[isalist] Re: Error establishing a VPN to the ISA server
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Thu, 6 Jul 2006 08:35:40 -0500
Hi Glenn,
This is why so-called "SSL VPN" is so popular, because there are less
than stellar types like those who run that hotel's BB network who
believe in the "Universal Firewall Ports" 80/443.
No problem. Install ORB (www.orb.com) on the machine he wants file
access too, configure the folders or drives you want to share (which I
assume is all of them) and away you go. He'll be able to access that
information via his browser at the hotel. BTW -- it's free.
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Glenn P. JOHNSTON
Sent: Thursday, July 06, 2006 7:18 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Error establishing a VPN to the ISA
server
Couple of days away with the wife was great !I recommend it to
any who can get some dope to pay for it.
Company has coughed up the dollars, which are in our account
tonight !
And, low and behold,
I have another user at a Hotel in Adelaide tonight, from the BB
in the room, only port 80 and 443 allowed, everything else is blocked.
They actually have a card attached to the cable that says 'only web
browsing is allowed' from this connection.
This is getting dammed annoying !
What use is a BB in a hotel room to a corporate traveller, if
the only thing allowed is web browsing, and they charge $17.50 / night
for the privilege ?
Anyone have any leads on if there is some program out there that
will allow connection through port 80, and allow file downloads. This
guy was to download a PowerPoint presentation his secretary had updated
today, for a client tomorrow.
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of D PIETRUSZKA USWRN
INTERLINK INFRA
Sent: Wednesday, 28 June 2006 11:48 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Error establishing a VPN to the ISA
server
I guess he want those two days away with his wife ;-)
Regards
Diego R. Pietruszka
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Lists
Sent: Wednesday, June 28, 2006 12:31 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Error establishing a VPN to the ISA
server
What about Tom's earlier suggestion if he only needs his e-mail
to use Outlook 2003 with RPC/HTTP and eliminate the VPN? Very
easily/nicely setup with SBS 2003.
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Glenn P. JOHNSTON
Sent: Tuesday, June 27, 2006 9:18 PM
To: isalist@xxxxxxxxxxxxx
Subject: RE: [isalist] Re: Error establishing a VPN to the ISA
server
Plan is, I am going to take;
1. A linksys 4 port BB router, to plug in between the
hotels BB, and his notebook, which I think will do the trick nicely.
2. A wireless broadband card, just in case.
3. A second notebook with the companys SOE on it, also just
in case.
4. My Wife, it will be a nice little day or two away for
us.
________________________________
From: isalist-bounce@xxxxxxxxxxxxx on behalf of Thor (Hammer of
God)
Sent: Wed 28/Jun/2006 14:06
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Error establishing a VPN to the ISA
server
http://www.ISAserver.org
-------------------------------------------------------
You gonna add a new IP to the server, bring a little NAT router,
or both? ;)
t
On 6/27/06 9:00 PM, "Glenn P. JOHNSTON"
<glenn.johnston@xxxxxxxxxxx> spoketh
to all:
> I don't believe it.
>
> I've just been offered a return first class plane ticket, a
nights
> accomodation, 2 nights if need be, all expenses + how ever
many hours it takes
> at my normal hourly rate to go see the director in person and
fix this for him
> so he can get his e-mail !
>
> "Well I'll loose a whole day on this", "Fine, then charge us
for every hour
> your away, just get it fixed !"
>
>
>
> ________________________________
>
> From: isalist-bounce@xxxxxxxxxxxxx on behalf of Thor (Hammer
of God)
> Sent: Wed 28/Jun/2006 13:45
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Error establishing a VPN to the ISA
server
>
>
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> OWA would be a great "backup" solution in the rare case where
the local
> Ethernet LAN is the same logical subnet as their own offices,
even if he
> couldn't sync. But, in your case of having a jackass for a
client, you're
> kind of stuck.
>
> An easier thing to do would be to get a little Linksys NAT
router to stick
> in between. Plug the hotel ethernet to the "Internet" port,
and plug the
> laptop into a "LAN" port. That way he'll get a local
192.168.1 address and
> have no problems. Plus, there is no configuration needed at
all. The
> defaults will work just fine. Just plug it in and go.
>
> t
>
>
> On 6/27/06 8:29 PM, "Glenn P. JOHNSTON"
<glenn.johnston@xxxxxxxxxxx> spoketh
> to all:
>
>> I'm told he refuses to use OWA as he can't sync his mail with
the OST on his
>> notebook. There is just no helping some people, no matter how
hard you try to
>> be helpful and solve their problem, they just refuse all help
on principle !
>>
>> Also they passed on to me, that in his yelling and screaming
his demanding to
>> know 'Why someone did not realise this would happen, and get
it fixed before
>> hand, so I can get my e-mail"
>>
>> I really feel sorry for the IT guy at the site, his early
20's, finished a
>> development oriented IT degree last year, is quite bright
really, but is
>> still
>> just learning the finer points of the winserver environment,
supporting XP
>> etc, and it working toward his MCSE, having passed the first
2 exams in the
>> last couple of months. He reports to this Director, and from
what I can see,
>> gets one hell of a serve from him as soon as anything a
little bit odd
>> occurs.
>>
>> I can't see a away around this, without the Director having
to do something
>> out of the ordinary, which apparently, is just not an option,
and have just
>> told them that.
>>
>> I've suggested the only possibly way, I can see, is to go out
and purchase a
>> wireless broadband card from someone local, get it on the
net, set up a
>> notebook with it and his e-mail, and get it express couriered
to him. He'd
>> have it early eveing or first thing in the morning.
>>
>> There was a chocking sound on the other end of the phone,
"but then he'd have
>> to carry 2 notebooks back ! " and "What do I do if he gets it
and it does not
>> work ?" ..................................
>>
>> Find another job came to mind..
>>
>> ________________________________
>>
>> From: isalist-bounce@xxxxxxxxxxxxx on behalf of Thor (Hammer
of God)
>> Sent: Wed 28/Jun/2006 12:49
>> To: isalist@xxxxxxxxxxxxx
>> Subject: [isalist] Re: Error establishing a VPN to the ISA
server
>>
>>
>>
>> http://www.ISAserver.org
>> -------------------------------------------------------
>>
>> Well, it would have worked other than the gw on the hotel
being the same as
>> the SBS box... Bad luck there. But, I've had to do this
several times for
>> the exact same scenario with my people. Seems the Marriott
and I thought
>> alike in our IP schemes ;)
>>
>> You could always just add another IP address to the SBS box
(well, you could
>> if it were a "regular" server install-- I don't know what
you'd have to go
>> through on SBS to do that.) That would work, though.
>>
>> Not much we can do about a guy who wants to scream more than
get the job
>> done, though. I'd tell him that if he wanted his email to
STFU and do what
>> was needed. It's not like it is anyone's "fault." There are
other options
>> you have, but they would all require him doing *something*.
>>
>> I'm assuming that OWA is not an option for some reason?
>>
>> t
>>
>>
>> On 6/27/06 7:37 PM, "Glenn P. JOHNSTON"
<glenn.johnston@xxxxxxxxxxx> spoketh
>> to all:
>>
>>> The internal IP of the SBS server is 192.168.110.2, G/W on
the hotel BB
>>> service is also 192.168.110.2 unfortunately !
>>>
>>> I tried the static route on my home ADSL service by changing
the internal
>>> private IP to match the Hotel's to play with, and everything
else works, I
>>> can
>>> get to the internet and other clients networks fine, but I
can not get to
>>> anything on the remote network after the tunnel is
connected, of the client
>>> with the problem.
>>>
>>> Putting the static route in I doubt will work anyway, the
fellow will
>>> probably
>>> just yell and scream as soon as he is asked to do anything
remotely
>>> technical,
>>> expecting it to be magically fixed from this end.
>>>
>>> ________________________________
>>>
>>> From: isalist-bounce@xxxxxxxxxxxxx on behalf of Thor (Hammer
of God)
>>> Sent: Wed 28/Jun/2006 12:27
>>> To: isalist@xxxxxxxxxxxxx
>>> Subject: [isalist] Re: Error establishing a VPN to the ISA
server
>>>
>>>
>>>
>>> http://www.ISAserver.org
>>> -------------------------------------------------------
>>>
>>> All he has to do is set a static route for the SBS box's IP
to the gateway
>>> address of the VPN endpoint.
>>>
>>> IOW, if the SBS box is 192.168.110.101, and his PPP VPN
interface got
>>> assigned something like 192.168.110.11 from the RRAS server
(do an IP config
>>> to see what ip his PPP adapter is, or look at the RRAS
properties of the
>>> connection) then you would have him do a:
>>>
>>> ROUTE -p add 192.168.110.101 mask 255.255.255.255
192.168.110.11
>>>
>>> That way, when he attempts to access the SBS server, the
request will route
>>> down the VPN rather than broadcasting on the "local"
192.168.110.x network.
>>>
>>> t
>>>
>>>
>>> On 6/27/06 7:13 PM, "Glenn P. JOHNSTON"
<glenn.johnston@xxxxxxxxxxx> spoketh
>>> to all:
>>>
>>>> http://www.ISAserver.org
>>>> -------------------------------------------------------
>>>>
>>>> Hi,
>>>>
>>>> Maybe, maybe not directly and ISA question, and I've posted
this in an SBS
>>>> forum as well, but you people are pretty bright & I thought
you might have
>>>> some worth while input on this.
>>>>
>>>> One of my clients has an issue with VPN tunnel. This has
been inplace since
>>>> Sunday afternoon, but they only rang me this morning.
>>>>
>>>> One of their directors is at a week long conference, and
the Hotel where he
>>>> is
>>>> staying, has provides an in room broadband service.
>>>> The BroadBand in the hotel is using a 192.168.110.0/24
address range, the
>>>> internal address of the clients network at the office is
also a
>>>> 192.168.110.0/24 range.
>>>>
>>>> The VPN tunnel establishes fine, and the VPN connector on
his notebook get
>>>> an
>>>> address, of course, in the 192.168.110.100 to
192.168.110.199 range of the
>>>> DHCP server on the SBS server.
>>>>
>>>> Once the tunnel is established, he can acess nothing on the
SBS. This is to
>>>> be
>>>> expected as the address ranges are the same, does anyone
have any bright
>>>> idea's on how to get around this. The Director is yelling
and screaming
>>>> about
>>>> not being able to get his e-mail.
>>>>
>>>> Unfortunately he is out out direct reach in another state,
and has very
>>>> little
>>>> tolerance for such problems.
>>>>
>>>> Regards
>>>> Glenn
>>>> ------------------------------------------------------
>>>> List Archives: //www.freelists.org/archives/isalist/
>>>> ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
>>>> ISA Server Articles and Tutorials:
>>>> http://www.isaserver.org/articles_tutorials/
>>>> ISA Server Blogs: http://blogs.isaserver.org/
>>>> ------------------------------------------------------
>>>> Visit TechGenix.com for more information about our other
sites:
>>>> http://www.techgenix.com
>>>> ------------------------------------------------------
>>>> To unsubscribe visit
http://www.isaserver.org/pages/isalist.asp
>>>> Report abuse to listadmin@xxxxxxxxxxxxx
>>>>
>>>>
>>>>
>>>
>>>
>>> ------------------------------------------------------
>>> List Archives: //www.freelists.org/archives/isalist/
>>> ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
>>> ISA Server Articles and Tutorials:
>>> http://www.isaserver.org/articles_tutorials/
>>> ISA Server Blogs: http://blogs.isaserver.org/
>>> ------------------------------------------------------
>>> Visit TechGenix.com for more information about our other
sites:
>>> http://www.techgenix.com
>>> ------------------------------------------------------
>>> To unsubscribe visit
http://www.isaserver.org/pages/isalist.asp
>>> Report abuse to listadmin@xxxxxxxxxxxxx
>>>
>>>
>>>
>>
>>
>> ------------------------------------------------------
>> List Archives: //www.freelists.org/archives/isalist/
>> ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
>> ISA Server Articles and Tutorials:
>> http://www.isaserver.org/articles_tutorials/
>> ISA Server Blogs: http://blogs.isaserver.org/
>> ------------------------------------------------------
>> Visit TechGenix.com for more information about our other
sites:
>> http://www.techgenix.com
>> ------------------------------------------------------
>> To unsubscribe visit
http://www.isaserver.org/pages/isalist.asp
>> Report abuse to listadmin@xxxxxxxxxxxxx
>>
>>
>>
>
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other
sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit
http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
