for more information > about our other sites: > > http://www.techgenix.com > > > ------------------------------------------------------ > > To unsubscribe visit > http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > ------------------------------------------------------ > List Archives: > //www.freelists.org/archives/isalist/ > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information > about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit > http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx